Introduction
Organizations across the globe face an increasing number of cybersecurity threats involving multi-point attacks. These attacks are sophisticated, organized, and well-coordinated. But security teams do not have accurate data to analyze and respond to the threats. Therefore, it is important to have the necessary contextual information for effective threat response.
Cyware Fusion and Threat Response (CFTR) uses cyber fusion to help security teams bring together disparate threat data, such as malware, vulnerabilities, campaigns, threat actors, and more to provide contextual information about a threat. This helps security analysts to identify the root cause and respond to threats effectively.
CFTR seamlessly integrates with Orchestrate to constitute a powerful Security Orchestration and Automated Response (SOAR) solution. This helps security teams to automate various threat response scenarios.
Benefits
The main benefits of CFTR are:
Draw contextual intelligence on complex threat campaigns, identify potential attacker trajectories, and establish hidden threat patterns by uncovering correlations between seemingly isolated threats and incidents.
Fuse and correlate multi-sourced raw threat intelligence with malware, vulnerability, threat actor, and incident data in real-time to deduce finished contextual intelligence for effective and adaptive threat response.
Manage the triage, investigation, and actioning of incidents using configurable and automated response workflow combined with the power of cyber fusion and collaboration between your security teams.
Move beyond the top-down approach to manage cyber risk at the actual threat interface level. Secure all digital and human assets including servers, applications, endpoints, software, and human users by continuously maintaining, tracking, and taking action on the threat profile of each asset.
Streamline and automate triage and response at machine speed by bidirectionally integrating any tool with any tool including SIEM, IDS/IPS, TIPs, EDR, Firewalls, Honeypots, and DevOps tools.
Quantify incident costs for measurable indicators such as the average cost of an incident, cost per incident type, the average cost per analyst, and other custom-cost metrics.
Key Features
CFTR uses cyber fusion to bring together data from different teams and tools within an organization, such as SecOps, IT operations, physical security, product development, fraud containment, and others to boost overall threat intelligence, accelerate incident response, and reduce organizational cost and risk. By combining the SOC team and CFC models together, CFTR enhances the monitoring capabilities of a SOC team and provides the ability to better defend against attacks and intrusions, reduce mean time to response (MTTR), and stay on top of threats that could target their environments.
The following are some of the key features of CFTR:
Connect-the-Dots: Draw contextual intelligence on complex threat campaigns, identify potential attacker trajectories, and establish hidden threat patterns by uncovering correlations between isolated threats and incidents.
Incident Response & Management: Manage the triage, investigation, and actioning of incidents using configurable and automated response workflow combined with the power of cyber fusion and collaboration between your security teams
Integrated Threat Response: Manage and respond to all types of security threats such as incidents, malware, vulnerabilities, and threat actors using the integrated threat databases.
Incident Analysis & Visualizations: Perform in-depth analysis of the incidents with advanced analysis features, cost metrics, and intuitive graphical visualizations.
Flexible Threat Response Workflows: Configure multiple workflows to define the threat response process for different types of threats.
Multi-Tenancy: Create multiple tenants for your business units or clients and monitor the threat data of all tenants from a single dashboard.
Custom Modules: Create and customize your own modules to meet your workflow and fusion center requirements.
Rules Engine: Automate triggers and actions based on the incident status change to reduce manual errors and save analyst time.
Communication Channel Integration: Integrate Slack and share threat response updates with extended teams for better visibility and collaboration.
Action Management & Tracking: Assign, track, and manage threat response and asset enhancement operations with the actions tracking and implementation system.
Advanced Analyst Workbench: Use the analyst workbench tools for malicious IP tracking, activity logging, configuring custom alarms, and threat analysis.
Security Metrics & Governance: Direct, control, and monitor the efficacy of threat response operations using the integrated governance and metrics capabilities of CFTR.