Intel Exchange Lite
Go from Threat Informed to a Threat Led Model
Get measurable benefits from a fully automated threat intel platform, prebuilt with premium threat intelligence feeds and enrichment sources for small and medium-sized security teams.
Problems We Solve
Threat Intel Platform for Medium Sized Cybersecurity Teams
We enable mid-sized cybersecurity teams to simplify and efficiently address the complexities of threat intelligence management.
Data SheetEfficient and Effective Use of Threat Intelligence
Difficulty in managing and utilizing vast amounts of threat intelligence data.
Automating Threat Intel Operations
Manual processes are time-consuming and prone to errors.
Scalability for Smaller Teams
Smaller teams often lack the resources to manage extensive threat intelligence operations.
What Our Customers Say
Real Results, Real Security.
Cyware Orchestrate has transformed our customer's security strategies. Our actionable intelligence empowers organizations to proactively manage and mitigate risks through low-code automation enhancing their security confidence.
“Cyware’s platform transformed the agency’s security operations by streamlining incident response, enabling extensive intelligence sharing, and amplifying vulnerability management by integrating enriched threat intelligence.”
“Cyware implemented several use cases, enabling us to optimize our cybersecurity operations, fortify our defenses, and bolster security efficiency.”
“Texas A&M has significantly benefited from our collaboration with Cyware. Their innovative cybersecurity solutions and expert guidance have been instrumental in advancing our security posture, protecting both our network and community. We trust their expertise to keep us ahead in a challenging digital landscape.”
AI-Driven Automated Threat Intel Management
Small and mid-sized cybersecurity teams can leverage automated ingestion, analysis, and actioning, along with advanced customization, detection tool integrations, and robust security collaboration capabilities.
Launch Threat Intel Operations Without Extra Cost
Initiate threat intelligence operations using pre-bundled premium threat intel feeds and enrichment sources from Flashpoint, PolySwarm, alphaMountain, and more, all at no additional cost.
I want to see a demo
Comprehensive Threat Intel Aggregation
Seamlessly ingest and parse both structured and unstructured threat intelligence in STIX format from various sources including commercial feed providers, ISACs/ISAOs, blogs, and emails.
I want to see a demo
Custom IOC Confidence Scoring
Evaluate and score every ingested piece of threat intelligence to swiftly identify and act on high-priority IOCs at machine speed.
I want to see a demo
Automated Threat Intel Actioning
Utilize an in-built custom automation rules engine to automatically trigger threat action in deployed security tools such as SIEM, EDR, and firewalls.
I want to see a demo
Feature Rich
Tailored Threat Intel Platform for SMB Cybersecurity Teams
Leverage pre-loaded premium threat intel feeds, automate threat intelligence responses, and enhance collaboration with ISACs, ISAOs, and private sharing communities, all with a platform designed for small and medium-sized cybersecurity teams.
Prebuilt Threat Intel Feeds and Enrichment Sources
Jumpstart your threat intelligence operations with premium pre-loaded feeds and enrichment sources from leading providers like Flashpoint, alphaMountain, PolySwarm, and more.
Bi-directional Threat Intel Sharing
Enhance collaboration with ISACs, ISAOs, and private sharing communities by receiving and sharing threat intelligence in the STIX 2.x format.
Integrated SIEM Solutions
Utilize pre-built SIEM connectors to seamlessly update your SIEM records and perform SIEM lookup for threat detection and monitoring without the need for complex playbooks.
Customized Threat Reports
Generate enriched, personalized reports and threat views tailored for SOC, IR, TI teams, and governance stakeholders such as CISOs and Heads of SOC, TI, and IR teams.
Advanced Query Capabilities
Create powerful and sophisticated queries using the Cyware Query Language (CQL) to delve deeper into extensive threat intelligence data.
Security Metrics Dashboard
Monitor critical security metrics with an extensive widget library, ensuring continuous tracking of threat intelligence flow across your security operations.
Our Features
Cyware Intel Exchange Lite Feature Summary
Prebuilt Threat Intel Feeds and Enrichment Sources
Jumpstart your threat intelligence operations with premium pre-loaded feeds and enrichment sources from leading providers like Flashpoint, alphaMountain, PolySwarm, and more.
Bi-directional Threat Intel Sharing
Enhance collaboration with ISACs, ISAOs, and private sharing communities by receiving and sharing threat intelligence in the STIX 2.x format.
Integrated SIEM Solutions
Use pre-built SIEM connectors to seamlessly update your SIEM records and perform SIEM lookup for threat detection and monitoring without the need for complex playbooks.
Customized Threat Reports
Generate enriched, personalized reports and threat views tailored for SOC, IR, TI teams, and governance stakeholders such as CISOs and Heads of SOC, TI, and IR functions.
Advanced Query Capabilities
Create powerful and sophisticated queries using the Cyware Query Language (CQL) to delve deeper into extensive threat intelligence data.
Security Metrics Dashboard
Monitor critical security metrics with an extensive widget library, ensuring continuous tracking of threat intelligence flow across your security operations.
