[Product Roadmap] Focusing on cyber fusion centres, Cyware is helping enterprises upgrade cybersecurity
In this week’s Product Roadmap, we feature New York headquartered cybersecurity startup Cyware, which provides large enterprises across industry sectors with a collective defence security strategy.
Anuj Goel and Akshat Jain founded
with one aim: building a Virtual Cyber Fusion Center (vCFC) platform that provides a collective defence security strategy for large enterprises across industry sectors, including financial services organisations (banks and insurance firms), telecommunication companies, healthcare and pharma organisations, manufacturing, retail, and others.“Cyware has pioneered the Virtual Cyber Fusion technology that integrates disparate cybersecurity functions, including threat intelligence operationalisation, security automation, threat response, security orchestration, incident, and case management into a single, connected platform for SecOps teams,” Akshat says.
He adds that the platform delivers next-generation Security Automation, Orchestration, and Response (SOAR) solutions, along with a threat intelligence platform (TIP), making it the only company capable of delivering “this level of SecOps cyber capacity” across these two markets globally.
Whether an organisation’s cybersecurity team is remote or dispersed, a virtual cyber fusion centre orchestrates people, processes, and technologies to boost threat intelligence sharing, accelerate threat response velocity, and reduce the risk of cybersecurity breaches, while improving cybersecurity posture risks.
What are fusion centres?
The concept of fusion centres was first introduced in the law enforcement domain in the United States to foster information sharing and collaboration between different government authorities against terrorism.
Since then, the concept of fusion centres has grown rapidly. With the cyber threat landscape evolving at a faster pace, it is finding faster adoption as organisations globally have started to move beyond primitive “brick-and-mortar” Security Operations Centres (SOC) to Virtual Cyber Fusion Centres (vCFC).
This is because collaboration and information sharing between the defenders (security teams) is needed more than ever to proactively prevent attacks as attackers (threat actors) have aggravated the cyber threat situation worldwide with advanced tactics and techniques such as sophisticated supply chains and ransomware attacks.
Presently organisations face three major challenges in security operations:
- First, the siloisation of security operations has limited their ability to collaborate internally and externally (with security teams from other organisations). Thus they tend to have multiple security teams (such as threat intel team, SOC team, incident response team, threat hunting team) that must collaborate with each other to deliver effective threat response. Organisations with similar security interests (such as those from the same industry sector facing a similar type of cyber threats) must also collaborate with each other through information sharing to proactively identify and prevent potential attacks.
- Second, the lack of flow of actionable threat intelligence across security workflows, including incident response, limits their threat visibility and renders threat response incomplete and ineffective.
- Third, the lack of capability to automate and orchestrate security workflows across their cloud and on-premise infrastructure. Some organisations have attempted to automate their security workflows by leveraging multiple orchestration layers (from different vendors) but that approach has only further complicated their security infrastructure and raised costs, making it untenable in the long run.
“We set out to address these issues by creating the industry’s first Virtual Cyber Fusion Center (vCFC) that combines Threat Intelligence with Security Orchestration, Automation, and Response (SOAR), while enabling extensive threat visibility and collaboration in security operations,” Akshat says.
Cyware’s Virtual Cyber Fusion Center (vCFC) solves all these challenges by
- Offering a centralised platform that drives collaboration across security teams within an organisation and between different organisations.
- Providing end-to-end threat intelligence operationalisation capabilities, including threat intelligence collection, enrichment, analysis, sharing, and actioning.
- Providing ‘any-to-any” orchestration that allows security teams to automate their entire security workflows, including those that involve IT and DevOps tools and across deployment environments (cloud and on-premise) using a single, centralised orchestration layer.
Over the years, the cybersecurity industry has come up with a wide range of solutions to tackle specific use cases and threats. Cyware is bringing the cybersecurity stack together under one umbrella through the cyber fusion technology to “break silos and streamline SecOps”.
How does Cyware help?
Akshat says the team has built scalable solutions that are helping leading Fortune 2,000s, National CERTs, MSSPs, government agencies, and information sharing communities (ISACs/ISAOs) globally to adopt a smarter threat-intel and security automation-driven outlook for proactively curbing cyber threats.
“Cybersecurity affects the bottom line of every organisation today, regardless of its size, industry, or geographic location. Several ongoing trends like the growth in ransomware threats, supply chain hacks, and the adoption of remote/hybrid work, and cloud solutions, have increased the security challenges for a large number of organisations,” Akshat says.
To help organisations adapt to the evolving threat landscape, the company has built solutions to provide enhanced threat visibility and automated response capabilities across any environment — cloud, on-premise, or hybrid.
Cyware’s SOAR solutions are built to allow security teams to combine the best of human and machine capabilities to streamline their cybersecurity threat response workflows to avert any crisis at the earliest stage possible.
Cyware’s Virtual Cyber Fusion Center (vCFC) platform leverages a connected, synergistic approach across all products, including:
- Cyware Situational Awareness Platform (CSAP) - allows organisations to automate threat alert sharing and aggregation in real-time, along with machine-to-machine and machine-to-human orchestration.
- Cyware Threat Intelligence eXchange (CTIX) - is a smart, client-server threat intelligence platform (TIP) for ingestion, enrichment, analysis, and bi-directional sharing of threat data within your trusted network.
- Cyware Fusion and Threat Response (CFTR) - is a threat response automation platform that combines cyber fusion, advanced orchestration, and automation to stay ahead of increasingly sophisticated cyber threats affecting enterprises in real-time.
