Share Blog Post
- Threat Intelligence-enabled Incident Investigation: It enables security analysts to identify the connections between an incident and all the historically observed incidents, malware, vulnerabilities, threat actors, campaigns, and more. CFTR provides machine learning (ML) enabled insights to build the connection between various malicious activities by attackers and any observed incident. This gives a birds-eye view of all the activities in the threat landscape that are of concern when investigating a particular incident.
- Faster Incident Investigation: Earlier, security analysts had to manually search and look for all the related components across multiple windows. By automating the correlation between incidents and adversary TTPs, an organization’s assets, and other components, the Connect the Dots feature speeds the incident investigation by manifolds by automating the entire steps required in fetching historical data and linking it with the incident.
- Identification of Impacted Assets: With this capability, CFTR helps analysts track all the endpoints, software, applications, and other assets that may be potentially impacted by an incident. Thus, it allows them to accurately define the scope of the incident analysis and triage workflow. The feature also provides capabilities to improve traceability of any incident or impacted assets.
How does it Work?
- It uses advanced Machine Learning (ML) algorithms to find links between disparate threat elements, thereby producing more contextual and actionable threat intelligence or threat investigation analysis.
- Security analysts can view a list of impacted entities linked to an incident and link any of the listed entities to the incident. Having a 360-degree view of threats aids incident response teams in managing and responding to threats more effectively.
The Bottom Line
Posted on: June 30, 2022
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...