Introducing the Threat Defender Library
Cyware’s Threat Defender Library (TDL) is a new capability within it’s threat advisory sharing and security collaboration platform (CSAP) version 3.5. The TDL functions as an exclusive repository for security teams to store, collaborate and share threat detection files, response automation rules and analytics files between organizations.Using the Threat Defender repository feature, security teams can create, upload, maintain, collaborate and share:- SIEM rules files
- Threat detection files including Yara rules, Sigma rules, log sources, Suricata, Snort Rules, and more
- Analytics files
- Response files such as automated playbooks
- MITRE ATT&CK data including tactics, techniques, and sub-techniques
“The Threat Defender initiative is a result of our close interactions with hundreds of CISOs, heads of SOC, incident response and threat hunting teams across organizations and industry sectors who time and again have echoed the need for security collaboration that results in positive, actionable outcomes for all. The Threat Defender collaboration technology developed by Cyware will enable security teams from organizations of all types and sizes to work together to hunt for tell-tale signs of malicious cyber activity and prevent threat actors from penetrating into enterprise systems and networks.”
Benefits of Threat Defender for Security Teams
The Threat Defender initiative will encourage security collaboration across industry sectors by enabling teams from one organization to learn threat detection and mitigation strategies from security teams at other organizations, Cyware explained. As such, security teams can share threat indicators as well as threat detection and defensive files to proactively mitigate threats using a single, centralized technology platform.Additional benefits of the Threat Defender Initiative include the ability to:- Gain visibility into proven threat detection and mitigation strategies put in place by security teams from different organizations and industry sectors
- Quickly respond to organization-specific threats by reusing the shared detection, analysis and response files
- Reduce time spent by analysts in researching and developing mitigation and containment strategies against threats
- Mitigate common threats and act faster by actioning shared threat analysis and detection files such as SIEM Rules into deployed SIEM or XDR platforms
- Increase threat hunting capabilities and significantly reduce mean-time-to-detect (MTTD) and mean-time-to-respond (MTTR) to security threats or incidents
- Visualize a centralized mapping of threats and detection content against threat methods used by threat actors