- Cyware Security Orchestration Layer (CSOL) - is a universal, security orchestration gateway for executing on-demand or event-triggered tasks across deployment environments at machine speeds.
First product and scale
“Cyware’s first product was the Cyware Situational Awareness Platform (CSAP). This solution was architected to help bring different people within an organisation on the same page when it comes to cybersecurity and to simplify threat alert sharing, crisis communication, incident reporting, and other key areas,” Akshat says.
It took the Cyware team only a few months to roll out the initial version of CSAP and begin onboarding the first batch of users.
“No other company has anything remotely close to CSAP. CSAP has emerged as a game-changer for information sharing communities (ISACs and ISAOs) with over 18 global ISACs and ISAOs using it to share information with over 15,000 members worldwide,” Akshat adds.
He explains that from the very early days, the Cyware team focused on building products and solutions that can be leveraged by customers across various industry sectors with varied security requirements and priorities.
“We have designed our solutions to be flexible enough to plug into any existing cybersecurity infrastructure and deliver value from day one. Therefore, modularity, scalability, interoperability, and stability are some of the driving factors behind the evolution of our products,” Akshat says.
Integrating feedback
The co-founder says cybersecurity operations are driven by the people, processes, and technologies involved. At Cyware, the team focuses on building technology solutions that go hand-in-hand with existing people and processes to deliver desired security outcomes.
“Integrating user feedback into our development process has helped build solutions that not only leverage innovative technologies like cyber fusion, security orchestration, and automation to accelerate security processes but also make the lives of security analysts, managers, and CISOs easier by eliminating repetitive, monotonous tasks, improving the signal-to-noise ratio in threat alerts, and helping them focus on tackling critical cyber threats,” he says.
Each product has undergone a very intensive process of design, development, and iteration, based on our internal research and user feedback. This iterative process is an ongoing part of product development and design and helps the team come up with new, innovative ideas to improve usability, compatibility, scalability, and reach of solutions.
The Eureka moments from this process have given birth to new products or features, including a lightweight orchestrator for the cloud to on-premise automation and a threat intelligence platform for mid-market enterprises. The orchestrator (CSOL Agent) was built after realising the need to close the operational gap in automating and orchestrating cloud applications and on-premise deployed security solutions.
“On the other hand, the industry’s first Threat Intel Platform (TIP) for mid-market organisations (CTIX Lite) was designed to serve the needs of organisations with small or no dedicated threat intel teams; those that do not have a large cybersecurity budget,” Akshat explains.
Cyware built this platform to help mid-market security teams identify and mitigate potential security threats. These teams had found themselves at the cross-hairs of threat actors after the COVID-19 pandemic.
Growth and scale
Akshat says one of the growth strategies that helped the company reach out to a large number of potential customers was the adoption of their solutions by over 18 major ISACs across different sectors. More than 15,000 member organisations that are a part of these ISACs used Cyware’s technology to foster threat intelligence sharing, security collaboration, and improve their cyber readiness.
“This helped us gain recognition on a global scale, generate demand, and validate our solutions to onboard even more customers across key geographies and industry sectors. Moreover, we have developed a strong online presence through our free-to-use cybersecurity alert aggregation platform Cyware Social, which also comes with a mobile app, our thought leadership podcast CyberCast, our email newsletters, and many other initiatives,” he adds.
The team soon realised that building out a SecOps-oriented platform needed a delicate balance. The challenge in SecOps across the global enterprise is that no one environment is like the next - meaning Cyware needs intimate knowledge of enterprise environments to be effective and deliver pinpoint accuracy across threat intelligence and SOAR solutions.
Building new products
Recent cyberattacks on software supply chains have shown that every entity that is part of the larger ecosystem can become a conduit for hackers to achieve their malicious objectives. Therefore, even small to medium-sized organisations (SMBs) cannot afford to rely on a slow, reactionary approach to tackling cybersecurity threats and incidents.
This realisation helped shape CTIX Lite, the industry-first Threat Intel Platform (TIP) for mid-market organisations, that previously did not have access to advanced threat intelligence analysis, sharing, and automation capabilities.
Another technological innovation from Cyware is the enabling of any-to-any orchestration. A large number of organisations have their technology stack distributed over cloud and on-premise environments. However, due to the lack of technology they are not able to automate processes across these environments without raising cyber risks such as exposing their network.
“Cyware’s advanced SOAR technology has solved this challenge through its CSOL Agent - a lightweight orchestrator that allows automation and orchestration of cloud-to-on-premise networks without requiring organisations to expose their network to security threats,” Akshat says.
Another major pain point for security teams has been the automation of security workflows with their IT and DevOps technologies.
Contrary to popular belief, security workflows are not limited to only security tools but involve IT and DevOps tools as well, especially during incident investigations and response processes.
Cyware’s SOAR platform provides any-to-any orchestration with its 250+ SOAR Connectors allowing security teams to perform security-to-IT-to-DevOps orchestration. The technology also allows security teams to seamlessly build their own custom connectors to perform out-of-the-box orchestration.
As the SOAR market grows at a quick pace, Cyware is well-positioned to capitalise on the opportunity to enable organisations to transform their security operations.
“With a growing number of ISACs and ISAOs leveraging our threat intelligence platforms for information sharing with their members and amongst each other (cross-sector sharing), we are marching on towards creating the world’s first Global Collective Defence Network against advanced threat actors.
“We aim to increase our customer base across all verticals and keep iterating our products to be the leading cyber fusion and collective defence solutions provider in the years to come,” Akshat says.
Edited by Teja Lele