- Table of contents
The author
I love to get stuck in and let the creative juices flow. My strengths lie in idea generation, development and execution. Over 5 years experience in B2B cybersecurity. I reign supreme when my imagination and creativity can run wild.
Table of contents
Related Articles
Better Together: How Cyware & Cyberint Pair Threat Intelligence & Automation
Mature cybersecurity programs require strategic, operational, and tactical threat intelligence, as well as structured ways to ingest, consume, and act on the relevant threat intel data.
To help organizations better achieve these goals, Cyware and Cyberint have established a partnership and out-of-the-box integration. This post will provide details on how Cyberint’s comprehensive intelligence collection capabilities, combined with Cyware’s automation and operational security capabilities, optimizes the value of cyber threat intelligence.
Cyware’s services
Cyware is a cybersecurity firm that addresses a nuanced but critical need for any business with complex security requirements: bridging the “gap between threat intel teams and security operations teams,” as Willie Leichter, Vice President of Marketing at Cyware, puts it.
That practice is important because there’s no shortage of threat intelligence data out there. On the contrary, there is often so much threat intel that security operations teams struggle to figure out how to handle it – which threats to prioritize, how to remediate them efficiently and so on. And if you don’t know what to do with threat intelligence, it brings no value to your organization.
Not only that, but connecting the dots between seemingly disparate threats and ensuring that you notify the right people at the right time can be a real challenge. In many cases, remediating security incidents requires action not just on the part of the security operations team, but also other teams – like application developers or infrastructure maintainers – who need to make changes to the systems they own to block vulnerabilities.
Cyware addresses this challenge by ensuring the right people receive the right information at the right time. Not only that, but they contextualize threat intelligence data with information gleaned from a variety of other sources, then provide guidance on how teams can orchestrate and manage all aspects of threat response.
Using this approach, Cyware enables what Leichter calls “cyberfusion,” which empowers security operations teams to work effectively at scale.
Adding speed to threat intelligence
Cyware’s ability to correlate and contextualize threat data is an essential ingredient in the secret sauce that enables cyberfusion. But equally important is having access to real-time threat intelligence insights – which is where Cyberint comes into play.
To understand where Cyberint fits within Cyware’s approach to security operations, let’s walk through a typical alert scenario.
Imagine that there is a customer of both Cyberint and Cyware, let’s call them ACME Corp. They receive a new threat intelligence alert that there is a malware infection on an employee’s machine.
But when the alert first fires, it’s difficult to know the full scope of the threat or how serious it might be. Which systems within the business are connected to this machine. What data is vulnerable to this infection? Is the situation evolving in real time? And what remediation is suggested?
To help Cyware answer those questions, Cyberint continuously monitors the asset in question. And automations and human analysts at Cyberint review threat intelligence insights to ensure that they are as accurate and actionable as possible.
With this context, Cyware can determine rapidly how the situation is evolving and how best to remediate it, initiating playbooks. In the case of the malware infection, for example, Cyware was able to draw on Cyberint insights to alert the InfoSec team which isolated the threat and then remediated it.
In short, by delivering context-aware, custom-curated threat intelligence in real time, Cyberint alerts Cyware and then helps Cyware understand the nature of each alert and involve the right people to block it as quickly as possible. That would be much harder to do it without the ability to correlate rich threat intelligence data with other sources of insight.
Putting the “real” in real time
By working together, Cyware and Cyberint are able to accelerate the detection of relevant risks and the response to these threats – both in cases where response is fully automated and where it is not. Response time is measured in just minutes, not days.
“Cyberint is on the frontline of threat detection, and Cyware manages threats and takes action,” as Leichter explains.
How quick is onboarding?
For organizations that have clearly defined security processes in place, Cyware deploys in hours and begins generating effective results in days. That parallels the deployment experience for Cyberint, which you can also have up and running within just hours. And although supplying a list of assets to monitor helps, you don’t have to; we Cyberint can automatically detect the assets a business should protect.
Cyberint and Cyware: Better together
In short, Cyware’s partnership with Cyberint results in the ability to connect the dots effectively between different tools and teams, prioritize the alerts that matter most and tackle complex threats in real time.
As Leichter puts it, “The more efficient you are, the more effectively you’re communicating and the more effectively your tools are talking to each other, the better off you are when it comes time to respond.” Cyware and Cyberint work together to help businesses optimize outcomes on each of these fronts.Get a Demo of Cyberint today.
