Threat Intelligence Platform by Cyware
Operationalize Threat Intelligence. Act With Confidence.
Gain useful threat intelligence in real time. Ingest, enrich, analyze, prioritize, act, and share threat data bi-directionally via Cyware Intel Exchange.
Cyware Intel Exchange
Microservices-Enabled Connected Architecture for Unlimited Scale
Problems We Solve
Go from Threat Informed to a Threat Driven Intelligence Program
Cyware Intel Exchange helps security teams automate the threat intelligence lifecycle, contextualize threat analysis, take proactive action, and share threat intelligence bi-directionally.
Download Data SheetDecentralized Threat Intelligence
61% of organizations report difficulty in aggregating threat intelligence from multiple sources, leading to delays in response times
Manual Ingestion and Correlation
62% of cybersecurity professionals report that human error is a significant factor in data breaches, often due to manual processing of threat intelligence
Lack of Bidirectional Sharing
70% of organizations believe they could improve threat intelligence sharing, with 19% saying they could share significantly more.
Beyond Intelligence Gathering, Towards Automated Actioning
Implement high-fidelity, contextual, and actionable threat intelligence across both cloud and on-premises detection, analysis, and response technologies.
Ingest Intel from Anywhere, in Any Format
Ingest structured and unstructured threat data in multiple formats from commercial threat feeds, OSINT sources, ISACs/ISAOs, Twitter, blogs, SIEMs, EDR/NDR, UEBA, etc.
Request a Demo
Complete Threat Intelligence Automation
Automate the entire threat intelligence lifecycle at multiple levels, including threat intel ingestion, correlation, enrichment, analysis, sharing, and actioning.
Request a Demo
Advanced Correlation and Customizable Scoring
Automate the process of enriching raw data with additional context from multiple integrated sources, such as VirusTotal, Mandiant, PolySwarm, etc. Leverage an advanced correlation engine and custom rules to score IOCs for threat prioritization.
Request a Demo
Automated Actioning Across Your Security Stack
Operationalize scored threat intel in detection and response platforms, including Firewalls, EDR, SIEM, etc, to take immediate action against identified threats, such as blocking malicious domains, isolating compromised systems, etc.
Request a Demo
Driving Cyber Excellence.
Full Lifecycle Automation
Automate the entire threat intel lifecycle from ingestion, enrichment, correlation, analysis, actioning, and sharing using an advanced predictive, automation engine.
Bidirectional Sharing
Share threat intel bi-directionally across your trusted sharing community using a STIX/TAXII compliant Hub and Spoke sharing model.
Flexible Integrations
Automate threat intel workflows by connecting with detection, response, and IT platforms for advanced analysis, correlation, and actioning.
Format-Agnostic Ingestion
Collect and normalize structured and unstructured threat data in multiple formats including STIX 1.x/2.x, MISP, MAEC, XML, CSV, YARA, OpenIOC, Email, and more.
High-Volume IOC Ingestion
Ingest threat data (IOCs) from multiple internal and external sources for centralized analysis, threat visibility, and proactive mitigation.
Adaptive Enrichment
Enrich threat data from multiple integrated sources such as VirusTotal, Mandiant, FarSight, Shodan, Phishtank, AlienVault, alphaMountain, PolySwarm, and more.
Cyware Intel Packaged Solution Brief
Looking for a Threat Intel Program-in-a-Box?
Download Solution Brief
What Our Customers Say
Real Results, Real Security.
Cyware has transformed our customers' security strategies. Our actionable intelligence empowers organizations to proactively manage and mitigate risks through low-code automation enhancing their security confidence.
“Cyware’s platform transformed the agency’s security operations by streamlining incident response, enabling extensive intelligence sharing, and amplifying vulnerability management by integrating enriched threat intelligence.”
“Cyware implemented several use cases, enabling us to optimize our cybersecurity operations, fortify our defenses, and bolster security efficiency.”
“Texas A&M has significantly benefited from our collaboration with Cyware. Their innovative cybersecurity solutions and expert guidance have been instrumental in advancing our security posture, protecting both our network and community. We trust their expertise to keep us ahead in a challenging digital landscape.”
Cyware Features
Streamline, Initiate, and Automate Threat Intelligence Operations
Leverage advanced automation, IOC scoring, and a rule-based correlation engine to analyze and enrich threat data throughout the threat intelligence lifecycle.
