Operationalize Threat Intelligence, Defend and Respond In A Single, Powerful Solution

Cyware is the only Threat Intelligence Platform (TIP) with real-time visibility into Botnets, Malware and external malicious activity to pinpoint even the most sophisticated adversaries.

Integration Overview

Deep, real-time internet telemetry and feeds from Team Cymru integrate with ThreatQuotient’s platform ThreatQ to help Security Operation Center (SOC) analysts, incident responders, and threat hunters operationalize intelligence across your organization.​

Powered by Pure Signal™, the world’s most trusted external threat intelligence platform, our partnership and technology integration deliver a comprehensive solution that prioritizes risk, accelerates threat detection, investigation, and response (TDIR), and mitigates the most complex threats.

How It Works

Cyware’s automated workflows ingest Team Cymru’s real-time threat intelligence feeds to provide the context needed to gain deep visibility into botnet activity, and external threat actors’ malicious behavior. Data from Team Cymru is retained within Cyware, enabling much more thorough and precise security investigations.

The Integration: Two Powerful, Real-time Threat Feeds Within a Leading TIP

With this integration, Cyware becomes the only Threat Intelligence Platform (TIP) providing real-time visibility into Botnets, Malware, Command and control infrastructure, and external malicious activity to pinpoint even the most sophisticated adversaries.

The combined solution provides the most accurate, up-to-date sources of information and helps discover, pinpoint details, and mitigate malware and botnets.

This detailed intelligence helps customers take rapid corrective action to identify and block malicious activity and attacks. The integrated feeds include the following attributes:

BARS Threat Feed
Controller Feed

Team Cymru Botnet Analysis and Reporting (BARS) Threat Feed

The BARS feed enables rapid identification of malicious actors and infrastructure, enabling a detailed view of adversarial malware and DDoS attacks and campaigns. When a suspicious or potentially malicious IP address or activity is detected, the BARS feed enriches Cyware, providing a list of hosts infected with malware (bots), including the IP, port, BGP, and GeoIP.

This critical information and the clear threat indicators - with detailed attributes - are often lacking, which slows threat response. This enriched view is generated by tracking over 450,000 unique IP’s daily and roughly 50 million unique events. This “up-to-the-minute” intelligence enables correlation across Command and Control servers (C2s), victim IP addresses, malware targets, and DDoS attack instructions.

The integration provides detailed intelligence needed during an attack. It includes geolocation and victimology information, a complete campaign history of malware used, and insight into tracked malware families and the unique control protocols and - if available - encryption mechanisms in use.

Team Cymru Controller Feed (C2)

The controller feed provides real-time identification of botnet command and control C2 IP addresses, and also monitors latent nodes and networks to detect renewed activity. This vast dataset tracks over 40 malware families and assesses over 40,000 unique IP addresses daily, including domain names, HTTP URLs, the “time first seen”, and provides a confidence score. This feed provides the full URL, malware hash, and DNS resource record of the controllers enabling you to cross reference, monitor, or block connections.

Use Cases

A “SIEM” for every
threat

Integrate multiple sources and contextualize threat Intelligence: Combine a broad range of threat intelligence and vulnerability data to gain complete context and visualize threats

Stop Malware and DDos Attacks

Identify and block malware and DDoS attacks before they impact your network and broader infrastructure to ensure business continuity

Fraud Reduction

Identify fraudulent network activity and take preventive steps before they impact your organization

Network fortification

Leverage threat indicators to integrate with firewalls, IPS, and IDS to harden network defense and prevent malicious traffic from affecting networks.

Government

Federal, State and other government agencies can use the feed for national security purposes, tracking cyber espionage campaigns

Key Advantages

Helps security teams analyze large amounts of Threat Intelligence and Vulnerability data to identify credible and imminent threats quickly

Provides the intelligence you need to respond quickly with accurate, informed steps to neutralize harmful activity

Enhanced situational analysis: Create customizable dashboards in Cyware to track malware and botnet activity to defend against malicious activity proactively​

Integrate feeds into intrusion detection and prevention systems to enhance their security posture.

MSSPs and Enterprises can utilize the feeds to enable proactive security measures, preventing malicious traffic from affecting their operations.

Harden network defenses by informing and tuning network security. The feeds’ intelligence will aid in blocking IPs and optimizing firewall and other edge device policies.

Accelerate investigations: automatically enrich and analyze threat indicators through Cyware

Inform an accurate real-time automated response by providing detailed information regarding malware, botnet IPs, and related infrastructure

Cyware Workflow

Step One

Ingest Team Cymru’s Threat Intelligence Feeds Into Cyware

Threat intelligence from hundreds of sources is easily ingested into Cyware via STIX , RSS, API, and other sources. The BARS and C2 feeds from Team Cymru are ingested through API, and immediately accessible.

Step Two

See the Complete Threat Landscape

Leverage up-to-the-minute threat intelligence data from Team Cymru - together with many other intelligence sources - to detect and quickly understand where risks and threats lurk. Quickly delve into specific datasets to understand if a threat is current and has the potential to exploit a security gap or vulnerability.

Step Three

Visualize Relationships and Gain Context

Large volumes of threat intelligence data are blended, contextualized, and easily viewed, making it easy to understand asset and threat relationships and gain valuable context by understanding IP address communication patterns and associations with malware and botnets.

Quickly Investigate and understand suspicious activity. Below, an IP address is identified and associated with a botnet with known malware activity.

Step Four

Respond

Create simple, yet powerful rules using CQL (Cyber Query Language) to easily take specific actions to escalate risks to enact an immediate response. Examples of a response can be alerting a broader team, Informing network defenses, filing a ticket, or even blocking a specific IP address,

Why Team Cymru and Cyware  Are a Winning Combination

Together, Team Cymru and Cyware provide a powerful solution for comprehensive threat intelligence and rapid analysis with automated and targeted responses. Team Cymru's detailed threat intelligence feeds and extensive data on IP address relationships, combined with Cyware's robust intelligence gathering, automation and orchestration capabilities, create a highly effective security operations environment.

This integration allows organizations to gain deeper insights into their security posture, streamline their incident response processes, and maintain a proactive approach to cybersecurity. By leveraging the strengths of both platforms, security teams can enhance their threat detection and response capabilities, reduce operational overhead, and protect their digital assets more efficiently.

Cyware’s ability to centralize threat intelligence and manage security workflows is complemented by Team Cymru’s real-time threat intelligence, enabling security teams worldwide to identify and respond to threats swiftly and effectively.

Experience Team Cymru for ThreatQuotient in Action

Take the next step with a demo, free trial, or conversation with Team Cymru.

Talk to an Expert