We use cookies to improve your experience. Do you accept?

Accelerate Investigation and Build Contextualized Threat Intel with Cyware Threat Intelligence eXchange

Accelerate Investigation and Build Contextualized Threat Intel with Cyware Threat Intelligence eXchange - Featured Image

Threat Investigations May 19, 2022

Security teams often face challenges with the structured investigation, absence of team collaboration, and unorganized threat data. The Cyware Threat Intelligence eXchange (CTIX) version 3.1, solves these challenges with a new Threat Investigations feature that enables security analysts to collaborate and share insights on threat investigation in real-time.

Benefits of Threat Investigations

In the chaotic world of cyber threats, the Threat Investigations feature fortifies the capabilities of security teams in several ways:

  • Real-time Investigation: The Threat Investigations feature enables security analysts to view all the threat data in a single pane through intuitive graphical representations, effortlessly exploring details and conducting investigations in real-time. The feature supports Diamond Model for a more structured investigation.
  • Interactive and Visual Clarity: Analysts have access to visual details which help them study threat patterns in a better way and results in an improved understanding of the available threat data.
  • Coordination and Collaboration: The Threat Investigations model offers a collaborative environment, bringing together threat information, evidence, and users. Security analysts can share the investigation canvas with their peers and information sharing communities to improve response. This allows analysts to coordinate and collaborate as a team to inspect every crevice of the organization's security perimeter, identify adversary tactics, techniques, and procedures (TTPs), and effectively defend against threats.

What’s New?

The Threat Investigations feature now comes with the support for Timeline and Diamond Model of Intrusion Analysis.

Timeline Support: It allows the security teams to have insights into the investigation evolution of the threat intel and its related objects. In simple words, they can now find out the exact date and time for any operation or activity on the threat data or the related objects. This helps security teams determine the sequence of events in a network, understand the attack pattern, gain insights into the threat actor’s TTPs, conduct contextualized and better investigations, and discover the “how” and “why” of threats and their impact.

Diamond Model of Intrusion Analysis: The Threat Investigations feature in CTIX now supports the Diamond Model of Intrusion Analysis, which classifies intel into four main components—Adversary, Capability, Infrastructure, and Victim. This feature enables the users to visualize the relationships and characteristics of these four elements. For any event, CTIX users can map threat intel to the four components and perform a diamond model analysis on each one of them to obtain contextualized threat intelligence. In a nutshell, users can

  • efficiently aggregate and analyze massive threat intel data and get 360-degree insights into how adversaries operate

  • recognize the adversaries’ objectives and proactively mitigate threats.

Use Cases

Some of the use cases for the Threat Investigations feature are:

  • Incident Response: Security teams can perform an extensive investigation to accelerate incident response and boost remediation and recovery, thereby minimizing mean time to respond (MTTR) and mean time to contain (MTTC).
  • Threat Hunting: During the investigation, threat hunters can leverage this capability to collect critical intelligence and communicate to other teams for analysis, prioritization, and response. This information is critical to predicting threat trends, remediating threats, and improving security measures.
  • Adversary Characterization: The new capability completely complements and aids the major goal of threat investigation which is to identify threat patterns and threat actor TTPs. The advanced analytical data deduced from CTIX's threat investigation capability can be leveraged by security teams to proactively defend against threat actors’ malicious strategies and draw up future mitigation strategies.

Summing Up

The new Threat Investigations feature takes the game for cyber defenders to the next level with its ability to visually represent all the elements of the investigation–threat data, evidence, and users in a collaborative environment, equipping its users with a greater understanding of the adversary. CTIX v.3.1 is here to revolutionize the entire threat investigation process, accelerate the adversary understanding of security teams, foster collaboration between them, and improve overall investigation process efficiency.

Book a free demo to understand how our Threat Investigations feature can help you decode cyber threats in a simplified manner.

