Introduction
Organizations across the globe face an increasing number of cybersecurity threats involving multi-point attacks. These attacks are sophisticated, organized, and well-coordinated. But security teams do not have accurate data to analyze and respond to the threats. Therefore, it becomes essential to have a platform for security analysts to collaborate, coordinate, and share relevant contextual information, to effectively respond to threats.
Cyware Situational Awareness Platform (CSAP) is an automated threat alert aggregation and information-sharing platform that equips key security personnel with information to improve situational awareness and resilience. Analysts can aggregate custom threat intelligence feeds (including Cyware-provided feeds) with vulnerability and malware early advisories to provide actionable alerts to employees, vendors, customers, peers, and more.
CSAP also enables security teams to adopt a threat intel-driven approach to ensure members are aware of the latest cyber threats facing your organization. Analysts can enrich, anonymize, and share precise and relevant threat intelligence including indicators of compromise (IOCs), threat intelligence, and incident responses.
CSAP has three product variants:
Analyst Portal: Analyst Portal is an admin module mainly used by administrators and analysts. Analysts create and share information with members. Administrators set the application and user preferences for all users through Analyst Portal.
Member Portal: Member Portal is used by security teams, members, and member organizations for receiving strategic intelligence and alerts. It works, along with the Analyst Portal, to enhance communication and strategic intelligence sharing as integral parts among employees and member organizations belonging to your organization’s network.
Cyware Enterprise mobile app: Mobile app is a mobile version of the Member Portal accessible on devices such as smartphones or tablets. The Cyware Enterprise mobile app is downloaded, and installed from app stores.
Benefits
The main benefits of the CSAP Member Portal are:
Receive expertly curated cybersecurity alerts from the Analyst Portal to stay informed about the happenings in the cyber world.
Collaborate with members, create groups for discussion, and start discussions based on topics with the Messenger. Members can also leave their suggestions and view responses from discussions.
Share verified threat intel with other members, which helps understand the risks of the most common and severe external threats. Threat intel submissions are first reviewed and verified by analysts for accuracy before publishing as alerts.
Stay up to date with the cyber landscape with Feeds, and as your cyber awareness improves, spot suspicious cyber incidents and report them to the security team.
Create and answer surveys published by analysts. Additionally, members can also submit requests for surveys on specific topics to the CSAP survey analyst. It can be published and distributed to all the CSAP members after review.
Use a dedicated Knowledge Base that allows you to store and share extensive documents, and materials such as policies, guidelines, handbooks, and standard operating procedures.
Key Features
CSAP Member Portal is used widely by members to collaborate, receive, and share security information. Member Portal is a web-based application that members can use from desktop or laptop computers.
The following are some of the key features of the Member Portal:
Alerts: Receive real-time situational alerts about the latest incidents, breaches, malware, vulnerabilities, and threat methods to members over the web, email, and mobile platforms. Respond to alerts and have alert-based discussions with other members.
Messenger: Collaborate with members using a secure and dedicated messenger. Create groups for discussion, and start discussions based on topics.
Feeds: Stay up to date with the threat landscape with the Feeds. Feeds bring additional security feed sources eliminating the need for managing different URLs and feed sources outside of CSAP. You can bookmark, export and archive articles of your choice.
Threat Intel: Share threat intelligence with members which helps organizations understand the risks of the most common and severe external threats. The threat intel is submitted to a threat intel analyst for further enrichment before publishing.
Request for Information (RFI): Gather information from analysts and other members to share relevant and contextual information on threats, vulnerabilities, malware, and prioritized intelligence requirements.
Collaborate: Create real-time collaborative notes with other members. You can create a document, as a temporary group, and store the content. You can also create a note, using a rich text editor, and add the members with whom you wish to collaborate.
Threat Defender Library (TDL): Create, upload, maintain, and collaborate using the information in TDL, which is a threat intel content repository. This information is used in threat hunting and defense.
Events: View, upcoming, ongoing and past events that are planned for you. Events are created by alert creators, and you get event details through the alert.
Survey: Request and respond to surveys published by a survey analyst in the Analyst Portal. A survey represents a questionnaire assigned to members.
Doc Library: Store text, image and video files in a secure library where you can access and download information shared by analysts.