Introducing the First Fully Automated, Lightweight Threat Intelligence Platform (TIP) for Small to Mid-sized Security Teams

CTIX Lite is a comprehensive solution with premium feeds, enrichment, and automation in a single platform. This complete, all-in-one solution enables automation throughout the threat intelligence lifecycle to accelerate a proactive defense against threats, and all for one-fifth of the cost of other enterprise TIPs.

Threat Intel Automation Platform Pre-Loaded with Premium Intelligence Feeds and Enrichment Sources

Finally, a Threat Intelligence Solution for Teams that...

Do not have (or have a very small) threat intel team
Do not have (or have a very small) threat intel team
Do not have a large cybersecurity budget for costly TIPs
Do not have a large cybersecurity budget for costly TIPs
Receive and share intel with one or more ISACs and ISAOs
Receive and share intel with one or more ISACs and ISAOs
Ingest threat data from multiple dark web or OSINT sources
Ingest threat data from multiple dark web or OSINT sources
Receive threat intel in emails or files and process it manually
Receive threat intel in emails or files and process it manually
Need the capability to operationalize threat intelligence faster
Need the capability to operationalize threat intelligence faster

Ingest, Analyze, and Act on Relevant, Enriched Intelligence

Detect Threats Faster with Advanced TIP Features

Collect threat intelligence from multiple sources (ISACs, OSINT, Dark Web)
Collect threat intelligence from multiple sources (ISACs, OSINT, Dark Web)
Ingest threat indicators (IOCs) in STIX format
Ingest threat indicators (IOCs) in STIX format
Process unstructured threat intelligence received via emails, reports, and blogs
Process unstructured threat intelligence received via emails, reports, and blogs
Automate end-to-end threat intel workflows – ingestion through actioning
Automate end-to-end threat intel workflows – ingestion through actioning
Threat intel feeds that never expire – Flashpoint, Bambenek, Polyswarm
Threat intel feeds that never expire – Flashpoint, Bambenek, Polyswarm
Enrich your data for no additional charge – Polyswarm, Comodo
Enrich your data for no additional charge – Polyswarm, Comodo
Simple yet powerful automation with custom confidence scoring for indicators
Simple yet powerful automation with custom confidence scoring for indicators
Update your SIEM records without writing complex playbooks
Update your SIEM records without writing complex playbooks
Integrate and take actions in your security tools
Integrate and take actions in your security tools

Automate Threat Intel Workflows for Faster, Smarter Security

Automate threat intelligence ingestion, enrichment, and contextualization
Automate threat intelligence ingestion, enrichment, and contextualization
Automate SIEM lookup and reference for future threat detection and monitoring
Automate SIEM lookup and reference for future threat detection and monitoring
Automate blocking of IOCs on security technology such as firewall, AV, IPS, etc.
Automate blocking of IOCs on security technology such as firewall, AV, IPS, etc.
Assign high priority indicators and threats to analysts for manual review
Assign high priority indicators and threats to analysts for manual review

Premium Feeds

Flashpoint IOCs and CVEs

Flashpoint IOCs and CVEs

Premium intelligence from Flashpoint enables users access to indicators of compromise (IOCs) and technical data across Flashpoint datasets.
Bambenek IP and Domain Feed

Bambenek IP and Domain Feed

A self-curating feed that monitors malicious networks to observe the current criminal activity delivering high-confidence data.
Cyware Threat Feed

Cyware Threat Feed

Threat data collected from a wide variety of open and trusted sources to deliver a consolidated stream of valuable and actionable threat intelligence.
PolySwarm

PolySwarm

A real-time stream of new and emergent malware with a focus on new Ransomware Families of which over 25% are not yet in competing feeds.

*Coming soon

Enrichment Sources

Comodo Valkyrie

Comodo Valkyrie

A cloud-based, verdict-driven platform that provides static, dynamic, and as needed, expert human analysis for submitted unknown and zero-day files.
PolySwarm

PolySwarm

A launchpad for innovative threat detection methods, that provides file enrichment supplied by a crowdsourced network of research-driven, anti-malware solutions.

