DeCYFIR
External threat landscape management platform for predictive cyber intelligence and attack surface discovery.
Vendor Information
DeCYFIR Overview
CYFIRMA DeCYFIR is the industry's first External Threat Landscape Management (ETLM) platform that delivers predictive, personalized, and contextualized cyber intelligence enriched with attack surface and digital risk insights. Unlike traditional threat intelligence platforms that focus on reactive indicators, DeCYFIR identifies threats at the reconnaissance and weaponization stages before adversaries begin exploitation, providing organizations with the critical time advantage to close security gaps proactively.
The platform operates through a comprehensive 9-pillar framework covering Attack Surface Discovery, Vulnerability Intelligence, Brand Protection, Digital Risk Management, Third-Party Risk, Situational Awareness, Predictive Threat Intelligence, Threat Adaptive Awareness Training, and Sector-Tailored Deception Intelligence. DeCYFIR's AI-powered behavioral analysis engine automatically baselines normal activity to detect anomalies, while its threat intelligence integrates data from deep and dark web sources, criminal forums, and encrypted channels to provide outside-in visibility that connects threat actors, motives, campaigns, and attack methods into actionable intelligence tailored to each organization's industry, geography, and technology stack.
Founded in 2017 and headquartered in Singapore, CYFIRMA has raised $22.5M in funding from investors including MDI Ventures, NTT Finance, and Larsen & Toubro. The company serves over 100 enterprise customers globally including Mitsubishi Motors, NEC, Subaru, and government agencies, with strategic partnerships including NTT DATA for global AI-powered threat intelligence and Carahsoft for US public sector distribution.
Key Capabilities
Standardized capabilities mapped to this product's security niche
Discovers fake websites, social media profiles, and mobile applications impersonating the organization, using domain similarity, visual fingerprinting, and content analysis.
Monitors external sources for leaked personal data, credential exposure, targeted phishing infrastructure, and social media impersonation targeting named executives.
Identifies the organization's internal documents, source code, credentials, and PII on paste sites, code repositories, and dark web data markets.
Monitors newly registered domains using typosquatting, homograph, and combosquatting techniques against the organization's brand, surfacing phishing infrastructure before campaigns launch.
Submits abuse reports to registrars, hosting providers, and platform operators to remove confirmed phishing pages, fake profiles, and impersonating applications.
Monitors dark web forums, marketplaces, and access broker listings for mentions of the organization, active threats, and sale of stolen access or data.
Ingests structured threat intelligence in STIX 2.x format over TAXII 2.1 from commercial, government, and ISAC feeds, normalizing indicators and TTPs into a common data model.
Maintains structured profiles of named threat actor groups with associated TTPs, infrastructure patterns, targeting history, and motivations, updated from multiple intelligence sources.
Augments raw IoCs (IPs, domains, file hashes, URLs), with threat actor attribution, campaign context, confidence scores, and expiry dates to reduce false positive operational noise.
Pushes enriched IoCs directly into SIEM detection rules and SOAR playbook inputs, automating indicator lifecycle management rather than requiring manual export and import.
Monitors dark web forums, marketplaces, and Telegram channels for mentions of the organization, leaked credentials, sale of access, and targeted threat actor activity.
Supports structured analytical methodologies for threat intelligence production, attribution, campaign tracking, and relationship mapping between adversary, infrastructure, capability, and victim.
Integrations
Compatible tools and platforms
Solution Details
Compliance & Certifications
Regulatory frameworks and security certifications
Deployment Options
Where and how this solution can be deployed
Support Channels
Available support and communication options
Pricing Model
How this solution is priced
How to buy
This profile hasn’t been claimed yet. Contact the vendor directly for pricing and purchasing options.
Is this your company?
Claim Your Profile