Intel Exchange
Make Threat Driven Security Possible
Gain useful threat intelligence in real time. Ingest, enrich, analyze, prioritize, act, and share threat data bi-directionally.
Request DemoIntel Exchange
Microservices-Enabled Connected Architecture for Unlimited Scale
Problems We Solve
Go from Threat Informed to a Threat Driven Intelligence Program
Cyware Intel Exchange helps security teams automate the threat intelligence lifecycle, contextualize threat analysis, take proactive action, and share threat intelligence bi-directionally.
Download Data SheetDecentralized Threat Intelligence
61% of organizations report difficulty in aggregating threat intelligence from multiple sources, leading to delays in response times
Manual Ingestion and Correlation
62% of cybersecurity professionals report that human error is a significant factor in data breaches, often due to manual processing of threat intelligence
Lack of Bidirectional Sharing
70% of organizations believe they could improve threat intelligence sharing, with 19% saying they could share significantly more.
Beyond Intelligence Gathering, Towards Automated Actioning
Implement high-fidelity, contextual, and actionable threat intelligence across both cloud and on-premises detection, analysis, and response technologies.
Ingest Intel from Anywhere, in Any Format
Ingest structured and unstructured threat data in multiple formats from commercial sources, ISACs/ISAOs, Twitter, blogs, SIEMs, EDR/NDR, UEBA, etc.
Request Demo
Complete Threat Intelligence Automation
Automate the entire threat intelligence lifecycle at multiple levels, including threat intel ingestion, correlation, enrichment, analysis, sharing, and actioning.
Request Demo
Advanced Correlation and Scoring
Automate the process of enriching raw data with additional context from multiple integrated sources, such as VirusTotal, Mandiant, PolySwarm, etc. Leverage an advanced correlation engine to score IOCs for threat prioritization.
Request Demo
Automated Actioning
Operationalize scored threat intel in detection and response platforms, including Firewalls, EDR, SIEM, etc, to take immediate action against identified threats, such as blocking malicious domains, isolating compromised systems, etc.
Request Demo
Driving Cyber Excellence.
Automation
Automate the entire threat intel lifecycle from ingestion, enrichment, correlation, analysis, actioning, and sharing using an advanced predictive, automation engine.
Bidirectional Sharing
Share threat intel bi-directionally across your trusted sharing community using a STIX/TAXII compliant Hub and Spoke sharing model.
Flexible Integrations
Automate threat intel workflows by connecting with detection, response, and IT platforms for advanced analysis, correlation, and actioning.
Format-Agnostic Ingestion
Collect and normalize structured and unstructured threat data in multiple formats including STIX 1.x/2.x, MISP, MAEC, XML, CSV, YARA, OpenIOC, Email, etc.
IOC Ingestion
Ingest threat data (IOCs) from multiple internal and external sources for centralized analysis, threat visibility, and proactive mitigation.
Enrichment
Enrich threat data from multiple integrated sources such as VirusTotal, Mandiant, FarSight, Shodan, Phishtank, AlienVault, alphaMountain, PolySwarm, etc.
What Our Customers Say
Real Results, Real Security.
Cyware Collaborate has transformed our customer's security strategies. Our actionable intelligence empowers organizations to proactively manage and mitigate risks, enhancing their security confidence.
“Cyware’s platform transformed the agency’s security operations by streamlining incident response, enabling extensive intelligence sharing, and amplifying vulnerability management by integrating enriched threat intelligence.”
“Cyware implemented several use cases, enabling us to optimize our cybersecurity operations, fortify our defenses, and bolster security efficiency.”
“Texas A&M has significantly benefited from our collaboration with Cyware. Their innovative cybersecurity solutions and expert guidance have been instrumental in advancing our security posture, protecting both our network and community. We trust their expertise to keep us ahead in a challenging digital landscape.”
Cyware Features
Streamline, Initiate, and Automate Threat Intelligence Operations
Leverage advanced automation, IOC scoring, and a rule-based correlation engine to analyze and enrich threat data throughout the threat intelligence lifecycle.
Confidence Score Engine
Score all the threat indicators to evaluate their signal-to-noise ratio and drive automated actioning.
Automated Actioning
Automatically operationalize scored threat intel in detection and response technologies including SIEM, EDR, Firewalls, IPS/IDS, etc.
Regulatory Intel Ingestion
Ingest and operationalize threat intel from regulatory bodies including CERTs, government entities, and sectoral communities.
Source and Collection Management
Manage all sources and collections through a dashboard with customized polling, source management, and frequency management capabilities.
Visual Threat Investigations
Visualize data-driven insights with detailed threat views, enrichments, object details, relations, and actions taken using a dedicated threat data module.
STIX 2.x Compliant
Operationalize threat intel in STIX 2.x formats and ensure advanced interoperability and conversion of STIX 1.x (XML) packages.
Centralized Threat Dashboards
Direct, control, and manage threat intel operations end-to-end with a centralized, single-window dashboard offering complete visibility and governance controls.
Custom Threat Bulletins
Reinforce threat investigation data and enable smarter decision-making by publishing threat bulletins in STIX and PDF formats to subscribers, security teams, CISOs, etc.
Personalized Reporting
Create enriched and personalized reports and threat views using custom widgets for SOC/IR/TI teams and governance stakeholders including CISOs, Heads of SOC/TI/IR, etc.
