Cyware Intel Exchange helps security teams transform from being merely threat-informed to having a threat-driven intelligence program. It addresses critical challenges faced by organizations, such as difficulty in aggregating threat intelligence from multiple sources, risks associated with manual ingestion and correlation, and the lack of bidirectional sharing capabilities. The platform automates the threat intelligence lifecycle, contextualizes threat analysis, facilitates proactive action, and enables seamless bidirectional sharing of threat intelligence. The solution allows for the ingestion of structured and unstructured threat data in various formats from a multitude of sources, including commercial feeds, OSINT, ISACs/ISAOs, SIEMs, and EDR/NDR systems. It automates the entire threat intelligence lifecycle, from ingestion and correlation to enrichment, analysis, sharing, and actioning. Cyware Intel Exchange features an advanced correlation engine and customizable scoring mechanisms to prioritize threats by enriching raw data with context from integrated sources like VirusTotal and Mandiant. It enables automated operationalization of scored threat intelligence across an organization's security stack, including firewalls, EDR, and SIEM, to take immediate action against identified threats, such as blocking malicious domains or isolating compromised systems.

Features & Benefits

• Automated Threat Intelligence Lifecycle
  • Automates the entire threat intelligence lifecycle from ingestion, enrichment, correlation, analysis, actioning, and sharing using an advanced predictive automation engine.
• Comprehensive Threat Data Ingestion
  • Ingests structured and unstructured threat data in multiple formats from diverse sources, including commercial feeds, OSINT, ISACs/ISAOs, and regulatory bodies.
    • Format-agnostic ingestion (STIX 1.x/2.x, MISP, MAEC, XML, CSV, YARA, OpenIOC, Email, etc.)
    • High-volume IOC ingestion from internal and external sources
    • Regulatory intel ingestion from CERTs, government entities, and sectoral communities
• Intelligent Enrichment & Prioritization
  • Automates the process of enriching raw data with additional context and leverages an advanced correlation engine with custom rules to score IOCs for threat prioritization.
    • Confidence Score Engine to evaluate signal-to-noise ratio
    • Adaptive enrichment from multiple integrated sources (VirusTotal, Mandiant, Shodan, etc.)
• Automated Actioning & Integrations
  • Operationalizes scored threat intelligence in detection and response platforms to take immediate action against identified threats.
    • Automated actioning across security stack (Firewalls, EDR, SIEM, IPS/IDS)
    • Flexible integrations with detection, response, and IT platforms
• Bidirectional Threat Intelligence Sharing
  • Enables secure and compliant sharing of threat intelligence across trusted communities.
    • STIX/TAXII compliant Hub and Spoke sharing model
    • Custom Threat Bulletins in STIX and PDF formats
• Advanced Threat Analysis & Investigation
  • Provides tools and models for in-depth analysis and investigation of aggregated threat data.
    • Visual Threat Investigations with detailed views and relations
    • Diamond Model of Intrusion Analysis
    • Cyware Query Language (CQL) for sophisticated data retrieval
    • ATT&CK Navigator for visualizing MITRE ATT&CK mapping
    • Threat Intel Crawler browser extension with ML/NLP
    • IP and Domain Lookup integration
    • Geo Tagging for geographical trend analysis
    • Analyst Watchlist for brand-specific threat monitoring
    • Machine Learning-Based Analysis for automated data polling and relationship establishment
• Centralized Visibility & Reporting
  • Offers comprehensive dashboards and reporting capabilities for end-to-end management and insights.
    • Centralized Threat Dashboards for complete visibility and governance
    • Personalized Reporting with custom widgets for various stakeholders
    • Multi-Level Intel View for different organizational roles
    • Finished Reports generation with tags, TLP, MITRE ATT&CK mapping