What's Up with Tech?

From Threat Intel To Unified Cyber Risk Intelligence

Evan Kirstel

Share episode

Interested in being a guest? Email us at admin@evankirstel.com

Noise is the enemy of good defense. We sit down with Jawahar Sivasankaran President of Cyware to unpack how a threat-centered architecture, powered by agentic AI and rich collaboration, can turn scattered data into clear, prioritized action. Rather than adding yet another dashboard, the strategy puts high-fidelity intelligence at the core of the SOC so every control—detection, response, and exposure management—makes smarter moves, faster.

We trace the evolution from a classic TIP to unified cyber risk intelligence, where enrichment, STIX-based normalization, and context from compromised credentials, domain sightings, and digital risk protection reshape triage. You’ll hear why many enterprises still drown in alert fatigue, how agent frameworks outperform simple LLM wrappers, and what it takes to route Tier 1 work to autonomous agents so analysts can focus on adversary mapping, hunting, and enterprise risk decisions. The result: measurable reductions in mean time to detect and respond, plus clearer board reporting on actors, TTPs, and shifting exposure.

Trust and speed also come from the community. We dig into bidirectional sharing with ISACs and focused sector hubs, and how downstream organizations with limited staff can turn shared intel into executable actions, not just headlines. We explore the twin pillars of AI for security and security for AI—covering model and agent risks, governance, and the practical wins of AI-driven SOC transformation. Finally, we look ahead at strategic partnerships and a platform approach that pushes beyond legacy TIP capabilities to meet how attackers operate today.

If you’re ready to cut the noise, put intelligence in the driver’s seat, and let agents handle the grind, this conversation offers a clear blueprint. Subscribe, share with your team, and leave a review with your biggest alert-fatigue challenge—we’ll tackle it in a future show.

Support the show

More at https://linktr.ee/EvanKirstel

SPEAKER_00:

Hey everybody. Fascinating and important topic today as we talk about uh pushing the envelope in AI-driven threat intelligence, orchestration, and collective defense with a true innovator in this space at SciWare. Jahawa, how are you? I'm doing very well. Thank you so much, Evan. Pleasure. Pleasure to be here. Well, thanks for being here. Really intrigued by your mission and background with a long history in this industry, companies like Splunk Cisco and many more. Maybe introduce yourself and what is the uh vision mission at CyWare?

SPEAKER_01:

Yeah, you're right. So I've been in the industry for a while now, you know, big places as well as you know, relatively smaller places. It's VC funded P back. Super excited to be here at Cyber. I'm 11 months in. Uh and um what got me to Cybare is a the need for the industry to focus on jet-centered architectures, uh, which is what we've been lacking. Uh, typically, there's just plenty of noise that you see going around. Um, there's no lack of tools, there's no lack of data. But then when it comes to, hey, let's focus on high fidelity, high priority actions that I need to be taking as a CISO, uh, we definitely were behind as an industry. So that's what CyberDOS. Uh, we were founded in 2018 as a company, and uh uh we focused, we're a leader in cyber threat intelligence. Uh we started as a threat intelligence platform player, if you will, back you know, five, six years back. But where we've evolved as a true leader in broad cyber threat intelligence, but not just cyber threat intelligence, what we've been doing the past um few quarters now, which I would allow to double-click as we go through the conversation, is adding what we what we have seen as adjacent areas like exposure management, like some of the DRP digital risk protection functionalities, they're all they're all coming into this CTI world, the cyber threat intelligence world. Uh, and we are actually leading the industry with that. Uh, so just a couple of weeks back, Gardner came up with a paper that's uh unified cyber risk intelligence. Uh, and we were super excited, hi-fi that it exactly validates our strategy, our product approach, the things that we've been innovating in the last you know year, year and a half.

SPEAKER_00:

Brilliant. And you're leaning heavily uh and early into a genetic AI for threat intelligence and response. Maybe talk about the spark uh behind that.

