Cyware adopts Traffic Light Protocol 2.0 to enhance threat intelligence sharing capabilities

Cyware has adopted the newly launched Traffic Light Protocol (TLP) standard version 2.0 to step up threat intelligence sharing capabilities within and between organizations across the globe.

The Forum of Incident Response and Security Team (FIRST) has updated the globally used TLP standard for the cybersecurity industry, an integral system that helps organizations all around the world to share sensitive information with requisite disclosure rules. FIRST led the charge to unify and standardize the TLP in 2015. The modernized TLP version 2.0 is now available for distribution and Cyware has become one of the earliest adopters of the new standard to foster greater sharing of threat information industry-wide.

Under the new TLP 2.0 standard, TLP:WHITE has become TLP:CLEAR whereas a new TLP:AMBER+STRICT label has been added to highlight information that is restricted to the recipient’s organization only. The TLP standard comprises four labels and a sub-label. This includes:

  • TLP:CLEAR – No limits on disclosure.
  • TLP:GREEN – Limited disclosure within the community.
  • TLP:AMBER – Limited disclosure on a need-to-know basis within the organization and with clients.
  • TLP:AMBER+STRICT – Limited disclosure on a need-to-know basis only within the organization.
  • TLP:RED – No further disclosure beyond an individual recipient.

The updated standard also brings enhancements aimed at improving accessibility for non-native English speakers and providing consistent language, terminology, and definitions for the cybersecurity community.

The Cyware Situational Awareness Platform (CSAP) provides enterprises and information sharing communities (ISACs/ISAOs) precise control over the sharing of sensitive threat intelligence, vulnerability, and malware advisories. The platform is used widely by industry-leading ISACs and ISAOs from healthcare, retail, energy, space, aviation, automotive, and other sectors to share threat intelligence with their members and amongst themselves through ISAC-to-ISAC sharing capability offered by Cyware.

To further this objective, CSAP has integrated the TLP 2.0 standard to facilitate a modernized and reliable threat information sharing workflow. It helps define clear boundaries for information disclosure and furthers the distribution of sensitive information for cybersecurity collaboration.

“After implementing Cyware’s threat intelligence sharing solutions, our member community has been able to proactively better protect critical infrastructure assets by sharing contextual and enriched sector-specific threat intelligence, said Jim Linn, CIO of the American Gas Association and Executive Director of DNG-ISAC. The TLP 2.0 implementation is going to be a game changer for the entire industry by making threat intelligence sharing more timely, inclusive, and protected.”

“Since the ME-ISAC transitioned to Cyware’s threat intelligence sharing solutions for all of our alert distribution and indicator sharing, we have seen a huge increase in member engagement. The increased efficiency in writing and distributing alerts has enabled our analysts to spend more time focused on analysis instead of the tedium of alert authoring, and the incredible granularity in distribution options with the new TLP 2.0 support has enabled the distribution of alerts to be more focused so that our members receive just the alerts that are the most meaningful to them” said Chris Taylor, Director of ME-ISAC.

Speaking on this development, Anuj Goel, CEO of Cyware said, “The initiative to elevate threat intelligence sharing capabilities while keeping pace with the latest industry standards puts Cyware in a leading position with regards to adoption of the TLP 2.0 standard. In addition to providing large enterprises, MSSPs/MDRs, information-sharing communities (ISACs/ISAOs), and national CERTs with state-of-the-art threat intelligence-sharing, low-code security automation, and threat response solutions, Cyware has now taken one more step to enable organizations across the spectrum to modernize their information sharing initiatives to foster cybersecurity collaboration.”

Cyware not only connects industry-specific ISACs/ISAOs with their member organizations but also enables ISAC-to-ISAC threat intelligence sharing enabling organizations across industry sectors to collaborate with each other against threat actors. Recently, with the integration of CISA’s Automated Indicator Sharing (AIS) threat data into Cyware’s sharing network, Cyware enabled all industries to collaborate more effectively with Cybersecurity and Infrastructure Security Agency (CISA) by automatically ingesting and actioning CISA’s threat intelligence into their security solutions.

The capability also allows organizations to share threat intelligence back with CISA for improving the understanding of threat actor behavior, including their Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IoCs) and deliver automated proactive threat response. Together, with ISAC-to-ISAC sharing and bi-directional integration of CISA AIS threat sharing capability, Cyware’s TLP 2.0 adoption will unlock the next level of security collaboration at scale and strengthen the nation’s cyber resilience across organizations and industry sectors.

More about

Don't miss