Confidence Score Engine
Score all the threat indicators to evaluate their signal-to-noise ratio and drive automated actioning.
Automated Actioning
Automatically operationalize scored threat intel in detection and response technologies including SIEM, EDR, Firewalls, IPS/IDS, etc.
Regulatory Intel Ingestion
Ingest and operationalize threat intel from regulatory bodies including CERTs, government entities, and sectoral communities.
Source and Collection Management
Manage all sources and collections through a dashboard with customized polling, source management, and frequency management capabilities.
Visual Threat Investigations
Visualize data-driven insights with detailed threat views, enrichments, object details, relations, and actions taken using a dedicated threat data module.
STIX 2.x Compliant
Operationalize threat intel in STIX 2.x formats and ensure advanced interoperability and conversion of STIX 1.x (XML) packages.
Centralized Threat Dashboards
Direct, control, and manage threat intel operations end-to-end with a centralized, single-window dashboard offering complete visibility and governance controls.
Custom Threat Bulletins
Reinforce threat investigation data and enable smarter decision-making by publishing threat bulletins in STIX and PDF formats to subscribers, security teams, CISOs, etc.
Personalized Reporting
Create enriched and personalized reports and threat views using custom widgets for SOC/IR/TI teams and governance stakeholders including CISOs, Heads of SOC/TI/IR, etc.
Multi-Level Intel View
Create a specialized intel view for different roles within your organization including analysts, SOC teams, incident response teams, steering committees, and CISOs.
Threat Data Board
Search object types, indicator types, and hidden cross-links between different threat attributes extracted from threat intelligence feeds ingested from multiple sources.
Diamond Model of Intrusion Analysis
Efficiently analyze, identify relationships and characteristics, and investigate massive amounts of aggregated threat data using the Diamond Model of Intrusion Analysis.
Cyware Query Language (CQL)
Build powerful queries with sophisticated logic, drill deeper into the voluminous intel, and retrieve specific threat data using the Cyware Query Language (CQL).
ATT&CK Navigator
Visualize threat actor tactics and techniques using MITRE ATT&CKᵀᴹ mapping to identify trends across the cyber kill chain in the post-exploitation phase and relate them to reported intel.
Threat Intel Crawler
Leverage a browser extension to crawl, detect, and parse threat intel from your web-based content using Machine Learning and Natural Language Processing.
Finished Reports
Generate and publish finished threat intel reports to security teams, subscribers, CISOs, etc. by including tags, TLP, MITRE ATT&CK mapping, and investigations.
Analyst Watchlist
Monitor brand-specific cyber threats and attacks by setting triggers for your organization, brand, or industry-related keywords in ingested threat intel feeds.
Machine Learning-Based Analysis
Automatically poll data sources and push analyzed data to other platforms, establishing a relationship between various attributes received in intel from previous incidents.
IP and Domain Lookup
Integrate with services like WHOIS, VirusTotal, Shodan, Moz, and GeoIP to empower your analysts in accessing data collected from premium sources with a single click.
Geo Tagging
Automatically map and analyze geo-specific threat intel ingested from different external sources to identify geographical trends for your different business units.