SPEAKER_01:

Yeah, of course. You know, there's a lot of AI washing that's going on in the industry. Uh so for us, the the focus was we did not want to go out and build another LLM wrapper that would do one or a few things. We wanted to take a holistic approach. So our quarterback AI fabric is focused on having that holistic agent AI approach. Uh, we did launch an MCP server a couple of months back right at Black Hat. But what we are seeing is they're we're leaning in, we're leading the space as it relates to threat intelligence, but also broader SOC and SOC transformation, autonomous SOC, if you will. Uh, and again, going back to our roots, our strengths, which is threat intelligence. So there's you know, there are plenty of players that are doing SOC automation, autonomous SOC. And again, why cyber, why the leadership, you know, that why cyber is the right leader for us to, for, for, for the industry to lean on as it relates to Asian AI capabilities for broader SOC and security operations, clearly goes back to our strengths in threat intelligence.

SPEAKER_00:

Interesting. So, what's a common blind spot that you see typically in enterprises when it comes to acting on threat intelligence versus just you know collecting it?

SPEAKER_01:

Yeah, so there are two ways to look at it. One is enterprises, another one is just threat sharing, but they're all coming together. Let me hit the enterprise side first. The common blind spots that we see is still a lot of enterprises are chasing the noise, if I can put it that way. Uh large enterprises, Fortune 1000, Fortune 2000, almost all of them, they have a mature SIM technology. Maybe they had a first-gen SOAR, that they are moving towards an AI-driven SOAR. But clearly, where they lack is yes, they're doing log management, yes, they're doing event prioritization, uh, yes, they are responding to events, but still the alert fatigue is there because they're not looking at the right events to prioritize, which again goes back to do you have relevant threat information coming in? Is it standards-based? Are you leveraging sticks for standards-based threat analysis? Uh, do you have those threat information, that the threat information coming from the right sources? It could be open source, it could be commercially available feeds. Are you processing them, enriching them the right way? A lot of times what we see is you know customers, even in the Fortune 500, when we go talk to them for the first time, they have indicators of compromise, uh, IOCs coming in, but they don't do the right level of enrichment of those IOCs to then take an informed decision about what do you do with that threat. So there are these gaps that you see across all of the stages, if you will, from threat information collecting to parsing to enrichment, to there's a little bit of collaboration, and then of course the prioritization and eventually the actioning part. So we do see gaps across the board, but if I can summarize it, uh it it's really, you know, people are still getting drowned in the noise and alert fatigue is real. Uh, and when we look at those enterprises that are looking into the future, that see, hey, I need to take a more threat-centered approach. Uh, and that's how I can scale with limited budget skill set gaps that that continues to persist. Uh, those are the enterprises that are that, uh, at least definitely in the last two, three years, they've taken that step to move towards that threat-centered approach.

SPEAKER_00:

Interesting. So attackers are evolving with AI, uh to say the least, uh, it's a revolution in terms of the tools they have available. What kind of attacks or tactics or techniques are you watching now that maybe a lot of defenders aren't?

SPEAKER_01:

Yeah, AI is definitely, I mean, still early days, the how attackers are using AI itself as a tool. Uh, so again, this is where both sides come into play, right? Uh AI for security and then security for AI. Uh, so we're clearly seeing the adoption of AI as it increases. It is opening up new threat vectors. The attack surface itself is changing, it's getting bigger, and attackers are starting to uh use that as a way to get into the enterprise or a government organization. We're starting to see that. Uh, but what's also equally important is how some of these organizations are leveraging AI for getting their security posture to a better place. Uh, and this is where we're super excited with what we are doing with agentik AI capabilities, uh, especially around automating some of the tasks that, you know, again, security automation is not anything new. We've we've had you know pull scripts, you know, Python scripts, you know, we've been doing it for 25, 30 years now in the industry. Uh, but this is not about just automating the processes. This is about bringing it all together, take an integrated approach as it relates to driving better security principles as an outcome, right? Which is kind of where we are lacking. And if you look at the advanced threats that are coming in, that approach is absolutely critical.