Compare Intel Exchange Product Editions
| Features/Capabilities | Intel Exchange | Intel Exchange Lite | Intel Exchange Spoke |
|---|---|---|---|
| Dashboard | Out-of-the-Box Dashboard, Sharing of Dashboard, Feeds ROI | Out-of-the-Box Dashboard, Sharing of Dashboard, - | Out-of-the-Box Dashboard - Limited set of widgets, -, - |
| Reports | Custom Reporting Capabilities | Custom Reporting Capabilities | Custom Reporting Capabilities Max. 2 reports |
| Intel Collection | Customizable to Your Organization's Unique Needs Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support) Threat Bulletin - Create & View Unstructured Intel - RSS Unstructured Intel - Threat Mailbox Unstructured Intel - Twitter Module Quick Add Intel, Import Intel Webscraper, Webhooks Manual Intel Ingestion via text, URL, file import | Upper limit to 50K Objects / Day Threat Data - All SDO support (STIX 1.x, 2.0 and 2.1 support) Threat Bulletin - View Unstructured Intel - RSS Unstructured Intel - Threat Mailbox - Quick Add Intel, Import Intel Webscraper Manual Intel Ingestion via text, URL, file import | Upper limit to 10k Objects / Day Threat Data - All SDO support (STIX 2.1 support for ingestion) - - Threat Mailbox (1 mail account only) - Quick Add Intel, Import Intel - Manual Intel Ingestion via text, URL, file import |
| Inbox Capabilities | Customizable to Your Organization's Unique Needs | Sharing is allowed to any 3 TAXII Feed Providers | Sharing is allowed to any 1 TAXII Feed Providers |
| Indicators Allowed (Allowlist) | All | All | - |
| Intel Scoring | Confidence Score Engine | Confidence Score Engine | - |
| Rules Engine | Build your own rule - Unlimited | Build your own rule - Max of 10 active rules | Build your own rule - Max of 2 active rules |
| Attack Navigator | Full Version | Full Version | - |
| Threat Investigation | Full Version | - | - |
| Dissemination - Detailed Submission | Customizable to Your Organization's Unique Needs | Inbox to any 3 TAXI feed providers | Inbox to any 1 TAXI feed provider |
| Analyst Workbench | Fang-Defang STIX Conversion Encode-Decode 64 CVSS Calculator Network Utilities | - | - |
| Global Tasks | Create and Action tasks | - | - |
| My Org | Indicators Allowed Watchlist | Indicators Allowed Watchlist | - |
| Authentication | Username/Password LDAP 2 FA enabled - Email/TOTP | Username/Password - 2 FA enabled - Email/TOTP | Username/Password - 2 FA enabled - TOTP |
| Feed Integrations | All | All | All |
| STIX and ISAC Integration | All | All | Maximum 5 STIX/ISAC sources |
| Feed Enrichment | All | All | - |
| Tool Integration - SIEM | All | All | All |
| Tool Integration - SOAR Solution | All | All | All |
| Tool Integration - Network Security | All | All | All |
| Tool Integration - Endpoint Detection Response | All | All | All |
| Console Status | Fully Enabled | - | - |
| SSO Enablement | Yes | - | - |
| Hub and Spoke | Yes | - | - |
| Open API | Yes | Yes | Available in Select Configurations Only |
| Users | - | - | 2 |
| Administration | User Management License Management Custom Entities Management Audit Log Management Tag Management Subscribers Configuration | Audit Log Management Tag Management User Management License Management Configuration (without Custom Score) | User Management Configuration (without Custom Score) |
FAQ
Any Questions?
Frequently Asked Questions
Traditional enterprise-grade Threat Intelligence Platforms (TIPs) have been designed for large enterprises. However, the present-day threat landscape necessitates that security teams of all sizes have their own automated TIP that enables them to ingest, analyze, enrich, and take actions on threat intelligence in real time. If you are a small or mid-sized security team facing similar challenges, then Intel Exchange Lite is the right platform for you.
Yes, Intel Exchange Lite comes pre-loaded with threat intelligence feeds and enrichment sources from leading providers such as Flashpoint, Polyswarm, and alphaMountain. More intelligence feed providers and enrichment sources are being added to the platform.
Yes, you can ingest threat intelligence feed from any feed provider in your Intel Exchange Lite platform.
Yes, you would be able to upgrade your Intel Exchange Lite platform to Intel Exchange based on your requirements. Cyware offers a customizable and scalable model for enterprises to start and gradually scale their threat intelligence analysis and sharing maturity over time.
Intel Exchange Lite is hosted on Cyware Cloud to ensure faster access and reduced costs. If you are looking for an on-premise deployment, get in touch with our sales team.
Intel Exchange Lite comes with pre-built SIEM connectors offering direct integration with your SIEM platform. The SIEM orchestration capability is pre-included in your Intel Exchange Lite subscription.
Intel Exchange Lite is an entry-level TIP specifically designed for those enterprises that want to perform essential threat intelligence operations such as automated ingestion, enrichment, analysis, and actioning but are unable to do so because of limited budgets or smaller security teams. The cost has been kept low to enable such enterprises to start utilizing threat intelligence without compromising their security needs.
With Intel Exchange Lite, you can ingest threat intelligence from sharing communities such as ISACs/ISAOs and OSINT sources. Intel Exchange Lite supports multiple threat intelligence ingestion methods including STIX / TAXII - via TAXII Server, Intel Exchange Hub, and Web Scraper - ingesting the OSINT data from different websites publishing data in different formats. Intel Exchange Lite allows data ingestion in multiple structured and unstructured formats including STIX 2.x, Email, RSS subscription, News / Blogs / Reports, PDF, Excel, CSV, etc.
CTIX Lite makes the organization and segregation of threat intelligence easy and effortless by leveraging Collections.
- Security teams can customize and automate this process by utilizing flexible Rules.
- STIX objects are automatically parsed and segregated by type upon consumption.
- Deduplication of threat data is automated and baked into Intel Exchange Lite.