How Quilter Turned Threat Intelligence into Real-Time Collective Defense with Cyware 

Quilter, a UK-focused wealth management firm, was spending hours each week turning raw threat information into actionable intelligence. After an informed market evaluation, they chose Cyware to update their threat intelligence management program, simplifying processes, curating sector-specific data, and “saving around eight hours of manual labor each week.”  

The Reality of Threat Data Overload 

Quilter, one of the UK’s leading wealth managers, understands the importance of keeping its customers’ data safe.  

Before adopting Cyware, they were receiving large volumes of threat data but struggling to convert it into timely, usable security solutions. Hours were spent cleaning raw data, removing false positives, and preparing it for use. 

This meant tired analysts, stretched-thin security resources, and the knowledge that their time could be spent more productively elsewhere, with better processes in place.  

Ian Parsons, a former government employee specializing in cyber threat intelligence, joined Quilter in 2022 and became their cyber threat hunt specialist. Faced with using the incumbent tools, he was challenged to rejuvenate the program and explore other providers.  

Why “Data” Doesn’t Mean “Defense” 

The key problem was that threat intelligence was not being effectively leveraged for action in cyber defense. This intermediary step required manual processes, human intervention, and hours of work, despite tools that promised to simplify the process.  

As Cyware’s President, Jawahar Sivasankaran, explains in a video interview with Security Boulevard, many companies still see cyberthreat intelligence as “another inbox rather than an engine for action.” They understand the vital nature of this information, but “legacy tools and skill gaps force them to juggle three—or more—separate products just to turn a single indicator into a blocking rule.”  

This leaves gaps between raw intelligence, analyst workflows, and actual security response. Meanwhile, resource-strapped teams are left to fill those gaps; it's not a sustainable solution. And not one that can scale. 

Parsons recognized the need for a new operating model. Realizing that simply adding more feeds or tools would only make the problem worse, he looked for ways to fill the gaps.  

“I was looking for a threat intelligence platform that aligns with the threat intelligence lifecycle,” he explains. “Cyware was quick to understand our priorities.”  

Quilter’s Journey to Find the Right Solution 

Looking for a vendor that could do more, Parsons started asking around. “Forrester recommended Cyware as a top up-and-coming platform,” he says. “After that, I started speaking to peers across the industry, and Cyware was repeatedly recommended.” 

The impetus was recognizing the need for a platform that met the full operational needs of the security team.  

Ingesting data wasn’t enough. Cherry-picking key pieces didn’t go far enough. Instead, Quilter was looking for a way to make threat data drive the security decisions they made every day. And to do it in a way that made operational sense. 

Cyware builds its model on turning raw threat data into actionable threat defense across the entire threat intelligence lifecycle. From ingestion to data cleansing to mitigative actions and automated workflows, it provides a platform that anticipates and covers the needs of companies in Quilter’s position. 

Making Cyware the Top Choice 

After choosing Cyware, the results were immediate.  

Notes Parsons, “In the past, we have had issues with deduplication; Cyware’s solution does this automatically on ingest, saving around eight hours of manual labor each week.” 

This isn’t all. Cyware outperformed in ease of integration and sector-specific intel as well. There was no need to change Quilter’s current SIEM; instead, Cyware integrated directly into the existing solution, facilitating smooth bi-directional sharing, a noted strong point.  

And when it comes to finding the intel they need fast, Cyware also received high marks. Before, Parsons would have to query old programs and do extensive manual legwork to obtain the highly relevant financial cyber data he needed.  

Now, he says, “I simply set up the API key in Cyware, click ‘Enrich,’ and it does it all for me.” 

Transforming Intelligence into Response 

For Quilter, the key difference was that threat data finally became live and actionable. Cyware’s automated, AI-infused processes enabled every step of the process: 

• Eliminating duplicates and false positives 

• Automatically enriching alerts with relevant intel 

• Correlating data found across the telemetries 

And providing easy Natural Language Processing (NLP) search capabilities that allowed analysts to quickly deduce what mattered.  

But perhaps most importantly, solutions like Cyware Intelligence Suite and Cyware Intel Exchange take this newly operationalized data and use it to fuel real-time, AI-powered response: integrating with current cybersecurity solutions, automating playbook plays, and using generative and agentic AI to fill in the gaps. 

The result is faster validation, better prioritization, and hastened defensive action. 

Conclusion 

Quilter’s journey is a model for how modern organizations can build real-time, intelligence-driven defense with Cyware.  

As environments complexify and demands amplify, scalable risk management and compliance can only be achieved by eliminating manual processes and using real-time intelligence to fuel response. 

This is a crucial, future-proofing step if organizations are to be driven by threat data, not just notified of it.  

To see how Cyware can turn your threat intelligence program into an automated intel-to-response platform, book a demo today.