Accelerate Investigation and Build Contextualized Threat Intel with Cyware Threat Intelligence eXchange
Threat Investigations • May 19, 2022
We use cookies to improve your experience. Do you accept?
Threat Investigations • May 19, 2022
Security teams often face challenges with the structured investigation, absence of team collaboration, and unorganized threat data. The Cyware Threat Intelligence eXchange (CTIX) version 3.1, solves these challenges with a new Threat Investigations feature that enables security analysts to collaborate and share insights on threat investigation in real-time.
In the chaotic world of cyber threats, the Threat Investigations feature fortifies the capabilities of security teams in several ways:
The Threat Investigations feature now comes with the support for Timeline and Diamond Model of Intrusion Analysis.
Timeline Support: It allows the security teams to have insights into the investigation evolution of the threat intel and its related objects. In simple words, they can now find out the exact date and time for any operation or activity on the threat data or the related objects. This helps security teams determine the sequence of events in a network, understand the attack pattern, gain insights into the threat actor’s TTPs, conduct contextualized and better investigations, and discover the “how” and “why” of threats and their impact.
Diamond Model of Intrusion Analysis: The Threat Investigations feature in CTIX now supports the Diamond Model of Intrusion Analysis, which classifies intel into four main components—Adversary, Capability, Infrastructure, and Victim. This feature enables the users to visualize the relationships and characteristics of these four elements. For any event, CTIX users can map threat intel to the four components and perform a diamond model analysis on each one of them to obtain contextualized threat intelligence. In a nutshell, users can
efficiently aggregate and analyze massive threat intel data and get 360-degree insights into how adversaries operate
recognize the adversaries’ objectives and proactively mitigate threats.
Some of the use cases for the Threat Investigations feature are:
The new Threat Investigations feature takes the game for cyber defenders to the next level with its ability to visually represent all the elements of the investigation–threat data, evidence, and users in a collaborative environment, equipping its users with a greater understanding of the adversary. CTIX v.3.1 is here to revolutionize the entire threat investigation process, accelerate the adversary understanding of security teams, foster collaboration between them, and improve overall investigation process efficiency.
Book a free demo to understand how our Threat Investigations feature can help you decode cyber threats in a simplified manner.