Questions?
We have answers.

Cyware threat intelligence eXchange (CTIX) is built using a hub-and-spoke architecture which allows for unfettered threat intelligence sharing with multiple parties, assuring information shared is non-redundant, reliable, and real-time. CTIX leverages advanced machine learning (ML) technology to perform internal indicator mapping and contextual correlation to remove duplicates and make the data completely noise-free. CTIX creates a trusted sharing environment and leverages IOC confidence scoring to validate threat indicators by cross-correlating with malicious indicator sightings with your sharing partners. Simultaneously,, CTIX makes threat intelligence actionable, reliable and trustworthy by utilizing advanced integration features to verify the fidelity of threat data from credible sources like VirusTotal, Shodan, Hybrid Analysis, etc. Finally, CTIX uses the TAXII service to enable real-time threat intel sharing thereby maintaining the time-bound relevancy of threat intelligence in an ever-changing threat landscape.

Cyware understands that security analysts, in their day-to-day operations, often come across threat data in formats that are not supported by a typical TIP. Conversion of threat data into a format that is compatible with their TIP and back is a time-consuming task that reduces an analyst’s bandwidth for other more important tasks, such as analysis and correlation, resulting in resource inefficiency and overall inadequate organizational performance. Being cognizant of the challenges faced by security analysts, CTIX supports a plethora of formats for import and export of threat data that includes; but is not only limited to, STIX 1.x, STIX 2.0, URL, MISP, MAEC 4.1, CSV, YARA, OpenIOC, IODEF, Free Text, PDF, JSON, MISP, SNORT, and SURICATA. CTIX is truly a format-agnostic and an unparalleled analyst-friendly TIP helping analysts avoid getting caught up trivial tasks and focus on actions that justify their roles in an organization.

CTIX Enterprise is the fully primed version of CTIX, developed for organizations and ISACs to collect,ingest, and share threat intel using orchestration and automation features while performing advanced analysis, correlation, enrichment, and anonymization of threat data. To promote a culture of threat intelligence sharing and contribute towards the overall development of the security ecosystem, Cyware has also launched CTIX Plus and CTIX Lite versions.

CTIX Plus allows an organization to receive threat intel from any feed provider but sharing is only possible with hubs, such as large organizations with centralized threat sharing teams and ISACs/ISAOs.

With CTIX Lite, organizations can only receive threat intel from feed providers but cannot share threat intel with other entities. CTIX Plus and CTIX Lite do not come with advanced analysis, correlation, orchestration, or automation features. These are reserved only for CTIX Enterprise subscriptions.

Yes, you can upgrade to CTIX Enterprise and leverage the most advanced and automation-rich threat intelligence platform not only for sharing and receiving threat intel but also gain the ability to perform full subscriber/collection management, automated analysis, correlation, and enrichment from multiple sources. With CTIX Enterprise, you can automate the full threat intelligence lifecycle in your organization including automated dissemination of analyzed and actionable threat data in your internally deployed security tools like firewall, IDS/IPS, UEBA, SIEM, etc. You can also schedule a free personalized demo to understand how Cyware can transform the security preparedness, threat intel sharing/management, and response of your organization.

Yes, CTIX is a format-agnostic TIP that allows for full conversion and reconversion of threat data in multiple formats including STIX 1.x and STIX 2.0. CTIX also is the only TIP that comes with the capability to consume and process all the 12 types of STIX Objects.

CTIX empowers your threat intel team by facilitating the analysis of the intel being processed and also creates real-time threat intel collections and packages which can be automatically disseminated to different technologies and personnel in security operations, thus bringing SecOps and Intel teams together.

There is a saying that the faster we share, the better we can protect the ecosystem. Faster intel dissemination demands a more intelligent, automatic, and an increased threat intel sharing frequency. To meet this challenge, Cyware has designed CTIX as per the hub-and-spoke model. In this model, a large organization or an ISAC or a National CERT, wherein CTIX has been deployed, acts as the central hub, thereby controlling the collection and dissemination of the cyber threat data from multiple sources like peer organization, vendors, third-parties, ISAC member organizations, TI feed providers, and National CERTs. The central hub will be able to send/receive threat intelligence to/from the participating/member organizations which would represent a spoke. The central hub will also be vested with the power to anonymize the collected threat intelligence and provide value-added services such as combining information from multiple participants, removing duplicates, adding it’s own private data, and providing additional analysis to the recipients thereby making the information more useful. Moreover, the hub will also act as a clearinghouse that will facilitate information and intelligence sharing while protecting the identities of the members. Each member is required to install a CTIX Plus (TAXII server) in order to participate in the exchange of threat intelligence data. CTIX greatly enhances threat intel collaboration amongst members of large associations, such as ISACs or National CERTs, by creating an information-sharing mechanism based on the Hub and Spoke model thereby facilitating real-time sharing of IOCs, TTPs, Incidents, and Threat Actor data and Course of Action.

Yes, you can create your own threat intel feed using CTIX and share it with other ISAC/ISAO members or employees in your company using the CTIX-CSAP integration. Consider a case wherein an internally deployed IDS/IPS tool detects malicious communication. CTIX, using its advanced orchestration features, will automatically ingest the alert data and perform intel analysis and enrichment operations against external TI sources. An analyst can then use this enriched threat data to create an alert that can be shared in real-time with other ISAC/ISAO members or employees of the company via the CSAP app installed on their mobile devices.