Cyware adopts Traffic Light Protocol 2.0 to improve threat intelligence sharing capabilities


Cyware has introduced the newly introduced Standard Version 2.0 of the Traffic Light Protocol (TLP) to improve the ability to share threat intelligence within and between organizations around the world.

The Forum of Incident Response and Security Team (FIRST) has updated the globally used TLP standard for the cybersecurity industry, an integral system that helps organizations around the world share sensitive information with the required disclosure rules. In 2015, FIRST led the initiative to unify and standardize the TLP. The modernized TLP version 2.0 is now available for distribution and Cyware is one of the early adopters of the new standard to encourage greater industry-wide threat intelligence sharing.

Under the new TLP 2.0 standard, TLP:WHITE became TLP:CLEAR, while a new TLP:AMBER+STRICT label was added to highlight information that is unique to the recipient’s organization. The TLP standard includes four labels and one sublabel. This contains:

  • TLP:CLEAR – No Disclosure Restrictions.
  • TLP:GREEN – Limited disclosure within the community.
  • TLP:AMBER – Limited disclosure on a need-to-know basis within the organization and to customers.
  • TLP:AMBER+STRICT – Limited disclosure on a need-to-know basis within the organization only.
  • TLP:RED – No further disclosure beyond a single recipient.

The updated standard also brings improvements aimed at increasing accessibility for non-native English speakers and providing consistent language, terminology, and definitions for the cybersecurity community.

The Cyware Situational Awareness Platform (CSAP) provides enterprises and information communities (ISACs/ISAOs) with granular control over the sharing of sensitive threat intelligence, vulnerabilities and malware alerts. The platform is widely used by industry-leading ISACs and ISAOs across healthcare, retail, energy, space, aviation, automotive and other sectors to share threat intelligence with their members and each other via Cyware’s ISAC-to-ISAC Exchange sharing function.

To achieve this goal, CSAP has incorporated the TLP 2.0 standard to enable a modernized and reliable threat intelligence exchange workflow. It helps to define clear boundaries for information disclosure and promotes the dissemination of sensitive information for cybersecurity collaboration.

“After implementing Cyware’s threat intelligence sharing solutions, our membership community has been able to proactively better protect critical infrastructure assets by sharing contextual and enriched sector-specific threat intelligence,” said Jim Linn, CIO of the American Gas Association and executive director of DNG-ISAC. TLP 2.0 implementation will fundamentally transform the entire industry by making threat intelligence sharing more timely, inclusive and secure.”

“Since moving from ME-ISAC to Cyware’s threat intelligence sharing solutions for all of our alert distribution and indicator sharing, we have seen a tremendous increase in member engagement. The increased efficiency in writing and distributing alerts has allowed our analysts to focus more on analysis rather than tedious alert creation, and the incredible granularity of distribution options with the new TLP 2.0 support has made it more targeted Alert distribution allows our members to only receive the alerts that are most important to them,” said Chris Taylor, Director of ME-ISAC.

Commenting on the development, Anuj Goel, CEO of Cyware said, “The initiative to improve the ability to share threat intelligence while keeping pace with the latest industry standards puts Cyware in a leading position in terms of adopting the TLP 2.0 standard. Cyware not only offers large enterprises, MSSPs/MDRs, information communities (ISACs/ISAOs) and national CERTs, but also cutting-edge solutions for threat intelligence sharing, low-code security automation and threat response now taken a step further to organizations across the spectrum to modernize their information-sharing initiatives to foster cybersecurity collaboration.”

Cyware not only connects industry-specific ISACs/ISAOs to their member organizations, but also enables the exchange of ISAC-to-ISAC threat intelligence, allowing organizations from different industries to collaborate against threat actors. Recently, with the integration of CISA’s Automated Indicator Sharing (AIS) threat intelligence into Cyware’s sharing network, Cyware enabled all industries to work more effectively with the Cybersecurity and Infrastructure Security Agency (CISA) by automatically incorporating CISA’s threat intelligence into their security solutions and have been implemented.

The capability also enables organizations to share threat intelligence with CISA to improve understanding of threat actor behavior, including their Tactics, Techniques and Procedures (TTPs) and Indicators of Compromise (IoCs), and to provide automated proactive response to threats. Along with ISAC-to-ISAC clearance and bi-directional integration of the CISA AIS threat clearance capability, Cyware’s launch of TLP 2.0 will unlock the next level of security collaboration at scale and strengthen the country’s cyber resilience across organizations and industries.


Comments are closed.