Cyware, the industry’s leading provider of the technology platform to build low-code SOAR and intel automation-powered Cyber Fusion Centers for enterprises and threat intelligence sharing for ISACs and ISAOs, has expanded its technology offering with the first ever threat defender collaboration network by allowing the sharing of rules, analytics, and files used in cyber threat detection, threat hunting, and threat defense. Until recently, threat sharing through ISACs was limited to Indicators of Compromise (IOC) between threat intelligence teams, but now the new technology offering by Cyware will eliminate silos between security operations center (SOC), incident response, and threat hunting teams within organizations and foster collaborative synergies against advanced cyber threats at sectoral (ISAC-to-Member) and cross-sectoral (ISAC-to-ISAC) industry levels.
The Threat Defender Library (TDL), a new capability within Cyware’s threat advisory sharing and security collaboration platform (CSAP) version 3.5 and onwards, functions as an exclusive repository for security teams to store, collaborate, and share threat detection files, threat response automation rules, and threat analytics files between organizations, enabling siloed security teams to quickly detect and respond to organization-specific alerts by enhancing their existing threat defense, threat hunting, and threat detection/response workflows. Security teams can build their own knowledge repository for threat defenders to craft their mitigation strategies using Cyware’s out-of-the-box templates in addition to visualizing critical security metrics and sharing the defender content with security teams at other organizations within their sector in real-time.
Using the Threat Defender repository feature, security teams can create, upload, maintain, collaborate, and share:
- SIEM Rules files
- Threat detection files including Yara rules, Sigma rules, log sources, Suricata, Snort Rules, and more
- Analytics files such as CAR
- Response files such as Automated Playbooks
- MITRE ATT&CK data including tactics, techniques, and sub-techniques
Speaking at the launch, Anuj Goel, CEO and Co-founder at Cyware said, “The Threat Defender initiative is a result of our close interactions with hundreds of CISOs, Heads of SOC, Incident Response, and Threat Hunting teams across organizations and industry sectors who time and again have echoed the need for security collaboration that results in positive, actionable outcomes for all. The Threat Defender collaboration technology developed by Cyware will enable security teams from organizations of all types and sizes to work together to hunt for tell-tale signs of malicious cyber activity and prevent threat actors from penetrating into enterprise systems and networks.”
Benefits of Threat Defender Library for Security Teams
The Threat Defender initiative will encourage security collaboration across industry sectors by enabling teams from one organization to learn threat detection and mitigation strategies from security teams at other organizations. In the past, security collaboration was largely limited to the sharing of threat intelligence, but now, with this new capability, security teams can share threat indicators (IOC) as well as threat detection and defensive files to proactively mitigate threats using a single, centralized technology platform. Additional benefits of the Threat Defender Initiative include the ability to:
- Gain visibility into proven threat detection and mitigation strategies put in place by security teams from different organizations and industry sectors.
- Quickly respond to organization-specific threats by reusing the shared detection, analysis, and response files.
- Reduce time spent by analysts in researching and developing mitigation and containment strategies against threats.
- Mitigate common threats and act faster by actioning shared threat analysis and detection files such as SIEM Rules into deployed SIEM or XDR platforms.
- Increase threat hunting capabilities and significantly reduce mean-time-to-detect (MTTD) and mean-time-to-respond (MTTR) to security threats or incidents.
- Visualize a centralized mapping of threats and detection content against threat methods used by threat actors.
Cyware brings together historically siloed security operations, allowing organizations to share threat data more efficiently, and collaborate on threat response within their security functions as well as with other organizations within their network. The new threat defender capability, along with recently launched ISAC-to-ISAC threat intelligence sharing, TLP 2.0 adoption for threat intelligence sharing, and integration of CISA’s Automated Indicator Sharing (AIS) threat data into Cyware’s sharing network, will add more fuel to security collaboration between organizations and strengthen the cyber resilience across industry sectors.