Knowing is Half the Battle

February 21, 2019

CISOs (and, for that matter, most cybersecurity professionals) are frequently lost in a "fog of more," more vulnerabilities, more threats, more data from more sources, but less time to make effective decisions. Your adversary's capabilities, motives, and actions are often ambiguous and unpredictable. Maintaining a constant state of situational awareness is critical in order to grasp how information, events, and one's own actions will affect the organization's goals. Poor decision-making is further compounded by high information flow, time pressure, and uncertainty. CTCI cuts through the "fog of more" by collecting, distilling, and synthesizing enormous amounts of threat intelligence to provide decision-makers with timely and relevant insights that can mean the difference between success and failure.

CTCI has a product called CEWL (pronounced "cool"). The CVE Early Warning list is a list of vulnerabilities threat actors are using in the wild or about to use. Recorded Future, the world's largest enterprise threat intelligence company, invested in CTCI, and their Chief Data Scientist said this, "CTCI has developed a unique, intelligence-driven method to identify weaponized vulnerabilities that we have not yet come across in the industry ... This is vital information for defenders as they need actionable intelligence to proactively protect their organizations."

At CTCI, we believe, "knowing is half the battle." An analogy. If you received trusted actionable intel that a burglar would break into your house tomorrow, you would quickly determine what to do to protect your property. You would deploy countermeasures such as: removing things of value, putting bars on the window, using a guard dog, configuring cameras, changing the number of your house (deception), etc. The same concept is true with  CEWL. You will use this information to protect your organization and deploy one or more countermeasures such as patch, mitigate, detect, and threat hunt.  

We provide you with the world's best actionable intel, so you can prioritize what to focus on, thereby reducing the likelihood of being compromised or breached.

Our product is CEWL, the CVE Early Warning List. It is provided as a SaaS portal and fully backed by an API. There are many ways to use the CEWL list, depending on the maturity of your organization.

We are finding that CEWL helps to reduce the "fog of more" by 10x and makes the team 95% more effective in focusing on which threats are real. CEWL is vendor-agnostic and can be easily integrated into your current processes.

Value in five minutes

Here are a number of the ways:

Treating new entries added to CEWL as critical CVEs makes it easy to determine what to focus on. A junior vulnerability analyst's maturity level goes from level one to four using CEWL.

Using CEWL as a Trusted Advisor - allows better conversations with teams across the organization as the reason to take action.

Uplift your internal threat intelligence team with the information in CEWL.

For previous CEWL entries, run a Vulnerability Management scan and match these with CVEs in the list. Assign a higher ranking for critical assets that are in CEWL.

Buy partner licenses and ensure these attacks are not compromising your supply chain/partner network. With CEWL, you can integrate what CVEs your supply chain/partner network has patched using the processed visibility feature.

Using the CEWL Saas, set up different groups within your organization to be notified of being added to CEWL. For example, automatically inform the network team of new CISCO vulnerabilities that need to be mitigated.

CEWL will help you be more effective and produce better outcomes across the organization. Doing less work and being a lot more effective. Concentrating on what threat actors are doing significantly reduces the risk of being compromised while reducing the amount of work effort in protecting the organization. Instead of concentrating on 1,000s of possible things a day, it allows you to focus on what is really being used in attacks. It's like a Jedi-mind laser-focus that quickly will enable you to stop your attacker.

Figure 1, Organization benefits of using CEWL

Strategic Value - Get ahead of the game  

Some of the ways you can be strategic with CEWL:

Be proactive, knowing a CVE is in CEWL,  plan downtime instead of systems brought down causing outages.

Use the CEWL information in an intelligence-driven cycle and gain as much intelligence from CEWL and your environment to make important changes to technologies, processes, structure, and people.

Use SOC tickets on what prevented/detected/mitigated compared to the CVE threats within CEWL - determine the effectiveness of the controls and see what to do about the breadth and depth of your security controls. Do you have too much in one area, not enough in another?

Some regulatory controls are coming into this space. Use CEWL today so that you can meet these emerging regulatory controls.

Uplift your internal threat intel team when it comes to CVE Actionable Intelligence.

It's hard to get and retain excellent security peeps. This information can uplift your team and help improve the outcome of less skilled personnel.

and more.

Trial CEWL today, send an email to

Knowing Is Half the Battle
get access now