Expanding Intel Security Innovation Alliance sees momentum in Open DXL

Intel Security showcased its year-old alliance of vendors involved in integrations around DXL. Optimism was strong that the newly announced Open DXL would amplify its value to these partners.


D.J. Long, head of the Intel Security Innovation Alliance

LAS VEGAS – Intel Security’s announcement that it is going to open source its Data Exchange Layer (DXL) was one of the highlights of the first day at its Focus Security Conference here. DXL is a messaging bus which that provides a cross-vendor standardized application framework for the sharing of threat intelligence in real time. Intel Security has opened it up so that everyone, including competitors, will have no hesitation about using it, since it will no longer be ‘their’ technology.

Members of the Intel Security Innovation Alliance [ISIA] are particularly exhilarated about the concept. The Alliance is comprised of vendors who either have DXL technology integrations, or who are actively developing them, and was unveiled a year ago at this same conference.

Since last year, when the founding partners were unveiled at the conference, the number of partners in the ISIA – whose name will remain the same even after Intel Security becomes McAfee next year – has doubled overall.

“This shows the importance of DXL as an enabling technology,” said D.J. Long, head of the Intel Security Innovation Alliance. “Embracing DXL is the fundamental premise of the ISIA. We are perfectly willing to work with competitors of ours, to integrate them into Open DXL for the benefit of our joint customers.”

Intel Security highlighted several integrations recently developed with ISIS members. These include an integration between Check Point’s firewall and McAfee DXL and McAfee Threat Intelligence Exchange, which enables intelligence sharing and workflow optimization.

“We also work with Intel and Aruba around threat detection,” said Jason Min, Head of Global Business Development at Check Point. “Working together is more beneficial when it is with these kinds of larger partners with many years experience.”

HP Aruba has also done an integration between their ClearPass product and the McAfee ePolicy Orchestrator (ePO) and McAfee Enterprise Security Manager (ESM) products around threat intelligence sharing, and automatic detection and remediation.

“The information we obtain through the ePO solution is critical here,” said Trent Fiero, Director of Security Marketing, at HPE Aruba.

Intel Security highlighted the partnership with original ISIA partner MobileIron. Their joint integration of solutions have addressed extending data protection to mobile devices, as well as mobile threat protection, and the unifying of admin workflows and user experience between mobile and endpoint devices. Intel Security also drew attention to a newer partnership with Huawei, which will work to provide dynamic behavior analytics and intelligence sharing through indicators of compromise data alerts to McAfee DXL and McAfee TIE. ISIA partners using user behavior analytics (UBA) through integration with McAfee ESM include CyberArk, Exabeam, Fortscale, Gurucul, Niara and Securonix.

ISIA head Long indicated that it was too early to determine if the decision to open up DXL means that Intel Security will be willing to let it be governed by a standards body.

“We are, however, committed to openness, which is very different from what we originally announced last year,” he stressed.

ISIA vendor partners believe the decision to open DXL up will greatly improve its value to them.

Paul Reid, Technology Strategist at Interset, said that ISIA always has had value, but that it would now be extended.

“We are a Big Data company that does user behavior and analytics and does things at massive scale,” he said. “It comes down to our strength at mathematics to catch bad guys – and knowing the questions to ask. The alliance helps us there by giving us access to data sources and things we might not otherwise get. Open DXL will bring new and innovative ways to assist customers that we haven’t seen before.”

“Open DXL will let us better contextualize our solutions,” said Ashley Seamans, ‎Director, Global Channel Operations at ‎Rapid7. “We share the view of Intel Security that closing the gap between prevention, protection and correction is incredibly important.”

Long also noted that the extension of creative juices is likely to provide new applications of DXL technology.

“The idea of applying DXL alerts to the Internet of Things hasn’t gotten any buzz at all,” he said. “But it makes sense that companies could theoretically embrace DXL in that context. It just hasn’t been the focus to date.”