Smooth, Improved Cyber Threat Intel Exchange with STIX 2.0 Support

New Feature

Share Blog Post

Cyware Threat Intelligence eXchange (CTIX) is a centralized and unparalleled intelligence sharing platform platform that aggregates data from STIX/TAXII based feeds and non-standard data sources such as email. Constantly challenging the security status quo and staying ahead of the curve, CTIX leverages an AI analyzer to reduce noise, and uses machine learning to draw key correlations between attackers and their campaigns. To ensure no valuable threat intel is overlooked and unheeded, CTIX has now been made compliant with the latest version of Structured Threat Information eXpression or commonly known as STIX 2.0 - the latest version of the structured language used to share cyber threat intelligence in a consistent and machine readable manner.

Using this enhanced industry standard, CTIX users can clearly define, describe and share threats with their fellow security colleagues across any industry, sector and country in an automated manner. Security analysts can leverage this standard to communicate indicators of compromise (IOCs), tactics, techniques and procedures (TTPs), malware attributes, victim characteristics and other key aspects of the cyberattack chain with clarity whilst avoiding any miscommunication, error or loss of information.

CTIX supports STIX 2.0 as well as previous STIX versions (1.x) to ensure users can easily share, receive and analyze threat data regardless of the version they use and prefer.

For instance, a security analyst who uses the newly redesigned STIX 2.0 can swiftly share research on the notorious VPNFilter malware with his trusted network of colleagues who use the same version as well. However, if one of his peers still uses STIX 1.2.1, they will be able to receive and analyze the IoCs using their CTIX platform. To read and analyze the received threat intel, they can simply translate it to their version or free text using CTIX’s STIX converter tool.

Alternatively, if the security analyst receives new information about North Korean hacking group Covellite’s recent tactical shift away from US targets in an email, he can use the STIX converter tool to readily translate the email containing IOCs to STIX 2.0, or earlier versions of STIX, to be shared with his counterparts.

There are very few threat intelligence tools or services that support STIX 2.0 this early in the game that offer a simple and flexible converting solution as CTIX does. However, we have added this capability because we believe staying ahead of the curve is crucial to expeditiously tackle threats as the cyber landscape continues to rapidly evolve.

Deploying CTIX, now-equipped with the significantly improved and efficient STIX 2.0, can improve an organization’s interoperability and capability to share valuable threat intel efficiently in real-time. It also spurs advanced threat analysis and enriches the data being shared across versions, systems and platforms. Staying up-to-date with the latest versions of STIX also reduces the chance of any new threats going unnoticed or unexplored simply because there is a gap in communication or no tool available to do it for you.