Threat Intel Platform (TIP) Built for Small and Medium-sized Security Teams
Operationalize pre-loaded premium threat intel feeds, automate threat intel actioning, and share and collaborate better with ISACs, ISAOs, and private information sharing communities.
Pre-loaded Feeds and Enrichments
Bidirectional Intel Sharing
Pre-built SIEM Integrations
Automate Ingestion, Analysis, and Actioning of Contextual, Enriched Threat Intel
Intel Exchange Lite enables small and mid-sized security teams to operationalize threat intel in a fully automated manner with advanced customization and security collaboration capabilities.
Personalized Reports
Cyware Query Language
Security Metrics
Cloud-Native Architecture for End-to-End Threat Intel Automation
Intel Exchange Lite combines the power of the cloud, security automation, and the industry’s premium threat intelligence feeds and enrichments to deliver faster and smarter last-mile threat intelligence operationalization for small and medium-sized security teams.
Top Use Cases
Request a free demo and connect with our team of experts to learn more about Intel Exchange Lite and how you can kickstart fully automated threat intel operations within minutes with Intel Exchange Lite.
Cloud-native, fully automated threat intelligence platform (TIP) with pre-loaded premium threat intelligence feeds and enrichment sources for growing security teams.
STIX-based Bidirectional Threat Intel Sharing with ISACs/ISAOs
Automated Threat Intel Ingestion from Commercial and OSINT Sources
Automated Threat Intel Enrichment and Contextualization
Automated SIEM Lookup, Reference, and Intel Update for Threat Detection and Monitoring
Automated blocking of Threat Indicators (IOCs) in Firewalls, AV, IPS, etc.
Assign High-Priority Indicators and Threats to Analysts for Manual Review
Compare Intel Exchange Product Editions
Features/Capabilities | Intel Exchange | Intel Exchange Lite | Intel Exchange Spoke |
|---|---|---|---|
Dashboard | Out-of-the-Box Dashboard Sharing of Dashboard Feeds ROI | Out-of-the-Box Dashboard Sharing of Dashboard - | Out-of-the-Box Dashboard - Limited set of widgets - - |
Reports | Custom Reporting Capabilities | Custom Reporting Capabilities | Custom Reporting Capabilities
Max. 2 reports |
Intel Collection | Customizable to Your Organization’s Unique Needs Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support) Threat Bulletin - Create & View Unstructured Intel - RSS Unstructured Intel - Threat Mailbox Unstructured Intel - Twitter Module Quick Add Intel, Import Intel Webscraper, Webhooks Manual Intel Ingestion via text, URL, file import | Upper limit to 50K Objects / Day Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support) Threat Bulletin - View Unstructured Intel - RSS Unstructured Intel - Threat Mailbox - Quick Add Intel, Import Intel Webscraper Manual Intel Ingestion via text, URL, file import | Upper limit to 10k Objects / Day Threat Data - All SDO support (STIX 2.1 support for ingestion) - - Threat Mailbox (1 mail account only) - Quick Add Intel, Import Intel - Manual Intel Ingestion via text, URL, file import |
Inbox Capabilities | Customizable to Your Organization’s Unique Needs | Sharing is allowed to any 3 TAXII Feed Providers | Sharing is allowed to any 1 TAXII Feed Providers |
Indicators Allowed (Allowlist) | All | All | - |
Intel Scoring | Confidence Score Engine | Confidence Score Engine | - |
Rules Engine | Build your own rule - Unlimited | Build your own rule - Max of 10 active rules | Build your own rule - Max of 2 active rules |
Attack Navigator | Full Version | Full Version | - |
Threat Investigation | Full Version | - | - |
Dissemination - Detailed Submission | Customizable to Your Organization’s Unique Needs | Inbox to any 3 TAXI feed providers | Inbox to any 1 TAXI feed provider |
Analyst Workbench | Fang-Defang STIX Conversion Encode-Decode 64 CVSS Calculator Network Utilities | - | - |
Global Tasks | Create and Action tasks | - | - |
My Org |
Indicators Allowed Watchlist Tags | Indicators Allowed Watchlist Tags | - |
Authentication | Username/Password LDAP 2 FA enabled - Email/TOTP | Username/Password - 2 FA enabled - Email/TOTP | Username/Password - 2 FA enabled - TOTP |
Feed Integrations | All | All | All
|
STIX and ISAC Integration | All | All | Maximum 5 STIX/ISAC sources |
Feed Enrichment | All | All | - |
Tool Integration - SIEM | All | All | All |
Tool Integration - SOAR Solution | All | All | All |
Tool Integration - Network Security | All | All | All |
Tool Integration - Endpoint Detection Response | All | All | All |
Console Status | Fully Enabled | - | - |
SSO Enablement | Yes | - | - |
Hub and Spoke | Yes | - | - |
Open API | Yes | - | No |
Users | - | - | 2 |
Administration | User Management License Management Custom Entities Management Audit Log Management Subscribers Configuration | Audit Log Management User Management License Management Configuration |
User Management Configuration |
Frequently Asked Questions
Is Intel Exchange Lite the right platform for me?
Traditional enterprise-grade Threat Intelligence Platforms (TIPs) have been designed for large enterprises. However, the present-day threat landscape necessitates that security teams of all sizes have their own automated TIP that enables them to ingest, analyze, enrich, and take actions on threat intelligence in real time. If you are a small or mid-sized security team facing similar challenges, then Intel Exchange Lite is the right platform for you.
Does Intel Exchange Lite come pre-loaded with threat intelligence feeds and enrichment sources?
I have subscribed to a different threat intelligence feed provider. Can I ingest those feeds in Intel Exchange Lite?
More Products From Cyware
Explore our suite of modular, integrated products and learn why the industry’s best security teams trust Cyware for security automation and orchestration, threat intel operationalization, and security collaboration.
