Discover Hidden Threat Patterns With Cyware’s "Related Incidents" Feature
Cyware Fusion and Threat Response (CFTR) • Oct 5, 2021
We use cookies to improve your experience. Do you accept?
Cyware Fusion and Threat Response (CFTR) • Oct 5, 2021
Cyware Fusion and Threat Response (CFTR) continues to set new benchmarks in facilitating a collaboration-driven threat response against cyber threats. Our latest version of the product, CFTR v2.11, will put you at ease by enabling you to add Related Incidents to Connect the Dots section.
The Related Incidents tab is now available as a component of the Connect the Dots section. This enables CFTR users to manually access the Related Incidents tab under Connect the Dots section. Moreover, the users can now view the Connect to Incident slider when they click on the Connect Now or Connect More tab.
We have used an industry-first funnel-based architecture that combines both supervised and unsupervised learning approaches to design a system, which is scalable and makes accurate predictions. For the system to make predictions, we employ an automated data generation process and use the existing incidents in the platform to generate the training data. This does not make the users wait to generate the data to train the models, instead, it provides feedback to tune the models to their preferences.
The new functionalities include:
Suggested related incidents: This ML-driven functionality will show users the data of the relevant incidents that were previously logged in CFTR. It will help users determine if the suggested incident is analogous to the current incident.
All incidents: It will list all the incidents recorded in the CFTR database and enable users to manually select an incident. A user can manually verify if any of the displayed incidents are relevant to the current incident.
Show similarities: This capability will display an analogy between related incidents based on different aspects like Title, Description, Incident Type, Severity, Business Unit, Location, Sources, Attack Tactics, and Attack Techniques. It will assist users in making a conclusion based on the comparison.
Mark as irrelevant: Users can now mark an incident as irrelevant which will be picked as an input for the ML pattern to suggest incidents. The irrelevant incidents will be considered as feedback for further improvements. This will allow the ML model to learn and tune itself as per the feedback provided by the analyst and make intelligent recommendations.
The new version of CFTR comes with several refinements and assists users in various ways such as:
Better visibility: CFTR users can now uncover correlations between isolated malware, vulnerabilities, assets, threat actors, and other relevant data. This will help them comprehend threat trends, patterns, and abnormalities through an advanced graphical visualization of threats.
Improved threat response capabilities: The updated CFTR will force-multiply your threat response capabilities by enabling you to find the latent patterns between isolated threats. This will equip your response team with predictive intelligence, allowing them to effectively respond to threats and break the cyber kill chain.
Decision-Making: Based on the suggested related incidents and similarities between them, users can make strategic and informed decisions about a threat. Improved decision-making can help in taking necessary mitigation steps.
The addition of the Related Incidents feature puts CFTR a step ahead in terms of providing better visibility and encouraging effective threat response. In a nutshell, CFTR users can now obtain contextual intelligence on sophisticated threat campaigns, determine potential attacker trajectories, and discover hidden threat patterns by connecting the dots between isolated incidents and threats.