Multi-Level Intel View
Create a specialized intel view for different roles within your organization including analysts, SOC teams, incident response teams, steering committees, and CISOs.
Threat Data Board
Search object types, indicator types, and hidden cross-links between different threat attributes extracted from threat intelligence feeds ingested from multiple sources.
Diamond Model of Intrusion Analysis
Efficiently analyze, identify relationships and characteristics, and investigate massive amounts of aggregated threat data using the Diamond Model of Intrusion Analysis.
Cyware Query Language (CQL)
Build powerful queries with sophisticated logic, drill deeper into the voluminous intel, and retrieve specific threat data using the Cyware Query Language (CQL).
ATT&CK Navigator
Visualize threat actor tactics and techniques using MITRE ATT&CKᵀᴹ mapping to identify trends across the cyber kill chain in the post-exploitation phase and relate them to reported intel.
Threat Intel Crawler
Leverage a browser extension to crawl, detect, and parse threat intel from your web-based content using Machine Learning and Natural Language Processing.
Finished Reports
Generate and publish finished threat intel reports to security teams, subscribers, CISOs, etc. by including tags, TLP, MITRE ATT&CK mapping, and investigations.
Analyst Watchlist
Monitor brand-specific cyber threats and attacks by setting triggers for your organization, brand, or industry-related keywords in ingested threat intel feeds.
Machine Learning-Based Analysis
Automatically poll data sources and push analyzed data to other platforms, establishing a relationship between various attributes received in intel from previous incidents.
IP and Domain Lookup
Integrate with services like WHOIS, VirusTotal, Shodan, Moz, and GeoIP to empower your analysts in accessing data collected from premium sources with a single click.
Geo Tagging
Automatically map and analyze geo-specific threat intel ingested from different external sources to identify geographical trends for your different business units.
Compare Intel Exchange Product Editions
| Features/Capabilities | Intel Exchange | Intel Exchange Lite | Intel Exchange Spoke |
|---|---|---|---|
| Dashboard | Out-of-the-Box Dashboard, Sharing of Dashboard, Feeds ROI | Out-of-the-Box Dashboard, Sharing of Dashboard, - | Out-of-the-Box Dashboard - Limited set of widgets, -, - |
| Reports | Custom Reporting Capabilities | Custom Reporting Capabilities | Custom Reporting Capabilities Max. 2 reports |
| Intel Collection | Customizable to Your Organization's Unique Needs Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support) Threat Bulletin - Create & View Unstructured Intel - RSS Unstructured Intel - Threat Mailbox Unstructured Intel - Twitter Module Quick Add Intel, Import Intel Webscraper, Webhooks Manual Intel Ingestion via text, URL, file import | Upper limit to 50K Objects / Day Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support) Threat Bulletin - View Unstructured Intel - RSS Unstructured Intel - Threat Mailbox - Quick Add Intel, Import Intel Webscraper Manual Intel Ingestion via text, URL, file import | Upper limit to 10k Objects / Day Threat Data - All SDO support (STIX 2.1 support for ingestion) - - Threat Mailbox (1 mail account only) - Quick Add Intel, Import Intel - Manual Intel Ingestion via text, URL, file import |
| Inbox Capabilities | Customizable to Your Organization's Unique Needs | Sharing is allowed to any 3 TAXII Feed Providers | Sharing is allowed to any 1 TAXII Feed Providers |
| Indicators Allowed (Allowlist) | All | All | - |
| Intel Scoring | Confidence Score Engine | Confidence Score Engine | - |
| Rules Engine | Build your own rule - Unlimited | Build your own rule - Max of 10 active rules | Build your own rule - Max of 2 active rules |
| Attack Navigator | Full Version | Full Version | - |
| Threat Investigation | Full Version | - | - |
| Dissemination - Detailed Submission | Customizable to Your Organization's Unique Needs | Inbox to any 3 TAXI feed providers | Inbox to any 1 TAXI feed provider |
| Analyst Workbench | Fang-Defang STIX Conversion Encode-Decode 64 CVSS Calculator Network Utilities | - | - |
| Global Tasks | Create and Action tasks | - | - |
| My Org | Indicators Allowed Watchlist | Indicators Allowed Watchlist | - |
| Authentication | Username/Password LDAP 2 FA enabled - Email/TOTP | Username/Password - 2 FA enabled - Email/TOTP | Username/Password - 2 FA enabled - TOTP |
| Feed Integrations | All | All | All |
| STIX and ISAC Integration | All | All | Maximum 5 STIX/ISAC sources |
| Feed Enrichment | All | All | - |
| Tool Integration - SIEM | All | All | All |
| Tool Integration - SOAR Solution | All | All | All |
| Tool Integration - Network Security | All | All | All |
| Tool Integration - Endpoint Detection Response | All | All | All |
| Console Status | Fully Enabled | - | - |
| SSO Enablement | Yes | - | - |
| Hub and Spoke | Yes | - | - |
| Open API | Yes | Yes | Available in Select Configurations Only |
| Users | - | - | 2 |
| Administration | User Management License Management Custom Entities Management Audit Log Management Tag Management Subscribers Configuration | Audit Log Management Tag Management User Management License Management Configuration (without Custom Score) | User Management Configuration (without Custom Score) |