Tackle New Email-Borne Threats with Cyren Threat InDepth + Cortex XSOAR

Feb 18, 2021
4 minutes
... views

With more than 300 billion emails[1] being sent daily, it is no surprise that threat actors prefer email as their primary threat vector. Recent data suggests that over 90% of breaches begin with a single email and 2/3rds of breach victims are large enterprises[2]. This highlights the risks posed by evolving threats and attacker tactics, techniques, and procedures (TTPs) on enterprises. Existing security tools are programmed to be highly effective in detecting and stopping known threats, but these very tools may be blind to newer attack tactics without actionable intelligence, amidst increasing organizational vulnerability.

This is why we are excited to announce that together, Cyren now integrates with Cortex XSOAR and allows enterprises to automate and supercharge threat detection and response with intelligence from Cyren Threat InDepth.

Cyren Threat InDepth provides the earliest visibility into key indicators of email-based threats, including phishing and malicious attachments. Threat InDepth provides security analysts and threat hunters with a comprehensive, multi-dimensional presentation of critical threat characteristics that help them detect, investigate, and respond to threats. When combined with the Cortex XSOAR platform, analysts have direct access to key indicators and supporting context, helping them to automate the entire security operations lifecycle and stay ahead of attackers. This capability helps security organizations to reduce key metrics such as mean-time-to-detect (MTTD) and mean-time-to-respond (MTTR).

Threat InDepth is powered by Cyren's GlobalView™ Threat Intelligence Cloud, which is utilized by leading security vendors and analyzes billions of transactions per day, including email content, web traffic, and suspicious files and will be available in the Cortex XSOAR Marketplace at the end of February through four unique premium content packs:

Cyren Phishing and Fraud Intelligence Feed provides real-time info on URLs that are known to serve phishing pages. Contextual information includes brand and industry information, among others. Use cases include enriching incidents with phishing information observed by Cyren, including additional insights about targeted brands and industries to improve incident classification and prioritization.

Cyren IP Reputation Intelligence Feed provides real-time info on URLs that serve spam, phishing and malicious links, and malware files. Contextual information includes threat intensity, risk score, country of origin, and relationships. Use cases include enriching incidents with IP Reputation information to provide additional insights on how IPs can be abused for phishing, spam, or to spread malware. Feed includes a risk score, making IP indicators more actionable for security analysts.

Cyren Malware File Intelligence Feed provides real-time info on files serving malware. Contextual information includes URL and IP information (including FQDNs within file), malware behavior characteristics, malware family, and relationships to IP addresses and links. Feed allows analysts to check every extracted file hash against the Cyren Malware Detection Engine database to determine if the file is malicious.

Cyren Malware URL Intelligence Feed provides real-time info on URLs serving malware. Contextual information includes first seen and last seen timestamps, associated IP addresses, and associated files. Use cases include enriching incidents with relationship information that security analysts can use to easily identify which malware files or IPs are associated with the suspect URL.

Threat InDepth intelligence will enable customers to maximize their investment in Cortex XSOAR by providing features including:

  • Automatic identification of IOCs including IPs, URLs, domains, and file hashes as playbook-driven tasks within Cortex XSOAR.
  • Access to detailed intelligence and context for IOCs from Cyren in Cortex XSOAR in real time.
  • Ability to leverage hundreds of Cortex XSOAR product integrations to further coordinate response across security functions.

Organizations can bridge the gaps and advance the maturity of their security program by tapping into the fastest growing community of security experts. Visit us here for a list of available integrations and featured content packs.

Don’t have Cortex XSOAR? Download our free Community Edition today!


Incident Overview with Threat InDepth and Cortex XSOAR

Figure 1: Incident Overview with Threat InDepth and Cortex XSOAR

Indicator Quick View

Figure 2: Indicator Quick View






[1] https://www.statista.com/statistics/456500/daily-number-of-e-mails-worldwide/

[2] 2019 Verizon DBIR Report

Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.