Introduction
Organizations across the globe face an increasing number of cybersecurity threats involving multi-point attacks. These attacks are sophisticated, organized, and well-coordinated. The security teams must share information between themselves and take a collaborative approach to define their organization's security strategy. It becomes essential to have a platform for security analysts to coordinate, collaborate, and share relevant contextual information, to effectively respond to threats.
Cyware Situational Awareness Platform (CSAP) is an automated threat alert aggregation and information-sharing platform that equips key security personnel with information to improve situational awareness and resilience. Analysts can aggregate custom threat intelligence feeds (including Cyware - provided feeds) with vulnerability and malware early advisories to provide actionable alerts to employees, vendors, customers, peers, and more.
CSAP also enables security teams to adopt a threat intel-driven approach to ensure members are aware of the latest cyber threats facing your organization. Analysts can enrich, anonymize, and share precise and relevant threat intelligence including indicators of compromise (IOCs), threat intelligence, and incident responses.
CSAP has three product variants:
Analyst Portal: Analyst Portal is an admin module mainly used by administrators and analysts. Analysts create and share information with members. Administrators set the application and user preferences for all users through Analyst Portal.
Member Portal: Member Portal is used widely by members to collaborate, receive, and share security information. Member Portal is a web-based application that members can use from desktop or laptop computers.
Cyware Enterprise mobile app: Mobile app is a mobile version of the Member Portal accessible on devices such as smartphones or tablets. The Cyware Enterprise mobile app is downloaded, and installed from app stores.
Benefits
The main benefits of the Analyst Portal are:
Deploy a strategic threat intel-driven collaborative approach to managing incidents and breaches while detecting real-time security trends. Analysts can gain greater visibility of existing and emerging threats through actionable information sharing.
Send expertly curated cybersecurity alerts to members through the Member Portal to stay informed about the happenings in the cyber world.
Stay up to date with the cyber landscape by configuring and receiving various RSS, Partner, and Cyware Feeds. As your cyber awareness improves, spot suspicious cyber incidents and report them to the security team.
Ingest alerts automatically from SIEM tools, threat intelligence platforms, Intel feeds and vulnerability scanning tools, and more. to those who need to take action, while also equipping SecOps teams with automated threat intelligence ingestion and dissemination capabilities to quickly identify, prioritize and respond to threats for accurate decision-making.
Create and publish surveys to Analysts. Additionally, members can also submit requests for surveys on specific topics to the CSAP survey analyst. It can be published and distributed to all the CSAP members after review.
Create a dedicated Knowledge Base that allows you to store and share extensive documents, and materials such as policies, guidelines, handbooks, and standard operating procedures.
Aggregate unique OSINT threat intelligence feeds and vulnerability notifications to provide actionable alerts to employees, vendors, customers, and peers with actionable alerts. This eventually helps enhance collaboration between various internal teams and key stakeholders. The app helps you share accurate and actionable strategic threat intelligence.
Key Features
The following are some of the key features of the Analyst Portal:
Alert Management: Analysts can create and share detailed or brief human-readable, technical notifications regarding current vulnerabilities, exploits, and other security issues. Analysts can create alerts and share them with members using the Member Portal. Alerts can include a variety of information and also recommended actions for members. Analysts can also send out crisis notifications using alerts.
Configuration Management: Administrators can manage features and modules visible to analysts and members in both the Analyst and Member Portal. CSAP is highly configurable with various settings for features, modules, fields, and types of fields, which can be customized in the application for different users.
Threat Defender Library: Analysts and administrators can create, maintain, and manage content widely used in threat hunting, threat detection, and threat remediation. This library allows users to collaborate and maintain a repository of information for easy access, quick sharing and set up timely remediation measures.
Doc Library: Analysts and administrators can maintain and manage content such as files, folders, documents, attachments, and more. Doc library enables analysts and members to collaborate and coordinate with each other by sharing documents, files, or content in folders.
Knowledge Base: Analysts can create, collate and maintain an online repository of information about your product, organization, department, topic, or service. It can include documents such as policies, guidelines, handbooks, or standard operating procedures. A knowledge base enables organizations to improve self-service, give greater access to more articles, and offer regular updates. Members can access knowledge base articles through Member Portal and share links or export the details for offline analysis.
Surveys: Analysts can create online questionnaire forms called surveys to include multiple-choice, single-select, or text questions. Surveys can help analysts to gather information or opinions from members to make informed decisions.
Tag Library: Analysts can create and maintain tags. Tags add information or metadata to an item and make it easy to locate the item. Tags can also be aggregated into collections called Tag Groups.
Integrations: Administrators can configure integrations with many third-party tools to fetch or send information. Such Integrations help members receive important alerts from selected applications and can help in better preparedness to defend against potential attacks.
Community Sharing: Analysts can exchange alerts with their network of peers, vendors, and clients. Community sharing enables the automated sharing of alerts between two organizations using CSAP through secure API endpoints. It also enables collaboration between different organizations with shared security interests by allowing them to put a common front against attackers through threat knowledge sharing.