Compare Intel Exchange Product Editions
| Features/Capabilities | Intel Exchange | Intel Exchange Lite | Intel Exchange Spoke |
|---|---|---|---|
| Dashboard | Out-of-the-Box Dashboard, Sharing of Dashboard, Feeds ROI | Out-of-the-Box Dashboard, Sharing of Dashboard, - | Out-of-the-Box Dashboard - Limited set of widgets, -, - |
| Reports | Custom Reporting Capabilities | Custom Reporting Capabilities | Custom Reporting Capabilities Max. 2 reports |
| Intel Collection | Customizable to Your Organization's Unique Needs Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support) Threat Bulletin - Create & View Unstructured Intel - RSS Unstructured Intel - Threat Mailbox Unstructured Intel - Twitter Module Quick Add Intel, Import Intel Webscraper, Webhooks Manual Intel Ingestion via text, URL, file import | Upper limit to 50K Objects / Day Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support) Threat Bulletin - View Unstructured Intel - RSS Unstructured Intel - Threat Mailbox - Quick Add Intel, Import Intel Webscraper Manual Intel Ingestion via text, URL, file import | Upper limit to 10k Objects / Day Threat Data - All SDO support (STIX 2.1 support for ingestion) - - Threat Mailbox (1 mail account only) - Quick Add Intel, Import Intel - Manual Intel Ingestion via text, URL, file import |
| Inbox Capabilities | Customizable to Your Organization's Unique Needs | Sharing is allowed to any 3 TAXII Feed Providers | Sharing is allowed to any 1 TAXII Feed Providers |
| Indicators Allowed (Allowlist) | All | All | - |
| Intel Scoring | Confidence Score Engine | Confidence Score Engine | - |
| Rules Engine | Build your own rule - Unlimited | Build your own rule - Max of 10 active rules | Build your own rule - Max of 2 active rules |
| Attack Navigator | Full Version | Full Version | - |
| Threat Investigation | Full Version | - | - |
| Dissemination - Detailed Submission | Customizable to Your Organization's Unique Needs | Inbox to any 3 TAXI feed providers | Inbox to any 1 TAXI feed provider |
| Analyst Workbench | Fang-Defang STIX Conversion Encode-Decode 64 CVSS Calculator Network Utilities | - | - |
| Global Tasks | Create and Action tasks | - | - |
| My Org | Indicators Allowed Watchlist | Indicators Allowed Watchlist | - |
| Authentication | Username/Password LDAP 2 FA enabled - Email/TOTP | Username/Password - 2 FA enabled - Email/TOTP | Username/Password - 2 FA enabled - TOTP |
| Feed Integrations | All | All | All |
| STIX and ISAC Integration | All | All | Maximum 5 STIX/ISAC sources |
| Feed Enrichment | All | All | - |
| Tool Integration - SIEM | All | All | All |
| Tool Integration - SOAR Solution | All | All | All |
| Tool Integration - Network Security | All | All | All |
| Tool Integration - Endpoint Detection Response | All | All | All |
| Console Status | Fully Enabled | - | - |
| SSO Enablement | Yes | - | - |
| Hub and Spoke | Yes | - | - |
| Open API | Yes | Yes | Available in Select Configurations Only |
| Users | - | - | 2 |
| Administration | User Management License Management Custom Entities Management Audit Log Management Tag Management Subscribers Configuration | Audit Log Management Tag Management User Management License Management Configuration (without Custom Score) | User Management Configuration (without Custom Score) |
FAQ
Any Questions?
Frequently Asked Questions
Unlike legacy TIPs, Cyware’s Intel Exchange platform works across silos and connects with internally deployed technologies and security teams to operationalize threat intelligence for proactive threat mitigation, security collaboration, threat visibility, and enhanced decision-making across multiple threat disciplines. Intel Exchange ingests and enriches threat indicators (IOCs) while also enabling security teams to correlate tactical and technical threat data and score it for automated actioning. In addition to IOCs, Intel Exchange supports all STIX Domain Objects (SDOs) defined in STIX 2.1, including attack patterns, malware analysis, threat actors, campaigns, vulnerabilities, and more.
Additionally, Intel Exchange’s dedicated rules engine enables security teams to automatically score, enrich, tag, and act on high-confidence threat intelligence by integrating with deployed security technologies including SIEMs, firewalls, IDS/IPS, etc., for proactive threat actioning such as blocking of IOCs in the firewall. Furthermore, Intel Exchange enables security teams to share threat intelligence bi-directionally using a hub-and-spoke architecture.
Intel Exchange leverages STIX/TAXII server-based feeds to aggregate threat data, and automate real-time threat intelligence sharing. With STIX TAXII server-based feeds, Intel Exchange makes cyber threat intelligence sharing flexible, extensible, automatable, expressive, and easily readable. Intel Exchange ensures that no critical threat is overlooked and left unattended. To ensure that users are not bound by the limited capability of sharing data, Intel Exchange has now been made compliant with STIX 2.x, the latest standard, in addition to STIX 1.x. Furthermore, Intel Exchange comes with a highly customizable dashboard that can be personalized to share feeds in multiple formats, including Malware Sharing Information Platform (MISP), OpenIOC, YARA, IODEF, and MAFC, among others.
Intel Exchange is a format-agnostic threat intelligence platform (TIP) that supports a wide variety of threat data formats including STIX 2.x, STIX 1.x, MISP, MAEC 4.1, CSV, YARA, OpenIOC, IODEF, Free Text, PDF, JSON, MISP, SNORT, and SURICATA.