How OpenDXL Ontology could change your technology stack

OpenDXL Ontology

One of the most common subjects on this blog is cybersecurity. It’s by no means all we do as a managed IT provider; but, when your #1 goal is uninterrupted uptime for your clients, security breaches rank pretty high on the list of things we have to watch out for. It’s also the space within our industry that sees the most change week in and week out — threat vectors multiply, as do the severity and cunning of their attacks. And one of the weakest points in any cybersecurity defense system is the gaps, handshakes and handoffs interrelated systems make to one another throughout your technology stack. Your servers talk to your terminals, which work with email clients, which connect to mobile devices and so on. Each system, each vendor, each handshake is a potential vulnerability for hackers to attack. But, a cybersecurity alliance just released a new, open-source language framework — OpenDXL Ontology — to bridge those gaps, and make all your cybersecurity tools a seamless web of security.

What is OpenDXL Ontology, and who’s behind it?

Developed by the Open Cybersecurity Alliance (OCA) — a consortium of cybersecurity firms including IBM, Crowdstrike, and McAfee — OpenDXL Ontology is described as the “first open source language for connecting cybersecurity tools through a common messaging framework.”

According to ZDNet, OpenDXL Ontology aims to “create a common language between cybersecurity tools and systems by removing the need for custom integrations between products that can be most effective when communicating with each other — such as endpoint systems, firewalls, and behavior monitors — but suffer from fragmentation and vendor-specific architecture.”

Essentially, plugging those gaps we mentioned earlier. If all of them use the same language framework to interact with each other, the security handoffs can be seamless and harder to breach.

In its release note, the OCA noted a use case that could prove beneficial to businesses everywhere: “For example, if a certain tool that detects a compromised device, it could automatically notify all other tools and even quarantine that device using a standard message format readable by all … While previously this was only possible with custom integrations between individual products, it will now be automatically enabled between all tools that adopt OpenDXL Ontology.”

What does that mean for my business?

As with any new programming language, platform or security tool, members of the open source community and managed IT providers like Leverage will need to vet the new protocol — essentially ensuring it does what it says it can. Then, many of the vendors and systems we recommend and support will likely begin integrating this language into the services and systems you already rely on. Luckily for our clients, we manage updates and new implementations like this. So for most of you, there won’t be any noticeable difference when we do implement the new protocol, save for a more secure technology stack for years to come.

But, for those inclined, OpenDXL Ontology is now available on Github.