Cyware for Computer Emergency Response Teams (CERTs)
Protect your constituents through automated threat intelligence sharing and response.
Cyware’s Solution for CERTs
Cyware’s solutions facilitate scalable and integrated management of security operations for CERTs and their constituent ecosystems. The modular platform works in an integrated manner to link threat investigation, triaging, and response operations with threat intelligence sharing through an efficient, automated process.
Cyware’s modular approach comprises of the following integrated platforms:
The solutions fit perfectly into the security frameworks of CERTs allowing them to collect and normalize threat intelligence from multiple internal and external sources. The advanced automation features enable real-time analysis, sharing, and direct actioning in deployed security tools. The cyber fusion capabilities allow security teams at CERTs to perform real-time intel enrichment from trusted sources to identify malicious attributes of the threat and accordingly triage and prioritize response actions. The solution comes with a multi-delivery alerting mechanism for the role, location, and sector-based alerting and remote actioning on security threats.
Cyware’s solutions cover the two critical and widely-practiced security operations scenarios of CERTs.
This scenario is when information sharing in the CERT is fully automated and includes strategic and technical intelligence from internal and external sources. This includes multi-source intel collection, enrichment, analysis, and bi-directional sharing of human-readable and machine-readable STIX-collections of threat indicators of compromise (IOCs), tactics and techniques (TTPs), kill chain mappings, exploitability mappings, artifacts, and logs with constituents.
Click image to expand +
Note: This model assumes that some CERT constituent organizations have a pre-deployed threat intelligence platform.
Use Cases and Benefits for CERTs
This scenario is when the CERT is involved in taking direct threat response actions in the environment of its constituents in addition to facilitating automated threat intelligence sharing. The scenario includes threat investigation, triaging, and response using advanced automation. The scenario also includes the cyber fusion-driven collaboration between the disparate security teams at the CERT to deliver a coordinated and 360-degree response.
Click image to expand +
Use Cases and Benefits for CERTs
An Essential Overview
| Capability | Scenario 1 | Scenario 2 |
|---|---|---|
Enable constituents to share advisories and threat intelligence | ||
Collect strategic threat intelligence from non-constituent sources | ||
Ingest threat indicators of compromise (IOCs) | ||
Alert federal, state, and local constituents in real-time (<30 seconds) | ||
Share anonymized and enriched indicators and incident data with constituents | ||
Indicate early warning threat level to constituents | ||
Normalize structured and unstructured intel in multiple formats | ||
Automatically enrich, analyze, and share IOCs without direct user involvement | ||
Validate intel through fully configurable automated confidence scoring | ||
Foster discussion-driven collaboration with constituents | ||
Multiple alerting and notification channels | ||
Automate incident investigation, triaging, & response | – | |
Foster collaboration through cyber fusion | – | |
Connect-the-dots between security threats | – | |
Take actions directly within the constituent’s environment | – | |
Reduce response times with unlimited orchestration playbooks | – |