Cyware & Microsoft partner to streamline threat intelligence sharing

Cyware has confirmed a strategic partnership with Microsoft to provide integrated threat intelligence workflows for enterprise and public sector security teams.

This collaboration enables a bi-directional exchange of threat intelligence between Cyware and Microsoft Sentinel, allowing both platforms to share and ingest actionable threat data. The integration is intended to support security teams in streamlining investigations and response through real-time context sharing and automation.

Bi-directional integration

According to the companies, the partnership will expand threat intelligence sharing and operational capabilities for joint customers. Microsoft Sentinel can now ingest threat intelligence from Cyware, while Cyware can receive intelligence from Microsoft Sentinel. The integration includes support for STIX/TAXII-based threat intelligence sharing, designed to validate indicators at scale.

Many security operations teams face challenges in operationalising threat intelligence due to siloed information, inconsistent context, and manual processes. By automating threat intelligence ingestion, enrichment, and actioning, the new integration aims to address these issues and enhance the effectiveness of security operations.

"This partnership with Microsoft brings together Cyware's strength in AI-powered threat intelligence operations and Microsoft's security technology to help customers make smarter, faster decisions. By meeting defenders directly in Microsoft Sentinel, and making Cyware deployable through Microsoft Commercial Marketplace we are reducing friction from purchase to value while giving security teams enriched, high-fidelity intelligence they can act on immediately," said Anuj Goel, Chief Executive Officer and Co-Founder, Cyware.

The partnership also makes Cyware's solutions available in the Microsoft Commercial Marketplace, providing simplified procurement processes for commercial and government customers.

Expanded integration with Microsoft security solutions

Cyware Intel Exchange has also been integrated with Microsoft Defender. This enables Defender Threat Intelligence feeds to flow into Cyware's platform, which can then enrich incoming intelligence and automate indicator searches against Microsoft Defender data. This integration is designed to speed up security triage and investigations by providing more relevant and timely data for analysts.

"We're focused on empowering every defender with a more connected, intelligence-driven experience. This partnership with Cyware extends how threat intelligence is shared, validated, and automated across Microsoft Sentinel, helping customers streamline workflows, strengthen detection quality, and accelerate response," said Erez Einav, Corporate Vice President, Sentinel and Defender XDR at Microsoft.

Ongoing collaboration

This new partnership builds on Cyware's membership in the Microsoft Intelligent Security Association (MISA) and its role as an initial launch partner for Microsoft Security Copilot. The companies have indicated the partnership will strengthen integrations among Cyware Intel Exchange, Microsoft Sentinel, and Microsoft Defender, including support for Azure-hosted deployments for customers standardising on Microsoft solutions.

Through the expanded collaboration, Cyware and Microsoft aim to provide an end-to-end solution for operationalising and automating threat intelligence, focusing on improving detection, sharing, and response capabilities for joint enterprise and public sector customers.