Open-source options offer increased SOC tool interoperability

Anecdotal evidence of security operations center (SOC) tool overload is overwhelming — at CSO we hear complaints from industry sources about this problem all the time — but the 2019 SANS SOC Survey attempted to quantify the problem. For most survey respondents, there were roughly equal numbers of SOC analysts as there were full-time employees tasked with maintaining the SOC security tools. That’s on top of the expense of purchasing those security tools in the first place.

To solve this problem, IBM and McAfee launched the Open Cybersecurity Alliance (OCA) in October 2019. Together they have released two open-source projects meant to improve interoperability among enterprise security tools. One, STIX Shifter, enables federated search for indicators of compromise (IoC) across different security tools. The other, OpenDXL, is an open messaging format so that tools can share information, notifications and commands in a standardized way.

To read this article in full, please click here

Read more: Open-source options offer increased SOC tool interoperability

Story added 11. March 2020, content source with full text you can find at link above.