We use cookies to improve your experience. Do you accept?

Skip to main content

Accelerate Investigation and Build Contextualized Threat Intel with Cyware Threat Intelligence eXchange

Accelerate Investigation and Build Contextualized Threat Intel with Cyware Threat Intelligence eXchange - Featured Image

Threat Investigations May 19, 2022

Security teams often face challenges with the structured investigation, absence of team collaboration, and unorganized threat data. The Cyware Threat Intelligence eXchange (CTIX) version 3.1, solves these challenges with a new Threat Investigations feature that enables security analysts to collaborate and share insights on threat investigation in real-time.

Benefits of Threat Investigations

In the chaotic world of cyber threats, the Threat Investigations feature fortifies the capabilities of security teams in several ways:

  • Real-time Investigation: The Threat Investigations feature enables security analysts to view all the threat data in a single pane through intuitive graphical representations, effortlessly exploring details and conducting investigations in real-time. The feature supports Diamond Model for a more structured investigation.
  • Interactive and Visual Clarity: Analysts have access to visual details which help them study threat patterns in a better way and results in an improved understanding of the available threat data.
  • Coordination and Collaboration: The Threat Investigations model offers a collaborative environment, bringing together threat information, evidence, and users. Security analysts can share the investigation canvas with their peers and information sharing communities to improve response. This allows analysts to coordinate and collaborate as a team to inspect every crevice of the organization's security perimeter, identify adversary tactics, techniques, and procedures (TTPs), and effectively defend against threats.

What’s New?

The Threat Investigations feature now comes with the support for Timeline and Diamond Model of Intrusion Analysis.

Timeline Support: It allows the security teams to have insights into the investigation evolution of the threat intel and its related objects. In simple words, they can now find out the exact date and time for any operation or activity on the threat data or the related objects. This helps security teams determine the sequence of events in a network, understand the attack pattern, gain insights into the threat actor’s TTPs, conduct contextualized and better investigations, and discover the “how” and “why” of threats and their impact.

Diamond Model of Intrusion Analysis: The Threat Investigations feature in CTIX now supports the Diamond Model of Intrusion Analysis, which classifies intel into four main components—Adversary, Capability, Infrastructure, and Victim. This feature enables the users to visualize the relationships and characteristics of these four elements. For any event, CTIX users can map threat intel to the four components and perform a diamond model analysis on each one of them to obtain contextualized threat intelligence. In a nutshell, users can

  • efficiently aggregate and analyze massive threat intel data and get 360-degree insights into how adversaries operate

  • recognize the adversaries’ objectives and proactively mitigate threats.

Use Cases

Some of the use cases for the Threat Investigations feature are:

  • Incident Response: Security teams can perform an extensive investigation to accelerate incident response and boost remediation and recovery, thereby minimizing mean time to respond (MTTR) and mean time to contain (MTTC).
  • Threat Hunting: During the investigation, threat hunters can leverage this capability to collect critical intelligence and communicate to other teams for analysis, prioritization, and response. This information is critical to predicting threat trends, remediating threats, and improving security measures.
  • Adversary Characterization: The new capability completely complements and aids the major goal of threat investigation which is to identify threat patterns and threat actor TTPs. The advanced analytical data deduced from CTIX's threat investigation capability can be leveraged by security teams to proactively defend against threat actors’ malicious strategies and draw up future mitigation strategies.

Summing Up

The new Threat Investigations feature takes the game for cyber defenders to the next level with its ability to visually represent all the elements of the investigation–threat data, evidence, and users in a collaborative environment, equipping its users with a greater understanding of the adversary. CTIX v.3.1 is here to revolutionize the entire threat investigation process, accelerate the adversary understanding of security teams, foster collaboration between them, and improve overall investigation process efficiency.

Book a free demo to understand how our Threat Investigations feature can help you decode cyber threats in a simplified manner.

Related Blogs