Unlock Actionable Threat Intelligence with the Cyware’s Feeds ROI Dashboard | Cyware Blog

While every organization in today’s day and age leverages threat intelligence to enhance its security operations, there is often a lot of ambiguity around the usefulness of different threat intelligence sources. The Cyware Threat Intelligence Exchange (CTIX) version 2.7 aims to solve this issue once and for all with the updated Feeds ROI dashboard. It is designed to provide the security teams with the key metrics that help them understand a multi-source threat intelligence setup.

How does it work?

Until the previous version, the CTIX Feeds ROI widgets only provided historical trends of threat intelligence feeds. However, the newly updated Feeds ROI dashboard in version 2.7 allows threat intel analysts and SOC managers to continuously evaluate and reassess threat intelligence priorities based on the performance of threat intelligence feeds from different sources that their organization is currently using or subscribed to.

CTIX users can explore the Feeds ROI section under the Dashboard module in CTIX to peruse four useful metrics. These include:

• Exclusive and Overlap: This shows you a bar chart depicting the exclusive as well as the overall threat intelligence provided by each of your feed providers.
• Early Reporters: This gives you an idea about the threat intelligence sources providing relevant and real-time intelligence.
• Source and Score: This graph compares different intelligence sources based on the average Threat Intel Score garnered by the intelligence received from each source. This also helps understand the distribution of the quality of indicators from each source, i.e. the number of highly-relevant malicious indicators compared to the irrelevant ones.
• Feed Performance: This shows the key performance of different threat intelligence sources on the basis of the number of intelligence indicators received, actions deployed with observations, deprecated intel, and false positives corresponding to each threat intelligence source.

Aiming for peak threat intel performance

The updated Feeds ROI dashboard comes with multiple benefits for security teams including:

• An easy understanding of the utility of different threat intelligence sources based on the distinct security priorities of your organization.
• Building the correct understanding of the perception of different intelligence feeds and their quality.
• Analyzing how your threat intelligence team is using the feed data to take security actions.
• Making informed decisions with regard to prioritizing and managing response actions based on threat indicators received from a variety of sources.
• Building a long-term knowledge base for improving the effectiveness of your threat intelligence operations.

Final words

To effectively leverage cyber threat intelligence to bolster their security posture, organizations need to regularly monitor the health and performance of the intelligence inputs that go into this process. Built with a new Feeds ROI dashboard, CTIX 2.7 makes this easier than ever before to ensure you are always making the right decisions and driving your efforts in the right direction, meeting your organization’s security requirements and priorities.

Posted on: December 14, 2020

Originally published at https://cyware.com.