Related Blogs

Cyware Threat Intelligence Lite Platform Now Available on AWS Marketplace - Featured Image

Cyware Threat Intelligence Lite Platform Now Available on AWS Marketplace

We are pleased to announce another milestone for Cyware, with the release and immediate availability of the [Intel Exchange (CTIX Lite)](https://aws.amazon.com/

Cyware Threat Intelligence Exchange (CTIX)AWS MarketplaceCTIX Lite
Gain 360-Degree Insights into Threat Data with Cyware’s Revamped Threat Data Capabilities - Featured Image

Gain 360-Degree Insights into Threat Data with Cyware’s Revamped Threat Data Capabilities

If security teams fail to gain the required context from the ingested threat data for predicting and preempting threats, then such threat data is meaningless. W

Use CaseThreat DataCyware Threat Intelligence Exchange (CTIX)
Reinforce Threat Investigation Data with Interactive Threat Bulletins - Featured Image

Reinforce Threat Investigation Data with Interactive Threat Bulletins

Threat Bulletins enable security teams and stakeholders to make smarter business decisions while helping them keep pace with the evolving threat landscape. The

Threat BulletinsCyware Threat Intelligence Exchange (CTIX)
Enhance Ransomware Intelligence Sharing with CTIX Automation - Featured Image

Enhance Ransomware Intelligence Sharing with CTIX Automation

In July 2021, security researchers and analysts from [Huntress](https://www.crn.com/slide-shows/security/kaseya-likely-got-ransomware-decryptor-from-revil-huntr

Cyware Threat Intelligence Exchange (CTIX)Ransomware
Cyware's SOAR Response Workflow for SUNBURST Attack - Featured Image

Cyware's SOAR Response Workflow for SUNBURST Attack

Over the last several days, the malware tracked by several names including Solorigate and SUNBURST is being used in a widespread campaign termed UNC2452. The ca

Cyware Fusion and Threat Response (CFTR)Cyware Situational Awareness Platform (CSAP)Cyware Threat Intelligence Exchange (CTIX)Cyware Security Orchestration Layer (CSOL)
Driving Threat Intelligence Towards the Most Critical Threats Using MITRE ATT&CK Navigator - Featured Image

Driving Threat Intelligence Towards the Most Critical Threats Using MITRE ATT&CK Navigator

The [MITRE ATT&CK framework](https://cyware.com/educational-guides/cyber-threat-intelligence/how-useful-is-mitre-attck-framework-in-threat-intelligence-7c59) is

Cyware Threat Intelligence Exchange (CTIX)
Unlock Actionable Threat Intelligence with the Cyware’s Feeds ROI Dashboard - Featured Image

Unlock Actionable Threat Intelligence with the Cyware’s Feeds ROI Dashboard

While every organization in today’s day and age leverages threat intelligence to enhance its security operations, there is often a lot of ambiguity around the u

Cyware Threat Intelligence Exchange (CTIX)
Collect Actionable Intel in Real-time with Cyware's Twitter Feed Integration - Featured Image

Collect Actionable Intel in Real-time with Cyware's Twitter Feed Integration

Social media is used as a networking tool by many people. However, security professionals can use it as an additional information source to improve their analys

Cyware Threat Intelligence Exchange (CTIX)
Cyware Partners with Sixgill to Deliver Proactive Threat Intelligence Solution - Featured Image

Cyware Partners with Sixgill to Deliver Proactive Threat Intelligence Solution

NEW YORK, July 23, 2020 – [Cyware](https://cyware.com/), the leading provider of threat intelligence and cyber fusion solutions, today announced a new partnersh

Threat Intelligence Feeds Threat Intelligence PlatformCyware Threat Intelligence Exchange (CTIX)Sixgill
The Role of Threat Intelligence Sharing in Collective Defense - Featured Image

The Role of Threat Intelligence Sharing in Collective Defense

492 BC - The Battle of Marathon was to begin. After 9 days of waiting for the other side to attack, the Athenians directly charged the Persians in a Phalanx for

Threat intelligenceCTIXCyware Threat Intelligence Exchange (CTIX)Collective Defense
Cyware’s Threat Intelligence Solutions Now Integrate with Dragos WorldView - Featured Image

Cyware’s Threat Intelligence Solutions Now Integrate with Dragos WorldView

**NEW YORK, June 11, 2020** \- Cyware, the leading provider of threat intelligence and cyber fusion solutions, is proud to announce its integration with [Drago

DragosDragos WorldView APICyware Threat Intelligence Exchange (CTIX)Cyware
Cyware Adds STIX 2.1 Support for Custom Threat Intelligence Feeds - Featured Image

Cyware Adds STIX 2.1 Support for Custom Threat Intelligence Feeds

**What is STIX 2.1?** [STIX](https://oasis-open.github.io/cti-documentation/stix/intro.html) is a language and serialization format that enables organizati

STIX 2.0STIX 1.xCyware Threat Intelligence Exchange (CTIX)STIX 2.1