SPEAKER_00:

Absolutely. And and threat sharing is critical as well. But there's trust is often missing there, can be very fragile. How do you balance uh openness and insecurity with intelligence collaboration? Uh, what's your philosophy there?

SPEAKER_01:

Great question. So far, we've talked about threat intelligence management, which is all about you know, getting threat information, managing that information, acting on them. Then there's this other thing, which is all about hey, how do you share that threat information? Because at the end of the day, it's almost like the adversaries in some ways are better at sharing information in dark web, deep web. And in some of the sectors, when you look at it, we as an industry we have to step up when it comes to bidirectional threat sharing. So that is something that we are super proud of as a company. Uh, so we do work with almost all of the major ISACs for bidirectional threat sharing. Uh, and this is you know focused on sectors, focused on industries. Uh, we've also built uh hubs and search at the government level. Uh, we also have other hubs, uh, threat sharing hubs, if you will, bidirectional threat sharing hubs uh that's uh that's that's a little more focused, if you will, let's say sports teams, uh um clubs uh that we can that we can drive, or businesses that do have supply chain and downstream um entities that they do want to share threat information. So we built that. We're super proud of that, especially the work that we do, the partnership we do with the ISACs. Um it has come a long way, I would say. They were much better than where we were a few years ago, uh, but still needs a lot of work as it relates to sharing that threat intelligence at the right level, but also helping some of those downstream organizations again and go back to downstream because they might not have not, let alone a CTI cyber threat intelligence analyst, they might not even have a SOC analyst. Maybe they'll have an IT manager. Uh, if you're a member of one of these hubs, they might have an IT manager that's doing all things security as well. So, what do you do with that threat information that's coming to you? So, this is where Cyber is very focused on helping those organizations uh respond to those threats and in many ways proactively defend themselves from those threats, right? So that it's not always reactive that a hub shares a certain piece of threat information and you're acting on it, but help them with proactive threat defense.

SPEAKER_00:

Fantastic. So lots of uh uh media and press about how AI will be augmenting human analysts and tech ops and the balance of work, uh sharing of labor, if you will. What's your approach there? How do you see this uh uh rolling out over the next three years?

SPEAKER_01:

Yeah, there is a role for humans to play that's not gonna change. I think, as with anything that we've seen in the industry over the course of the last almost 30 years that I've been in the industry, uh some of the work that humans are doing today, the mundane, the repetitive tasks, can certainly be certainly be done much better, a lot more efficiently through agents, which is what we're seeing in the initial deployments that we are working with, some of our customers. Uh, and what that means is uh humans do scale up to higher valued tasks. Uh it could be a tier one triage, tier one actioning is done by agents. Uh, but some of those SOC analysts or CTI analysts that were do that that were doing tier one activities, uh they move on to higher level activities and tasks that can truly drive uh better risk management, enterprise risk management. This is beyond cybersecurity. I mean, cybersecurity is having enterprise level impact. Uh, so some of those human capital, some of that human capital can be deployed towards higher-level tasks that can then result in better security posture for the enterprise itself.

SPEAKER_00:

Fantastic. Uh, you must have so many really amazing, gratifying case studies of how you're helping customers. It's notoriously difficult to get those anecdotes or real use cases uh the public. But can you share anything as far as how you're helping shorten response times or even preventing various impacts?

