Cyware has expanded its threat defender collaboration network by allowing the sharing of rules, analytics and files used in cyber threat detection, hunting and defense, the company announced in a prepared statement.
Cyware is a builder of low-code SOAR and intel automation-powered Cyber Fusion Centers for enterprises and threat intelligence sharing for ISACs and ISAOs. The company offers a Cyberware Technology Partner Program, which lets MSSPs integrate it's threat intelligence, SOC orchestration and incident response capabilities into their portfolios.
Until recently, threat sharing through ISACs was limited to Indicators of Compromise (IOC) between threat intelligence teams, Cyware asserts. Now, Cyware’s new technology offering “will eliminate silos between security operations center (SOC), incident response, and threat hunting teams within organizations,” the company said.
In addition, the offering is intended to foster collaboration against advanced cyber threats at sectoral (ISAC-to-Member) and cross-sectoral (ISAC-to-ISAC) industry levels.
Introducing the Threat Defender Library
Cyware’s Threat Defender Library (TDL) is a new capability within it’s threat advisory sharing and security collaboration platform (CSAP) version 3.5. The TDL functions as an exclusive repository for security teams to store, collaborate and share threat detection files, response automation rules and analytics files between organizations.
Using the Threat Defender repository feature, security teams can create, upload, maintain, collaborate and share:
- SIEM rules files
- Threat detection files including Yara rules, Sigma rules, log sources, Suricata, Snort Rules, and more
- Analytics files
- Response files such as automated playbooks
- MITRE ATT&CK data including tactics, techniques, and sub-techniques
Commenting on the new offering, Cyware CEO and co-founder Anuj Goel said:
“The Threat Defender initiative is a result of our close interactions with hundreds of CISOs, heads of SOC, incident response and threat hunting teams across organizations and industry sectors who time and again have echoed the need for security collaboration that results in positive, actionable outcomes for all. The Threat Defender collaboration technology developed by Cyware will enable security teams from organizations of all types and sizes to work together to hunt for tell-tale signs of malicious cyber activity and prevent threat actors from penetrating into enterprise systems and networks.”
Benefits of Threat Defender for Security Teams
The Threat Defender initiative will encourage security collaboration across industry sectors by enabling teams from one organization to learn threat detection and mitigation strategies from security teams at other organizations, Cyware explained. As such, security teams can share threat indicators as well as threat detection and defensive files to proactively mitigate threats using a single, centralized technology platform.
Additional benefits of the Threat Defender Initiative include the ability to:
- Gain visibility into proven threat detection and mitigation strategies put in place by security teams from different organizations and industry sectors
- Quickly respond to organization-specific threats by reusing the shared detection, analysis and response files
- Reduce time spent by analysts in researching and developing mitigation and containment strategies against threats
- Mitigate common threats and act faster by actioning shared threat analysis and detection files such as SIEM Rules into deployed SIEM or XDR platforms
- Increase threat hunting capabilities and significantly reduce mean-time-to-detect (MTTD) and mean-time-to-respond (MTTR) to security threats or incidents
- Visualize a centralized mapping of threats and detection content against threat methods used by threat actors