Cyware Threat Intelligence eXchange (CTIX) is a unique threat intelligence sharing platform platform that aggregates data from STIX/TAXII based feeds and non-standard data sources such as email. It also comes with full information exchange server capabilities and allows companies to manage information sharing with multiple clients.
CTIX deploys an artificial intelligence-based analyzer to reduce noise, remove duplicate threat data and uses machine learning to co-relate information for threat actors and respective campaigns in a consolidated form to be shared in real-time across peer organizations, sectors and countries.
Supporting integration with SIEM tools such as Splunk and ArcSight and security products like Phantom, Tanium or other STIX/TAXII based sharing platforms, CTIX gives organizations a centralized platform to share and submit threat intelligence with other public and private enterprises. Enhancing an organization’s interoperability to collect and share threat data with other institutions, CTIX allows for mutual learning, collaboration and a unified approach to protecting an entity against malicious intrusions.
Now, CTIX has a new additional feature offering security analysts a geospatial view of IP addresses across the globe. An interactive global map designed to measure the density of suspicious IP addresses in specific regions has been included in the user’s dashboard to offer the organization’s security team a holistic and centralized view of heavy IP traffic coming from any particular country or region. The feature also comes with a legend to indicate which regions have more suspicious IP addresses than others and provide the number of such IPs in real-time.
This feature could be particularly useful for organizations with branches spread out over multiple countries across the globe. Take for example, a fictitious multinational retail corporation named Frosty Blue Global Inc. that has regional offices in 27 countries and outlets in 100 countries.
Its headquarters are based in Boston, USA where its centralized security team sits while some IT personnel are based in its foreign offices. Frosty Blue’s main security team wants to get an overall view of where the majority of suspect IP addresses are coming from and do they pose any threat to the countries in which their foreign offices are based. Frosty Blue has offices in the UK, Ireland, Germany, China, India, Singapore, Philippines, UAE and Australia among others.
Security analysts noticing heavy traffic coming from regions like China can use the map to see and compare the density of IP addresses coming from China as opposed to other countries as well as take a look at the population of suspect IP addresses coming from other countries where its offices are located. By analyzing the activity and growth in a particular region, security analysts can then prioritize potential threats based on region and take a more proactive approach to security threats before they impact.
Using CTIX’s structured transfer of tactical intelligence in both human-readable and machine-parsable formats paired with its new geospatial IP address map, an organization allows its analysts to get a bird’s eye view of potential threats, receives updated data devoid of noise and avoids losing out on valuable human judgement.