SPEAKER_01:

Yeah, without naming any of the names, uh right. So we we work with large enterprises that do rely on us for advanced threat intelligence, what we call as unified threat intelligence management. Uh and uh where we are super proud is uh our work that, especially the last you know, two, three quarters that we have done, scaling beyond the traditional threat intelligence platform. So we have a couple of uh a few customers, a handful of customers in the last, I would say, let's say the six months or so, where they've scaled beyond threat intelligence platform capabilities to add exposure management capabilities, like compromise credential management is an example. Or uh we've had a handful of customers that do did have a separate malware sandboxing, which was a solution that sat outside that they integrated in. So the results, what they've gotten is um mean time to detect, mean time to respond has gone down significantly. Their security efficacy has gone up overall. Uh they have better control over state-sponsored threat actors, especially they've, you know, based on all the information that we're helping them with. Uh these customers that we've worked with over the course of the last several years, what they've also consistently said, especially at the top end of the enterprise, is I know who my adversaries are, I know their techniques, their tactics, their procedures now much better than before, you know, I had cyber. Uh, and I'm able to respond to those threats, number one, but number two, I'm also able to continuously learn and get that intelligence. Uh because the adversaries are changing. It could be commercial actors, it could be state-sponsored actors. But because I do have this knowledge and I'm acting on this threat information, uh, I am able to constantly learn about uh the threats that I'm facing and the actors that are coming at me. And I'm able to report that to the board, report that to my CEO much, much better than where I was a few years ago. And especially if you're a public company, that means a lot because you might have been flying blind, but now you know, hey, who are the actors that are adversaries that are coming after you? Yeah, I've blocked these, which is good, but I also have that good intelligence to know how these actors are changing over time, and that puts me at a better place for me to proactively defend myself and my enterprise over time.

SPEAKER_00:

Wow, what a what a fantastic vision. And you're clearly doubling down, investing in the future. What's your next frontier or moonshot in terms of threat intelligence broadly? What are you thinking about three, four, five years, maybe that most people aren't talking about?

SPEAKER_01:

I wouldn't even say moonshot, that's right here. That's not even three, four, five years out of it, I would say. Definitely a lot of agent to GAI capabilities that we are that we're building up and we're going to bring it out to the market in a big way. Um, so you would hear from us in the near future. So that's definitely a big focus for us. We're also very much focused on strategic partnerships, strategic partnerships with smaller players, medium-sized, big players, all of that. So, again, in a couple of weeks, you'll hear some big announcements coming out uh from Cyber. Uh, because at the end of the day, this is a team sport, and I know it might come across as a cliche, but that is the fact. Cyber security is a team sport. Uh, so we're working with many of our alliance partners to uh give that platform that our customers are really looking for. Uh, and we're super proud to partner, especially with some of the big players that we are uh you know having strategic partnerships with. Uh, and then the third one that I would point out is um thinking beyond threat intelligence. So there's so much more uh that customers are asking cyber threat intelligence platforms to do, and that includes, again, as I mentioned, compromised credentials. You know, if I have some of my credentials compromised and shared in the deep web, dark web, I want to know about that. That was not traditionally in the CTI umbrella. Clearly, we're seeing that. Uh, domain sightings is another one that we did kind of domain monitoring, domain sightings. Uh, so we're seeing some of those things also getting integrated. So our goal is to be that uh leading platform uh when it comes to yes, all things cyber threat intelligence, but also other things that that customers in the industry is certainly asking us and others to do, and we're leading the factors. So AI, I think AI definitely, strong partnerships, alliances uh with all sizes. Uh, and then number three is providing the platform approach uh where we can certainly help our customers beyond uh what legacy tip players did.

SPEAKER_00:

Well, amazing progress. Congratulations on the success, and customers are waiting for uh you know what's next. Uh it's just great to hear the progress with Agentic AI, and I'll be sure to look you up at RSA, which I guess is only a few months away now in San Francisco. Um, thanks so much for sharing the vision and mission.

SPEAKER_01:

Thank you so much. Thank you for having me. Uh it's a great opportunity to share where we are going uh and honestly where we are in today and the benefits that customers are seeing uh as they embrace our platform.

SPEAKER_00:

Thank you. Fantastic. Thanks, Alan. Thanks everyone for listening and watching. Also, separately check out our TV show at techimpact.tv, now in Bloomberg, and Fox Business. Thanks, everyone. Thanks, Jella.