Go to listing page

Enhance Cross-Community Collective Defense with Cyware’s Automated Threat Sharing

Enhance Cross-Community Collective Defense with Cyware’s Automated Threat Sharing

Share Blog Post

Cyware Situational Awareness Platform (CSAP) v3.2 now enables smarter and faster sharing of threat information between trusted sharing communities using advanced rules-based automation. The CSAP v3.2 now comes with the new capability of “Community Sharing Rules” that enables CSAP admins to automate the ingestion, sharing, and last-mile delivery of threat intelligence. 

What’s New?

Information sharing community analysts can create and configure community sharing rules for
  • Automatically sharing alerts with other information sharing communities such as ISACs/ISAOs or private enterprise communities.
  • Automatically receiving alerts from other communities and sharing them with members with or without analyst intervention.

The new community sharing rules allow analysts to configure automation rules for sharing information externally with other communities as well as for ingestion and last-mile delivery to community members based on several parameters such as TLP, category, etc. 


What are the benefits of Community Sharing Rules?

  • Greater and faster sharing of threat information: With new automation rules, sharing communities can form a greater collective defense by automating sharing of threat intelligence alerts marked as TLP Green and TLP White. 

  • Analyst intervention for sensitive threat information: The new capability also enables CSAP analysts to prevent accidental or inadvertent sharing of highly sensitive information marked as TLP Red. For alerts marked as TLP Amber, analysts can analyze the received intelligence further and anonymize and enrich it before sharing it with community members. 

  • Last-mile delivery to right recipients: The rules enable information sharing community analysts to automatically share the alerts received from other communities (based on parameters such as TLP and Alert Category) directly with their members without delay.


The Bottomline

The CSAP version 3.2 makes it easier for threat sharing communities to collaborate by eliminating manual, repetitive, and time-consuming processes. Instead, it sets a new benchmark for furthering the collective defense across sectoral ISACs/ISAOs and private sharing communities by automating the sharing and last-mile delivery of threat alerts. 

To know more about our CSAP v3.2, book a demo!

 Tags

threat information sharing
collective defense
cyware

Posted on: January 14, 2022

Related Guides

Future-Proofing Security: A Guide to SOC Transformation
Explained: The Role of AI in Cyber Threat Intelligence
What is a TAXII Server? How is it Different from a TAXII Client?
Everything You Need to Know About MITRE ATT&CK Framework
What is Cyber Threat Intelligence Sharing? And Why Should You Care?
Threat Intelligence Processing: The Key to Leveraging Unstructured Data
Why is Correlation the Most Important Phase in Cyber Threat Intelligence Lifecycle?
What is Confidence Scoring in Threat Intelligence?
How to Choose the Best Threat Intelligence Platform for Your Security Team?
How to Build Your Own Cyber Information Sharing Community?
STIX Cybersecurity: A Guide to STIX 2.1
How Can You Tell if Your Cyber Threat Intelligence Program is Working Well?
What is Threat Intelligence Analysis?
What is Threat Intelligence Normalization?
What is Threat Intel Ingestion?
How Real-Time Cyber Threat Intelligence Sharing Enables Security Collaboration
What is a Threat Intelligence Platform (TIP)?
Significance of Threat Intelligence Platform (TIP) for Growing Teams
What is the Role of Threat Intelligence Platform (TIP) in a Security Operations Center (SOC)?
What is the Hub and Spoke Information Sharing Model?
Explaining the Pyramid of Pain
What are the Different Use Cases of a TIP?
Why Do MSSPs Need Automation?
What is the Diamond Model of Intrusion Analysis?
The Evolution of Threat Intelligence
Don’t Wait! Leverage Threat Intelligence
Why do Organizations Need to Leverage Actionable Threat Intelligence?
What is Technical Threat Intelligence?
Operational Threat Intelligence: What Is It and Why Is It Important?
What is Tactical Threat Intelligence and Why is it Important?
What is the Threat Intelligence Lifecycle?
Everything You Need to Know About a Threat Intelligence Platform (TIP)
5 Steps to Effective Cyber Threat Intelligence Program
Things to Consider When Choosing the Right Threat Intelligence Platform
Open Source or Commercial Threat Intelligence Platform - Which one is better?
Strategic Threat Intelligence: Why Sharing Is Crucial?
What is Threat Intelligence Management?
Strategic Threat Intelligence vs. Tactical Intelligence
Role of SOAR and TIP in Cyber Fusion
Information Sharing in Cyber Fusion
Role of Threat Intelligence in Cyber Fusion
What is MISP
What is Signals Intelligence (SIGINT)?
What are Indicators of Compromise (IOCs)?
What is Open Indicators of Compromise (OpenIOC) Framework?
What is the Cyber Information Sharing and Collaboration Program (CISCP)?
What is Malware Attribute Enumeration and Characterization (MAEC)?
What is CybOX? How do you use a CybOX object?
How is Surface Web Intelligence different from Dark Web Intelligence?
What is Open Source Intelligence (OSINT)?

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite

Explore Solutions

Capabilities

Resource Library

Use Cases