General Documents

Threat response and incident management are crucial parts of a cyber fusion center and any security operations workflow. Organizations need to have the right plan, the right analyst on the job, and the required contextual threat intelligence to remain vigilant against threats. While organizations strive to develop a synergy between human capital and technology infrastructure by implementing the right processes, Cyware uses machine learning to improve the speed and accuracy of decision-making in the threat response lifecycle.

Cyware takes a more practical approach to deliver the real benefits of machine learning for Cyware Fusion and Threat Response (CFTR) users.

CFTR’s machine-learning model supports the following operations to enhance your fusion and threat response processes.

Security teams often have trouble deciding which analysts should handle different incidents. The skill level, expertise, and availability of an analyst all come into play, making it a difficult problem for automation.

The threat response process must identify and analyze the clues related to each incident, so security analysts can understand the repeated patterns in threats facing their infrastructure and reduce human effort. CFTR’s machine learning functionality finds incident similarities based on incident details and shows analysts all the related incidents previously logged in the application.

CFTR’s machine learning model provides recommendations on the most relevant knowledge base articles that suit incidents under investigation. This helps analysts to refer to the relevant incident protocols and quickly respond and resolve the incident.

CFTR provides playbook suggestions based on incident attributes such as description, title, IOCs, incident type, severity, vulnerabilities, and more, to recommend a playbook using machine learning. Analysts can easily view relevant playbooks automatically based on similar incidents, incident attributes and utilize the playbooks to perform security automation and orchestration tasks.

Note that this feature works with the Orchestrate product integration.

Security teams analyze incidents and compare them to past incidents to find similarities. They use factors such as the date, type of attack, person accountable, the incident source, and the industry affected to help make these comparisons. Finally, analysts combine duplicate entries into a single incident before starting the analysis and investigation.

CFTR uses machine learning to associate one or more child incidents with a parent incident and provides suggestions to merge duplicate and similar incidents. Analysts can directly choose child incidents for merging and with the help of a merge template.

CFTR enables security analysts to identify the connections between an incident and all the historically observed incidents, malware, vulnerabilities, threat actors, campaigns, and more. CFTR provides machine learning insights to build the connection between various malicious activities by attackers and any observed incident. This gives a birds-eye view of all the activities in the threat landscape that are of concern when investigating a particular incident.

Automate Incident Assignment

CFTR quickly and efficiently assigns incidents to analysts by understanding the previous history of incidents worked by an analyst and ensures that the workload is distributed accurately across the security team.

Faster Incident Response

By analyzing an incident in the context of the broader threat landscape, security teams gain a more comprehensive view of the potential gaps in their defenses and can prioritize the mitigation strategies accordingly.

Reduce Manual Effort

CFTR analyzes large quantities of data to discern patterns or anomalies using machine learning pattern recognition and behavioral mapping techniques to aid key security operations. This allows CFTR to automate areas that require tremendous human effort.