How Cyware’s Threat Intelligence Platform Enables Organizations to Extract Actionable Insights to Protect Their Servers and Networks

TL; DR: Cyware helps organizations build solutions that enable end-to-end threat intelligence automation, sharing, and response. The company aims to transform security operations with its Virtual Cyber Fusion Center platform and incorporates next-generation SOAR and threat intelligence solutions for security teams. It works with government agencies and businesses in a variety of industries to help reduce costs and employee stress, and increase cyber attack response efficiency.

Organizations have learned that their cyber defenses must evolve to counteract the constantly changing landscape they confront daily. That is especially relevant regarding cyber threat intelligence. The process began as information gathering to help cyber defense teams better understand their adversaries and the likely pattern of attack.

Now, threat intelligence means collecting relevant data from disparate sources and converting it into actionable, high-yield insights. Threat intelligence should integrate directly into an organization’s security operations and share seamlessly with stakeholders inside and outside the business.

The process can highlight emergent cyber threats and enable security operation centers (SOCs) to prioritize alerts, upgrade resources, and make well-informed, timely decisions. The growing importance of threat intelligence management technology is reflected in its burgeoning market value. One research firm forecasts the global market size for threat intelligence solutions to reach $16.1 billion by 2025.

Until recently, threat intelligence has been hampered by siloed data within enterprise SOC and lack of communication with industry bodies that gather and share cyber threat information.

Cyware helps enterprise cybersecurity teams build hosted cyber intelligence processing capabilities. The New York-based SaaS provider offers a solutions suite based on its Virtual Cyber Fusion Center platform. It incorporates next-generation SOAR (security orchestration, automation, and response) technology to enable secure collaboration, information sharing, and enhanced threat visibility.

Cyware serves a wide range of customers in both commercial enterprises and government sectors. It distinguishes itself from other solutions through its relationships with leading sector-specific sharing communities, including Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs) worldwide.

“Information sharing communities foster the development of the next generation of cyber security by enabling collective defense between diverse organizations,” said Thomas Bain, Cyware VP of Marketing. “Therefore, it’s increasingly critical that participating organizations adopt a shared understanding of the attributes of threat intelligence.”

Cyware customers primarily share threat intelligence through its Virtual Cyber Fusion platform. The platform comprises four focused solutions: Cyware Threat Intelligence eXchange (CTIX) Enterprise, CTIX Lite, CTIX Spoke, and Cyware Situational Awareness Platform (CSAP).

CTIX is an enterprise threat intelligence platform that enables users to ingest, enrich, analyze, and share threat data. Cyware customers can deploy an automated end-to-end and bidirectional sharing solution through CTIX Enterprise with their stakeholders or — in the case of ISACs — their members.

CTIX Lite is designed for mid-market ISAC members that require preinstalled premium intelligence feeds, enrichment, and automation capabilities. ISAC members can also share threat intelligence back to their hubs. CTIX Spoke caters to ISACs with a deployed “hub-and-spoke” solution through CTIX Enterprise, allowing members to send intelligence back to the parent hub for analysis.

Cyware offers a range of other hosted solutions in its portfolio for data and threat intelligence sharing. They are all designed with efficiency in mind and encourage more connections to stay ahead of cybercriminals.

According to Cyware, Virtual Cyber Fusion adds value because it facilitates collaboration across all security teams managing cybersecurity operations within an organization.

“It lets them work as a single team during threat response,” said Thomas. “That results in better response times, higher confidence in actionable threat intelligence, improved productivity, and reduced operating costs.”

The company’s approach focuses on what it sees as the next generation of SOAR (Security Orchestration, Automation and Response): software stacks that enable organizations to collect inputs monitored by the SOC.

“Innovating around SOAR doesn’t sound so exciting on the surface because most people do not associate SOAR with stopping cyberattacks,” Thomas said. “But we believe there’s a lot in that direction to be gained.”

