We use cookies to improve your experience. Do you accept?

How the Hub and Spoke model in CTIX trumps traditional Threat Intelligence Platforms

How the Hub and Spoke model in CTIX trumps traditional Threat Intelligence Platforms - Featured Image

ISAC Mar 7, 2019

Intro

Tackling advanced cyber threats requires intelligence exchange and collaboration between various organizations. It is not possible for an organization to defend itself by being in a silo and moreover, it is becoming increasingly impractical in our evermore connected world.

By exchanging and collaborating using cyber threat intelligence from various sources, defenders can gain valuable insights into an adversary’s overall goals and strategies.

Being part of an intelligence exchange community provides many benefits including enhanced situational awareness, improved decision making, and an enriched knowledge base that aids in incident response and management.

Why Intelligence Exchange is challenging?

Intelligence exchange sounds great in theory, however, it can be a nightmare to implement it in a multi-stakeholder environment which includes subsidiaries, partners, clients, vendors, regulatory agencies, sectorial ISACs, and other large organizations. Just the sheer number of stakeholders can be challenging, let alone the issues regarding technical and legal compliance.

With the advent of data formats and protocols for storing and exchanging threat intelligence, various Threat Intelligence Platforms were built which used different information sharing models. However, most of the issues faced by organizations in setting up effective cyber threat intelligence operations remain unaddressed.

While building CTIX, we are always cognizant of the pain points of our clients. To address them, we introduced the Hub-and-Spoke model which provides a structured yet flexible approach for threat intelligence exchange.

How do we solve this?

In CTIX, organizations deploy a ‘CTIX Hub’ that can share threat information from multiple sources by setting up client-server like relationships with different partners which act as the ‘CTIX Spokes’ using subscriber management features.

The Hub combines and anonymizes threat intel from multiple Spokes, while removing duplicates, and enriching it with further analysis before sharing it back with other Spokes in the Organization’s network.

CTIX’s Hub and Spoke model enables organizations to build trusted relationships to serve different purposes like:

  • Receiving real-time alerts from CERT or other government agencies

  • Exchanging threat indicators and collaborating as part of a sectoral ISAC

  • Exchanging threat information with their own clients and vendors

  • Receiving threat intel from various Intel feed providers

Furthermore, organizations can also build their own Trusted Sharing Network using this model.

Due to the data format-agnostic nature of CTIX, you can consume and share threat information in different formats like STIX 1.x, STIX 2.0, XML, JSON, Cybox, OpenIOC, MAEC. This eases the integration with existing tools and compatibility with other partners as data format becomes a non-issue.

Thus, CTIX enables organizations to utilize relevant threat intelligence for faster contextualization, incident investigations, and alert triage processes.

Related Blogs

Cyware Survey Highlights How Untapped Threat Intelligence Weakens Cybersecurity - Featured Image

Cyware Survey Highlights How Untapped Threat Intelligence Weakens Cybersecurity

It's no secret that collaboration and information sharing are key to a proactive security posture. An overwhelming 91% of survey respondents emphasized their importance, yet many organizations still find themselves struggling to effectively share threat intelligence. Seventy percent of respondents admitted their organizations could do better in this area, with 19% feeling they could share a lot more.

ISACSecurity CollaborationCyber Fusion CenterThreat Intelligence Sharing
Maximize Threat Intelligence Value with Custom Scores in Intel Exchange - Featured Image

Maximize Threat Intelligence Value with Custom Scores in Intel Exchange

The ability to prioritize and efficiently handle threats is paramount. Cyware’s [Intel Exchange](https://cyware.com/products/threat-intelligence-exchange) enhan

Threat intelligenceCTIXIntel ExchangeIntel Exchange (CTIX)
New ISO 27001:2022 Requires Processing and Analyzing Threat Intelligence - Featured Image

New ISO 27001:2022 Requires Processing and Analyzing Threat Intelligence

With the recent updates to ISO 27001 in 2022, organizations face heightened expectations regarding [threat intelligence](https://cyware.com/security-guides/cybe

