Enrich, Analyze, and Operationalize Threat Intel
Automate technical and tactical threat intel for end-to-end threat visibility, contextual threat analysis, proactive actioning, and bidirectional security collaboration.
Automation
Bidirectional Sharing
Flexible Integrations
Design, Activate, and Automate Threat Intel Operations
Analyze and enrich threat data across the threat lifecycle using advanced automation, IOC scoring, and an industry-leading correlation engine.
Source and Collection Management
Visual Threat Investigations
STIX 2.x Compliant
Microservices-Enabled Connected Architecture for Unlimited Scale
Operationalize high-fidelity, contextual, and actionable threat intelligence across the cloud and on-premises deployed detection, analysis, and response technologies while enhancing security operations with predictive intel and unlimited scale.
Top Use Cases
Request a free demo to build your own use cases or choose from 1000+ use cases our customers are currently using to automate and operationalize their threat intel across their SecOps workflows.
Automated threat intelligence platform (TIP) for ingestion, enrichment, analysis, actioning, bidirectional sharing, and prioritization of threat data.
Centralized Multi-Source Threat Intel Collection Through STIX and API
Unstructured and Structured Threat intel Aggregation and Normalization to STIX 2.x
Automated Threat Indicator (IOC) Lifecycle Management
Automated Threat Intel Enrichment and IOC Confidence Scoring
Automated Threat Intel Actioning in SIEM, EDR, Firewalls, and IR Platforms
Bi-Directional Threat Intel Sharing in a Trusted Ecosystem (ISAC/ISAO)
Automated Vulnerability Prioritization
Regulatory Threat Intel Ingestion
Threat Intel Orchestration Through SOAR Platform
Compare Intel Exchange Product Editions
Features/Capabilities | Intel Exchange | Intel Exchange Lite | Intel Exchange Spoke |
|---|---|---|---|
Dashboard | Out-of-the-Box Dashboard Sharing of Dashboard Feeds ROI | Out-of-the-Box Dashboard Sharing of Dashboard - | Out-of-the-Box Dashboard - Limited set of widgets - - |
Reports | Custom Reporting Capabilities | Custom Reporting Capabilities | Custom Reporting Capabilities
Max. 2 reports |
Intel Collection | Customizable to Your Organization’s Unique Needs Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support) Threat Bulletin - Create & View Unstructured Intel - RSS Unstructured Intel - Threat Mailbox Unstructured Intel - Twitter Module Quick Add Intel, Import Intel Webscraper, Webhooks Manual Intel Ingestion via text, URL, file import | Upper limit to 50K Objects / Day Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support) Threat Bulletin - View Unstructured Intel - RSS Unstructured Intel - Threat Mailbox - Quick Add Intel, Import Intel Webscraper Manual Intel Ingestion via text, URL, file import | Upper limit to 10k Objects / Day Threat Data - All SDO support (STIX 2.1 support for ingestion) - - Threat Mailbox (1 mail account only) - Quick Add Intel, Import Intel - Manual Intel Ingestion via text, URL, file import |
Inbox Capabilities | Customizable to Your Organization’s Unique Needs | Sharing is allowed to any 3 TAXII Feed Providers | Sharing is allowed to any 1 TAXII Feed Providers |
Indicators Allowed (Allowlist) | All | All | - |
Intel Scoring | Confidence Score Engine | Confidence Score Engine | - |
Rules Engine | Build your own rule - Unlimited | Build your own rule - Max of 10 active rules | Build your own rule - Max of 2 active rules |
Attack Navigator | Full Version | Full Version | - |
Threat Investigation | Full Version | - | - |
Dissemination - Detailed Submission | Customizable to Your Organization’s Unique Needs | Inbox to any 3 TAXI feed providers | Inbox to any 1 TAXI feed provider |
Analyst Workbench | Fang-Defang STIX Conversion Encode-Decode 64 CVSS Calculator Network Utilities | - | - |
Global Tasks | Create and Action tasks | - | - |
My Org |
Indicators Allowed Watchlist Tags | Indicators Allowed Watchlist Tags | - |
Authentication | Username/Password LDAP 2 FA enabled - Email/TOTP | Username/Password - 2 FA enabled - Email/TOTP | Username/Password - 2 FA enabled - TOTP |
Feed Integrations | All | All | All
|
STIX and ISAC Integration | All | All | Maximum 5 STIX/ISAC sources |
Feed Enrichment | All | All | - |
Tool Integration - SIEM | All | All | All |
Tool Integration - SOAR Solution | All | All | All |
Tool Integration - Network Security | All | All | All |
Tool Integration - Endpoint Detection Response | All | All | All |
Console Status | Fully Enabled | - | - |
SSO Enablement | Yes | - | - |
Hub and Spoke | Yes | - | - |
Open API | Yes | - | No |
Users | - | - | 2 |
Administration | User Management License Management Custom Entities Management Audit Log Management Subscribers Configuration | Audit Log Management User Management License Management Configuration |
User Management Configuration |
Frequently Asked Questions
How is Intel Exchange different from other Threat Intel Platforms (TIPs)?
Unlike legacy TIPs, Cyware’s Intel Exchange platform works across silos and connects with internally deployed technologies and security teams to operationalize threat intelligence for proactive threat mitigation, security collaboration, threat visibility, and enhanced decision-making across multiple threat disciplines. Intel Exchange ingests and enriches threat indicators (IOCs) while also enabling security teams to correlate tactical and technical threat data and score it for automated actioning. Threat data correlation is one of the key differentiating capabilities of Intel Exchange that enables SOC and IR teams to effectively prioritize and triage high-potential threats. In addition to IOCs, Intel Exchange supports all STIX Domain Objects (SDOs) defined in STIX 2.1, including attack patterns, malware analysis, threat actors, campaigns, vulnerabilities, and more. Additionally, Intel Exchange’s dedicated rules engine enables security teams to automatically score, enrich, tag, and act on high-confidence threat intelligence by integrating with deployed security technologies including SIEMs, firewalls, IDS/IPS, etc., for proactive threat actioning such as blocking of IOCs in the firewall. Intel Exchange (CTIX) comes with comprehensive threat feed ingestion capabilities, enabling security teams to ingest threat intelligence from multiple external and internal sources in structured and unstructured formats. Furthermore, Intel Exchange (CTIX) enables security teams to share threat intelligence bi-directionally using a hub-and-spoke architecture. The capability allows security teams from one organization or industry sector to collaborate with teams from other organizations or industry sectors, enabling collective action against threat actors on multiple levels. Threat intelligence can be shared both over the STIX/TAXII server and via connected APIs in a hub-and-spoke model.
What are STIX and TAXII?
How does Intel Exchange leverage STIX TAXII?
More Products From Cyware
Explore our suite of modular, integrated products and learn why the industry’s best security teams trust Cyware for security automation and orchestration, threat intel operationalization, and security collaboration.