Cyware adds a layer of threat intelligence to SOAR and allows it to share and collaborate around threat intelligence within its architecture. The company also adds value by customizing those SOAR solutions to meet customer needs.

“Through our hosted tools, we can understand certain challenges that a customer is experiencing,” Thomas said. “That’s not just relative to optimization of their SecOps team but also to what we’re doing to bring more continuity and cohesion to SecOps.”

Cyware has gained recognition for its achievements leveraging SOAR. In September 2021, Cyware won the Overall SOAR Solution Provider of the Year honor at the fifth annual CyberSecurity Breakthrough Awards.

Cyware currently serves 70 customers worldwide, and 17 are ISACs, according to Thomas.

“There are many different industry ISACs, and they are all at various levels of threat intelligence sharing capability and technical acumen,” Thomas said. “We are trying to level the playing field for them, standardize their outputs on our technology, and include it in a way they can share easily. The more sources you hook up to the Cyware platform, the more our customers benefit.”

Cyware’s most recent strategic partnership is with the Aviation Information Sharing and Analysis Center (A-ISAC), the global consortium for cybersecurity information sharing across the aviation sector. Its members include companies that contract directly with the U.S. Department of Defense, so A-ISAC is a trusted point of coordination around cyber threats for the global aviation community.

A-ISAC and its members can leverage Cyware’s Cyber Fusion platform to run more efficient end-to-end security automation, cybersecurity operations, threat hunting, and incident response programs.

Early in 2021, Cyware partnered with the Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC). The organization used Cyware’s CSAP and CTIX modules, allowing members to share threat intelligence automatically. That information included indicators of compromise (IOCs), malware alerts, vulnerability advisories, security incidents, and other attacks targeting the global maritime community.

Another area where Cyware solutions can empower enterprises is IT. The company has entered into an integration partnership with IT and security operations automation company Ivanti, whose flagship cloud-based Neurons solution automates enterprise IT processes — including cybersecurity.

The deal sees the Cyber Fusion Center platform integrated into Ivanti’s software to reduce the cost of manual processes and automate IT Ops and SecOps workflows. It all comes together to bring what the vendors describe as an autonomous edge.

As the transformative growth of digital organizations explodes, it places greater pressure on IT Ops to manage more tickets, identify assets, and protect employees and devices.

“One of the things we do with the Ivanti integration is bridge the gap between IT Ops and SecOps to help IT teams build a more collaborative, centralized approach to delivering contextual visibility, availability, data integrity, and resiliency,” Thomas said.

That integration also helps joint customers connect the dots for unified, automated workflows. These include activating service management processes, orchestrating asset discovery, and automatically responding to threats across hybrid enterprise environments.

“I think the partnership represents another kind of fusion — the fusion of the CISO and CIO roles,” Thomas said. “It seems that these two executive officers are destined to come together for joint operations, which will have fascinating implications for solutions vendors in both the cybersecurity and IT markets.”

Although it launched only five years ago in a competitive market, Cyware brings fresh thinking to the challenging cybersecurity industry. Its focus on ISACs and ISAOs reinforces the technological resolve of those organizations and offers an appealing go-to-market strategy for Cyware’s commercial requirements.

One of Cyware’s guiding beliefs is that, as the roles of cybersecurity and SecOps teams become more prominent, its approach to incident response will move from reactive to proactive. The SOCs of tomorrow will collaborate and interact at more levels. They will also have more responsibility for threat intelligence that identifies risks and helps define business objectives.

“The primary snag with threat intelligence has been that it can prove a huge and unwieldy nightmare. If organizations and industries do not have governing objectives around what they do with their repositories of threat intelligence and how they use it, it becomes almost useless,” said Thomas. “Unless you standardize on a common platform like Cyware so you can analyze threat intelligence data in a certain way, you really cannot use it to derive true value.”

Thomas also said he expects the next generation of threat intelligence to enable security teams to effectively predict and prevent threats at their earliest inception and promote proactive threat response.