Cyware has rolled out its enhanced Cyware Threat Intelligence Exchange (CTIX) platform version 3.0 that aids ease of threat navigation, advanced threat contextualization, single-window threat view, improved dashboard visualizations, and end-to-end threat lifecycle management.
The CTIX v3.0 enables security teams to gain better contextual insights and unearth hidden threat actor behavior patterns – that legacy threat intelligence platforms (TIPs) have failed to deliver. The CTIX v3.0 interacts with large volumes of multi-source and multi-format ingested threat intel in an improvised and fully automated manner to deliver the exact context security teams need to perform advanced threat analysis and investigations, and prioritize threat response.
Furthermore, the platform has been engineered with the API-First approach enabling users to interact with the platform using both API and the User Interface (UI) seamlessly.
Speaking on the launch, Amit Patel, Senior Vice President of Global Sales at Cyware, said, “With the release of CTIX 3.0, we are moving one step closer to realizing our vision of providing security teams with advanced capabilities to gain the relevant context out of their IntelOps to make better decisions for tackling critical threats at scale. The revamped user experience of the platform will reduce friction in threat investigations performed by security teams, while also helping break down individual intrusions to connect the insights from disparate pieces of intel to build a coherent picture of the threat environment.”
“Security teams globally are struggling to perform advanced threat investigations through data correlations, visualize and map threats to infrastructure, threat actors, and attack vectors. We have taken a major leap in terms of platform usability, pivoting capabilities, investigation enhancements, improvised visualization, and enhanced intel sharing options. There is a dire need for security teams to move away from just indicator blocking to identify, predict, and preempt threats through advanced data correlation and map threats to the entire threat intel lifecycle,” said Avkash Kathiriya, Vice President of Research and Innovation, Cyware.
Cyware’s continual efforts to simplify and accelerate threat intelligence analysis, investigation and sharing have culminated in the development of several game-changing threat visualizations, search, and sharing capabilities that are being introduced with the release of CTIX v3.0. Adding another feather to Cyware’s cap, the CTIX v3.0 is a major milestone in its journey to enabling any-to-any threat intelligence analysis and sharing for enterprises and information sharing communities (ISACs and ISAOs) worldwide.
Key highlights of CTIX 3.0 release:
Revamped threat data feature
To ensure that security teams gain more context from their threat intelligence and can successfully predict and preempt threats, the Threat Data feature in CTIX now comes armed with a suite of new features. For any isolated piece of intelligence like indicator, malware, hash, and others that CTIX ingests, the feature builds a threat lifecycle with complete visualization and context.
The revamped feature now provides all the Threat object details, Enrichments, Relations, Actions taken, and Tasks in a single interface, thereby empowering analysts with the complete context around any piece of threat intelligence. As part of their investigation, security teams may take any further intel actions through this feature, such as publishing to a collection, blocking specific indicators, deprecating outdated intelligence, performing manual review, and more.
Cyware Query Language
Cyware Query Language (CQL) is a powerful and flexible query language that allows analysts to perform complex searches across their entire trove of threat intelligence in CTIX without clicking & scrolling through multiple filters. This saves analysts’ time by eliminating the need to peruse through voluminous threat data. It also adds convenience by allowing analysts to create Saved Searches that can be reused in the future to fetch the same threat data based on their specific criteria.
The introduction of CQL in CTIX 3.0 makes the lives of threat intel analysts much simpler as it gives them access to the relevant threat data they need to perform their tasks in the least amount of time possible.
The enhanced Threat Bulletin feature includes an improvised editor which is analyst-friendly and helps them craft well-designed threat bulletins by including tables, graphics, and pictures, and add objects from the Threat Data feature using CQL search. Analysts can also add tags and TLP, view and add MITRE ATT&CK navigator images, and add Investigations from the Threat Investigations feature.
The updated Threat Bulletin feature in CTIX provides security teams with the ability to deliver context-rich and elaborate threat bulletins to communicate threat information in an accessible manner for all recipients.
The Reporting feature in CTIX has now been upgraded to give analysts the ability to create customized reports using search filters, CQL, or saved searches. Security teams can further use the search filters if their analysts want to look for specifically tailored threat data and include it in their report. Analysts can both schedule reports or download them manually as and when required.
It allows collaboration with co-analysts & heads of SOC/IR Teams, CISOs, Threat Intel teams, and other stakeholders by sharing fully enriched and personalized reports. Using these new customized reporting capabilities, security teams can share tailor-made reports with their stakeholders to facilitate strategic and tactical decision making to shape their defensive posture as per the evolving threat environment.