Compare CTIX Product Editions

Features/Capabilities
CTIX Lite
CTIX Enterprise
Dashboard
Out-of-the-box Dashboard
Sharing of Dashboard
Out-of-the-box Dashboard
Sharing of Dashboard
Feeds ROI
Live Activity
-
All
Report
Out-of-the-box Widgets
Out-of-the-box Widgets
Intel Collection
Unlimited Ingestion of IOC
Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support)
Intel Package
Threat Bulletin - View
Unstructured Intel - RSS
Unstructured Intel - Threat Mailbox
-
Quick Add Intel
Webscraper

Manual Intel Ingestion via text, URL, file import

Unlimited Ingestion of IOC
Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support)
Intel Package
Threat Bulletin - Create and View
Unstructured Intel - RSS
Unstructured Intel - Threat Mailbox
Unstructured Intel - Twitter Module
Quick Add Intel
Webscraper, Webhooks

Manual Intel Ingestion via text, URL, file import

Inbox Capabilities

Sharing is allowed to any 3 TAXII Feed Providers

Unlimited
Indicators Allowed (Whitelist)
All
All
Intel Scoring
Custom Confidence Score Engine
Custom Confidence Score Engine
Rules Engine

Build Your Own Rules - Max 10 Active Rules

Build Your Own Rules - Unlimited
Attack Navigator
Full Version
Full Version
Threat Visualizer
-
Full Version
Analyst Workbench
-
Fang-Defang
STIX Conversion
Encode-Decode 64
CVSS Calculator
Network Utilities
Task Management
-
Create and Action tasks
My Org
Saved Search
Tagging
Background Tasks
Global Notes
-
Manual Review
Yara Rules
-
Saved Search
Tagging
Background Tasks
Global Notes
Watchlist
Manual Review
Yara Rules
Domain Fuzzer
Authentication
Username/Password
-
2FA Enabled - Email/TOTP
Username/Password
LDAP
2FA Enabled - Email/TOTP
Integration

API Feed Connectors (Require Clients to enter API/License keys)

Mandiant Threat Intelligence
Cofense
Intel 471
Dragos
Crowdstrike
Recorded Future
Sixgill
Flexera
Volon

Bambenek (Out-of-the-box Paid Premium Integration Enabled)


Flashpoint (Out-of-the-box Paid Premium Integration Enabled)


Cyware Threat Feeds (Out-of-the-box Integration Enabled)


Out-of-the-box Paid Premium Versions Enabled


API Feed Connectors (Require Clients to enter API/License keys)

Mandiant Threat Intelligence
Cofense
Intel 471
Dragos
Crowdstrike
Recorded Future
Sixgill
Flexera
Volon

Bambenek



Flashpoint


Cyware Threat Feeds


No Out-of-the-box Paid Premium Versions Enabled

Feed Enrichment

Connectors available in system (Require Clients to enter API/License keys)

VirusTotal 2
Hybrid Analysis
Shodan
WhoIs
AbuseIPBD
Alexa
Bluecoat
AlienVault OTX
CVE Details
Exploit Database
Farsight DNSDB
Google Browsing
Have I been PWNED
IBM Xforce
Mandiant Threat Intelligence
Maximind
MX Toolbox
NVD
Phishtank
Risk IQ

Comodo (Out-of-the-box Paid Premium Integration enabled)


Polyswarm (Out-of-the-box Paid Premium Integration enabled)


Out-of-the-box Paid Premium Versions Enabled

Connectors available in system (Require Clients to enter API/License keys)

VirusTotal 2
Hybrid Analysis
Shodan
WhoIs
AbuseIPBD
Alexa
Bluecoat
AlienVault OTX
CVE Details
Exploit Database
Farsight DNSDB
Google Browsing
Have I been PWNED
IBM Xforce
Mandiant Threat Intelligence
Maximind
MX Toolbox
NVD
Phishtank
Risk IQ

Comodo



Polyswarm


No Out-of-the-box Paid Premium Versions Enabled

Tool Integration - SIEM
QRadar, Exabeam, Splunk
QRadar, Exabeam, Splunk
Tool Integration - CSOL Agent
QRadar
Cortex XSOAR
Splunk
Splunk Phantom
Exabeam
QRadar
Cortex XSOAR
Splunk
Splunk Phantom
Exabeam
Tool Integration - SOAR Solution
Splunk Phantom
Cortex XSOAR
Splunk Phantom
Cortex XSOAR
Tool Integration - Firewall
-
PFsense
Tool Integration - Communicating Tools
-
Mattermost
Plivo
Twilio
Sendgrid
Msg91
Console Status
-
Fully Enabled
SSO Enablement
-
Yes
Hub and Spoke
-
Yes
Administration
User
License
Configuration
-
Certificate Management
GO TO CTIX LITE
User
License
Configuration
Subscriber
Certificate Management
GO TO CTIX Enterprise

Request a Demo of CTIX Lite

CTIX Lite is available to select organizations based on the size of their security team and other additional criteria determined by Cyware. Request a demo to learn more and see if this is a fit for your organization.

Frequently Asked Questions

Traditional threat intelligence platforms (TIPs) have been designed for large enterprises. However, the present-day threat landscape necessitates it for the security teams of all sizes and budgets to have their own automated TIP that enables them to ingest, analyze, enrich, and take actions on threat intelligence in real-time. If you are a small or mid-sized security team facing similar challenges, then CTIX Lite is the right platform for you.