Data gathering without correlation or context is simply information. Information without analysis is, perhaps, interesting but doesn’t provide a full picture of a situation and therefore doesn’t allow the recipient of the information to make informed decisions or act upon the information. Similarly, cyber threat intelligence is a cumulative outcome of several processes including information collection, aggregation, correlation, and contextualization. The entire purpose of leveraging cyber threat intelligence is to enable security and executive teams to make tactical and strategic risk decisions and act (if necessary) upon emerging threats.
This latter set of requirements has become standard for threat intelligence and security analysts. Basic intelligence tools are a thing of the distant past, and today it’s almost an imperative for security teams to leverage solutions that work in an integrated manner to enable collection, situational awareness, enrichment, analysis, orchestration, and triage and response workflows. The best of the threat intelligence platforms bring data together in a virtual environment whereby intelligence analysts and SOC operators can collaborate in real time and prevent threat indicators from becoming incidents.
Anuj Goel, co-founder and CEO of Cyware, knew this is what he wanted to build when he served as the Head of Global Cyber Strategy and Chief of Staff to the CISO at Citigroup. Anuj had an opportunity to take a closer look at the security needs of the industry and a common theme kept coming to mind. “Although most companies have plenty of security tools and staff, they lack the capabilities to integrate and communicate with each other to create a stronger, collective defense. While major financial and telecom organizations have already adopted the proven cyber fusion solution, something that ties together security operations and threat intelligence activities, a large percentage of companies are yet to learn from their experiences and implement fusion processes and tools to stay ahead of the threat,” he said during a recent conversation.
His idea was to start a company to build a virtual cyber fusion solution which accomplished all the positive attributes of brick and mortar fusion centers, but without the exponential cost. “I wanted to make sure whatever we built at Cyware incorporated information sharing, end-to-end automation, and threat response capabilities,” he said. “Too many cyber security tools are reactive, and while reactive technologies are necessary, the aim of threat intelligence is preventing as many threats as possible.”
The company’s offerings can be broken into five integrated and modular products, which, at the enterprise platform level, all come together to form Goel’s concept of an overall cyber fusion solution. The Situational Awareness Platform automates strategic threat intelligence collection, aggregation, enrichment, alerting, and sharing. The threat intelligence eXchange is a threat intelligence platform (TIP) that allows for bi-directional consumption and dissemination of technical threat intelligence, including attackers’ tactics, techniques, and procedures (TTPs). The “lite” version of the eXchange/TIP platform is suited for organizations that don’t have in-house intelligence handling capabilities but want to start collecting and analyzing intelligence. The Threat Response Automation platform combines malware management, incident investigation and response capabilities, TTP tracking using the MITRE ATT&CK, vulnerability management, and orchestrated contextualization via pattern and trend mapping. And last but not least is the Security Orchestration Layer, which allows operations teams to see across deployment environments, identify and triage events, and implement playbooks.
Cyware’s platforms come with the capability to ingest data via RESTful APIs from over 300 tool integrations and over two dozen technology partners, including several other leading threat intelligence feed providers.
Though the intelligence and SOAR spaces are crowded, Cyware’s executive team and board of directors is best-in-class. As a young company founded just four years ago, Cyware has a lot of industry star power behind its strategy and product development. We expect to see impressive things from Goel and team in the near future, but the only way to know if Cyware is right for your company is to try one or all of the platforms, themselves, With the lite version of the threat intelligence eXchange available and accessible for any size team, at any level of intel maturity, it shouldn’t be beyond any company’s reach to implement threat intelligence products and services. For more sophisticated threat intelligence organizations, Cyware has those options too.