Threat Intelligence AnalysisThreat intelligenceThreat Intelligence ProcessingIntel Exchange
Cyware Recognized as One of the Hottest Privately Held Cybersecurity Companies by JMP Cyber 66 - Featured Image

Cyware Recognized as One of the Hottest Privately Held Cybersecurity Companies by JMP Cyber 66

Staying ahead of threats requires not just vigilance but also innovative solutions that adapt to emerging challenges. Cyware, a leading threat intelligence mana

artificial intelligenceThreat intelligenceArtificial Intelligence (AI)security orchestration automation and response
Automated Threat Intelligence: How it Helps Secure Organizations - Featured Image

Automated Threat Intelligence: How it Helps Secure Organizations

The arms race between cybercriminals and security defenders in this boundless cybersecurity landscape is perpetual. As cyber threats adapt and evolve at an alar

Automated threaThreat intelligence
Reflecting on the Past Year: Considering its Impact on the Future - Featured Image

Reflecting on the Past Year: Considering its Impact on the Future

In his insightful article, Avkash Kathiriya, Sr. VP – Research and Innovation at Cyware, delves into the dynamic landscape of cybersecurity in 2023, examining t

Threat intelligenceSASESecurity AutomationZero Trust Architecture
INTERVIEW: A Q&A with Jason Keirstead - Featured Image

INTERVIEW: A Q&A with Jason Keirstead

I started working deeply with technology in middle school, after we got our first PC. I think it was less than a year before I started learning about things like the open-source movement and had installed FreeBSD on it. While going through university, although I was trying to focus on programming, I still ended up with a number of internships in the networking and network security spaces as well as working in open-source communities like the KDE project. After I graduated, I joined a start-up called Q1 Labs that had a product in the network security space (that IBM ended up acquiring in 2011 after we had assumed a leadership position in the SIEM market). Over the two decades at Q1 Labs/IBM I had a number of different roles, from UI Architect, to product owner, to Chief Architect, eventually the CTO of Threat Management.

Threat intelligenceCollective Defense
Create Visually Compelling Reports with Intel Exchange for Data-Driven Insights - Featured Image

Create Visually Compelling Reports with Intel Exchange for Data-Driven Insights

Structuring huge data sets has been a challenge for security teams for a long time, making it difficult to interpret crucial insights and communicate threat inf

Potential Insider ThreatsThreat intelligenceReportsIntel Exchange (CTIX)
Amplify All Sources of Threat Intelligence to Action - Featured Image

Amplify All Sources of Threat Intelligence to Action

When it comes to threat intelligence, it's important to cast a wide net and consume all available information. Any source of threat intelligence, that can be in

Threat intelligenceIntel Exchange (CTIX)Threat Intelligence Ingestion
Cyware Named a Representative Vendor in the May 2023 Gartner Market Guide for Security Threat Intelligence Products and Services - Featured Image

Cyware Named a Representative Vendor in the May 2023 Gartner Market Guide for Security Threat Intelligence Products and Services

[Cyware](https://cyware.com/), the only vendor that natively integrates a threat intelligence platform, end-to-end automation, and threat intelligence sharing,

Cyware Threat intel ExchangeThreat intelligenceGartner
Threat Intelligence Must be for Everyone - Featured Image

Threat Intelligence Must be for Everyone

At a recent Google Cloud security event, Jayce Nichols, Google’s director of adversary operations discussed threat intelligence and was quoted as saying, “If yo

Threat intelligenceCyber Threat Intelligence
IOC Ingestion Made Easy with CTIX-Slack Integration - Featured Image

IOC Ingestion Made Easy with CTIX-Slack Integration

Cyware has integrated its threat intelligence exchange platform, [Intel Exchange (CTIX)](https://cyware.com/products/threat-intelligence-platform) with the popu

CTIXCTIX/Slack IntegrationCTIX/Slack