A Threat Intelligence Platform (TIP) for Growing Teams

Our comprehensive solution with premium feeds, enrichment, and automation that accelerates proactive defense at a fraction of the cost of other TIPs.

Threat Intel Automation Platform Pre-Loaded with Premium Intelligence Feeds and Enrichment Sources

Finally, a Threat Intelligence Solution for Teams that...

Do not have (or have a very small) threat intel team
Do not have (or have a very small) threat intel team
Do not have a large cybersecurity budget for costly TIPs
Do not have a large cybersecurity budget for costly TIPs
Receive and share intel with one or more ISACs and ISAOs
Receive and share intel with one or more ISACs and ISAOs
Ingest threat data from multiple dark web or OSINT sources
Ingest threat data from multiple dark web or OSINT sources
Receive threat intel in emails or files and process it manually
Receive threat intel in emails or files and process it manually
Need the capability to operationalize threat intelligence faster
Need the capability to operationalize threat intelligence faster

Ingest, Analyze, and Act on Relevant, Enriched Intelligence

CTIX Lite Features

Collect threat intelligence from multiple sources (ISACs, OSINT, Dark Web)
Collect threat intelligence from multiple sources (ISACs, OSINT, Dark Web)
Ingest threat indicators (IOCs) in STIX format
Ingest threat indicators (IOCs) in STIX format
Process unstructured threat intelligence received via emails, reports, and blogs
Process unstructured threat intelligence received via emails, reports, and blogs
Automate end-to-end threat intel workflows – ingestion through actioning
Automate end-to-end threat intel workflows – ingestion through actioning
Threat intel feeds that never expire – Flashpoint, Polyswarm
Threat intel feeds that never expire – Flashpoint, Polyswarm
Enrich your data for no additional charge – Polyswarm, alphaMountain
Enrich your data for no additional charge – Polyswarm, alphaMountain
Simple yet powerful automation with custom confidence scoring for indicators
Simple yet powerful automation with custom confidence scoring for indicators
Update your SIEM records without writing complex playbooks
Update your SIEM records without writing complex playbooks
Integrate and take actions in your security tools
Integrate and take actions in your security tools

Use Cases

Automate threat intelligence ingestion, enrichment, and contextualization
Automate threat intelligence ingestion, enrichment, and contextualization
Automate SIEM lookup and reference for future threat detection and monitoring
Automate SIEM lookup and reference for future threat detection and monitoring
Automate blocking of IOCs on security technology such as firewall, AV, IPS, etc.
Automate blocking of IOCs on security technology such as firewall, AV, IPS, etc.
Assign high priority indicators and threats to analysts for manual review
Assign high priority indicators and threats to analysts for manual review

Premium Feeds

Flashpoint IOCs and CVEs

Flashpoint IOCs and CVEs

Premium intelligence from Flashpoint enables users access to indicators of compromise (IOCs) and technical data across Flashpoint datasets.
Cyware Threat Feed

Cyware Threat Feed

Threat data collected from a wide variety of open and trusted sources to deliver a consolidated stream of valuable and actionable threat intelligence.
PolySwarm

PolySwarm

A real-time stream of new and emergent malware with a focus on new Ransomware Families of which over 25% are not yet in competing feeds.

*Coming soon

Enrichment Sources

alphaMountain

alphaMountain

A threat response web reputation that enables users to conduct queries informed by reputation of the hosts, domains, and IP addresses of the target.
PolySwarm

PolySwarm

A launchpad for innovative threat detection methods, that provides file enrichment supplied by a crowdsourced network of research-driven, anti-malware solutions.

Compare CTIX Product Editions

Features/Capabilities
CTIX Enterprise
CTIX Lite
CTIX Spoke
Dashboard

Out of Box Dashboard


Sharing of Dashboard


Feeds ROI

Out of Box Dashboard


Sharing of Dashboard


-

Out of Box Dashboard - Limited set of widgets

-


-

Reports
Custom reporting Capabilities
Custom reporting Capabilities
Custom reporting Capabilities Max. 2 reports
Intel Collection

Customizable to Your Organization’s Unique Needs


Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support)


Threat Bulletin - Create & View


Unstructured Intel - RSS


Unstructured Intel - Threat Mailbox


Unstructured Intel - Twitter Module


Quick Add Intel, Import Intel
Webscraper, Webhooks

Manual Intel Ingestion via text, URL, file import

Upper limit to 50K Objects / Day


Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support)


Threat Bulletin - View


Unstructured Intel - RSS


Unstructured Intel - Threat Mailbox

-


Quick Add Intel, Import Intel
Webscraper

Manual Intel Ingestion via text, URL, file import

Upper limit to 10k Objects / Day


Threat Data - All SDO support (STIX 2.1 support for ingestion)


-


-


Threat Mailbox (1 mail account only)

-


Quick Add Intel, Import Intel
-

Manual Intel Ingestion via text, URL, file import

Inbox Capabilities

Customizable to Your Organization’s Unique Needs

Sharing is allowed to any 3 TAXII Feed Providers

Sharing is allowed to any 1 TAXII Feed Providers

Indicators Allowed (Whitelist)
All
All
-
Intel Scoring
Confidence Score Engine
Confidence Score Engine

-

Rules Engine
Build your own rule - Unlimited

Build your own rule - Max of 10 active rules

Build your own rule - Max of 2 active rules

Attack Navigator
Full Version
Full Version
-
Threat Investigation
Full Version
-
-
Dissemination - Detailed Submission

Customizable to Your Organization’s Unique Needs

Inbox to any 3 TAXI feed providers

Inbox to any 1 TAXI feed provider
Analyst Workbench
Fang-Defang
STIX Conversion
Encode-Decode 64
CVSS Calculator
Network Utilities
-
-
Global Tasks
Create and Action tasks
-
-
My Org
Indicators Allowed
Watchlist
Tags
Indicators Allowed
Watchlist
Tags
-
Authentication
Username/Password
LDAP
2 FA enabled - Email/TOTP
Username/Password
-
2 FA enabled - Email/TOTP
Username/Password
-
2 FA enabled - TOTP
Feed Integrations
All
All
All
STIX and ISAC Integration
All
All
Maximum 5 STIX/ISAC sources
Feed Enrichment
All
All
-
Tool Integration - SIEM
All
All
All
Tool Integration - SOAR Solution
All
All
All
Tool Integration - Network Security
All
All
All
Tool Integration - Endpoint Detection Response
All
All
All
Console Status
Fully Enabled
-
-
SSO Enablement
Yes
-
-
Hub and Spoke
Yes
-
-
Open API
Yes
-
No
Users
-
-
2
Administration
User Management
License Management
Custom Entities Management
Audit Log Management
Subscribers
Configuration
Audit Log Management
User Management
License Management
Configuration



User Management
Configuration




GO TO CTIX Enterprise
GO TO CTIX LITE
GO TO CTIX SPOKE

Request a Demo of CTIX Lite

CTIX Lite is available to select organizations based on the size of their security team and other additional criteria determined by Cyware. Request a demo to learn more and see if this is a fit for your organization.

Frequently Asked Questions

Traditional threat intelligence platforms (TIPs) have been designed for large enterprises. However, the present-day threat landscape necessitates it for the security teams of all sizes and budgets to have their own automated TIP that enables them to ingest, analyze, enrich, and take actions on threat intelligence in real-time. If you are a small or mid-sized security team facing similar challenges, then CTIX Lite is the right platform for you.