Building a Stronger Cyber Defense in Romania Through Threat Intelligence Sharing

Building a Stronger Cyber Defense in Romania Through Threat Intelligence Sharing

How both private and public sectors collaborate in Romania to protect customers proactively

Cyber-attacks evolve faster than any single organization can track alone. That’s why Threat Intelligence (TI) sharing - done responsibly, with trusted partners and clear operational outcomes - is becoming a cornerstone of modern cyber resilience in Romania and across Europe.

At Revel, we are strengthening this ecosystem through TI collaboration with the National Directorate of Cybersecurity (DNSC) and University Politehnica of Bucharest (UPB). In parallel, through the SOCcare project, we’re expanding cross-border collaboration by sharing TI feeds with NRDCS Lithuania, helping to improve regional readiness and early warning.

This isn’t TI for reporting purposes. It’s TI designed to reduce real customer risk by turning observations into actionable detections and preventive controls, as reflected in our end-to-end approach (collection → validation → sharing → customer protection).

What makes Revel’s TI valuable for customers

Most organizations don’t need “more data.” They need earlier, clearer signals and a way to apply them quickly. Revel’s TI program is built to deliver exactly that.

    1) Proactive mitigation - before incidents become tickets

    Because Revel gathers threat signals from dedicated sensors deployed globally, we often see malicious activity early: scanning waves, exploitation attempts, and infrastructure that is being prepared for broader campaigns.
    That intelligence is then translated into detections and actionable indicators of attack and distributed to customer environments - supporting actions such as:

    • Automated blocking in XDR for high-confidence malicious processes and/or connections
    • Early alerting in SIEM so SOC teams can respond before impact
    • Faster containment because the “what” and the “why” are already enriched and validated

    Result: customers can stop threats upstream, reducing the likelihood of compromise, downtime, and costly incident response.

    2) Higher fidelity alerts (less noise, more confidence)

    TI is only useful if it’s trustworthy. A key benefit of Revel’s approach is that indicators are not blindly forwarded. They are validated and contextualized before being operationalized into detections. That typically means:

    • fewer false positives and less analyst fatigue
    • clearer prioritization of what truly matters
    • faster decisions during high - pressure situations

    3) Faster investigations and clearer reporting

    TI is most effective when it fits naturally into day-to-day SOC work. Revel’s workflow supports structured handling of intelligence and incidents, thus, customers benefit from:

    • better traceability from “indicator observed” → “detection created” → “action taken”
    • consistent documentation and easier internal reporting
    • smoother collaboration between SOC analysts and operational stakeholders

    4) Continuous improvement of defenses, not just reactive response

    TI shouldn’t only help detect threats - it should help raise security maturity levels. Revel uses TI insights to help validate and improve defensive posture over time, so detections and controls stay aligned with the evolving threat landscape.

    5) Broader visibility through national and cross-border collaboration

    Collaboration with DNSC and UPB strengthens national-level awareness and analytical depth. Through SOCcare, sharing curated TI feeds with NRDCS Lithuania improves cross-border readiness - because attacker infrastructure and techniques rarely stay within one country.
    This translates into:

    • earlier warning of campaigns seen in other regions
    • better preparedness for threats that “travel” across borders
    • improved resilience through collective defense

From global observations to customer protection (in one story)

Revel’s model connects three critical layers:

  • 1. Global sensing (strategically distributed nodes) to observe attacker behavior early
  • 2. Analysis and validation to ensure intelligence is accurate and actionable
  • 3. Automated delivery into customer controls (SIEM/SOAR/XDR) so intelligence becomes prevention and detection - not just information

    • This is how TI directly contributes to proactively mitigating incidents: detections built from these TI sources can trigger alerts early, support automated blocking where appropriate, and reduce the time between “threat exists” and “customer protected.”

    Looking ahead

    Threat intelligence sharing is no longer optional - it’s a strategic advantage when it is trusted, curated, and operationalized. Revel will continue to invest in:

    • expanding collaborative sharing with Romanian Entities.
    • strengthening cross-order exchange through SOCcare with other TI EU partners
    • improving how quickly intelligence becomes real customer protection

    The SOCcare project is co-funded by the European Union, in collaboration with University POLITEHNICA of Bucharest and NRD Cyber Security, and supported by the European Cybersecurity Competence Centre (ECCC) under Grant Agreement No. 101145843.