Use Feedly’s AI Engine to get the full picture you need to quickly prioritize critical vulnerabilities and minimize exposure
Exploited and critical CVEs need to be prioritized as soon as possible to limit exposure.
But manually gathering the full picture needed to make smart prioritization decisions is tedious.
We are excited to announce the new Leo CVE Intelligence Card.
It’s a machine learning model that aggregates, analyzes, and synthesizes vulnerabilityinformation from across the web in real-time so that CTI teams can easily:
Get a 360-degree view of a CVE without having to open a multitude of tabs
Discover critical, exploited, and trending vulnerabilities early
Easily link vulnerabilities to threat actors, malware families, and TTPs
Predict the CVSS severity, CWE, and popularity of zero-days
Introducing the new Leo CVE Intelligence CardFeedly’s AI Engine aggregates, analyzes, and synthesizes millions of articles
Leo aggregates CVE information from NVD, 25+ vendor advisories, Github, and 10 trusted exploit sources to offer you in one place all the information you need to prioritize an emerging vulnerability.
Leo also predicts the CVSS severity and CWE when it is not yet available on NVD.
You can use the cut and paste action to capture the information you need to create a ticket for your team to review this vulnerability.
Get a 360-degree view of a CVE to easily prioritize critical vulnerabilities
Leo identifies links between the CVE, threat actors, and malware families by analyzing news articles, threat intelligence reports, and social media posts.
Quickly research adversary activity and awareness level
This graph also captures how many sources and social media accounts are mentioning the CVE and compares it to the number of mentions of other CVEs of the same vendor, allowing you to detect trending vulnerabilities early.
Leo organizes all the information he aggregated and analyzed into 3 buckets: vendor advisories, references (trusted and highly curated cybersecurity sources), and social media chatter.
Skim through advisories, trusted reference articles, and social media chatter in one place
As soon as Leo discovers a mention of a vulnerability on news sites, research blogs, vendor advisories, or social media posts, he will create a CVE intelligence card. You can access the CVE intelligence card of any CVE using the https://feedly.com/i/cve/$cve-id URL format.
The CVE intelligence card is one of the machine learning models included in Feedly for Threat Intelligence. Start a free 30-day trial to see how Feedly can help you speed up your threat intelligence.
Example: Proof of Exploits related to Google ChromeA machine learning model that flags mentions of exploitsFewer false positives than basic keyword searchesQuickly identify key exploit sentencesPopular exploit use cases
Speed up your cyber threat intelligence
Proof of exploit is one of the machine learning models included in Feedly for Threat Intelligence. Start a free 30-day trial to see how Feedly can help you speed up your threat intelligence.
Leo now autocompletes specific CVE IDs so you can monitor for exploits or attacks, or track threat intelligence reports mentioning the CVE
Looking to monitor a specific CVE ID? Previously, you had to type in the exact CVE ID and be sure it was the right number. Now, Leo autocompletes the CVE ID and shows you the description of the vulnerability, so you can be sure you’re tracking the right one.
Just start typing the CVE ID and choose the correct ID from the menu. Then, refine your Leo Web Alert and add it to a Folder.
This is a small improvement to the UI that makes it much easier for you to quickly track a CVE (instead of entering the ID manually) and to make sure you’re tracking the right CVE.
Create a Leo Web Alert to track a CVE and get updates as it develops
The more high profile a CVE becomes, the more likely threat actors will develop exploits for it. You can keep an eye on a trending vulnerability by simply creating a Leo Web Alert and adding it to your “Trending vulnerabilities” Folder, for example.
Track cyber attacks related to the CVE
When it’s taking a while to apply a security patch, you want to keep an eye on the tactics used to exploit the vulnerability. Create a Leo Web Alert for the CVE ID and the concept “Cyber Attacks” and Leo will look for attacks or exploitation attempts related to the specific CVE.
Then, you and your team can use this information about available exploits to prioritize which vulnerabilities to patch. You can also update the Leo Web Alert to add more CVEs if needed, like when a vulnerability has multiple IDs associated with it.
Track indicators of compromise related to exploitation attempts
Tracking, gathering and ingesting indicators of compromise is a great way to proactively hunt for signs of an attack on your environment. Since Leo allows you to gather and export IoCs from multiple sources (including articles, Twitter, Reddit, and emails), you can create a Web Alert to track a specific CVE ID and the “Indicators of Compromise” Leo Concept.
Once you create a Leo Web Alert for IoCs related to the specific CVE you’re tracking you can easily export the resulting IoCs with context and add them to your own security environment.
Track threat intelligence reports published about the CVE
Gather intelligence others have curated by adding the “Threat Intelligence Report” Leo Concept to your Web Alert. When you combine the CVE ID with the Threat Intelligence Report Leo Concept, you’ll get Threat Intel Reports mentioning the CVE.
Bundle these concepts together into a single Web Alert to keep an eye on a specific CVE
And if you want to get all angles of a CVE, you can combine all of these concepts into a single Leo Web Alert. Just track the specific CVE ID and add other Leo Concepts like Indicators of Compromise, Threat Intelligence Reports, and Cyber Attacks.
And don’t forget — to get a complete overview of a specific CVE in the moment, you can also click on the CVE ID and open up the CVE Intelligence Card. You’ll find an at-a-glance overview of exploits, malware families, and related threat actors in a single view.
Try tracking a specific CVE in Feedly
Not a member of the Feedly for Threat Intelligence community yet? Try a free 30 day trial and speed up your discovery and research of emerging threats.
Leo recognizes IoCs mentioned in articles, and can gather them for you
Finding and collecting relevant indicators of compromise is critical to your security, but with millions of articles to sort through, discovering and collecting the right ones is a challenge. Even if you know where to look, IoCs can be easy to miss and tedious to upload to your threat intelligence platform.
This is why we’re excited to announce that now you can discover, collect, and export malicious IPs, domains, hashes, and URLs mentioned in your Feeds or across the web, because Leo recognizes indicators of compromise.
We trained Leo, your AI research assistant inside Feedly, to understand, find, and even export IoCs, so that they are easier to find and prioritize. This feature is included with Feedly for Cybersecurity.
“Being able to track IoCs with Feedly has been very helpful, our team has been using the new feature every day to be on top of potential risks. Just today,Leo was able to spot three IoCs in a long report I was reading although I hadn’t noticed them.”
Michelle Barro, Threat Intelligence Analyst at Verizon
Collect IoCs from across the entire web
Leo recognizes malicious IPs, domains, hashes, and URLs within the text of articles, Tweets, or Reddit posts, and tags articles so you know how many and what type of IoCs appear in a given article.
When an article contains an IoC, Leo will highlight it for you so it’s easy for you to find and confirm, even if it is buried in the text of a long article or threat intelligence report.
If the IoCs are relevant, you can export them to a markdown or STIX file that will include critical context such as the article link, malware, threat actor, CVE, product, and TTP information.
To track indicators of compromise from across the entire web, click the “+” symbol on the left hand navigation menu, and navigate to the ‘Web Alerts” tab. Type “Indicators of Compromise,” then click “+ AND” to refine your Web Alert further if needed.
Now that I can use Feedly to track IoCs across the web, our process to upload new indicators to our environment is much faster and easier. Being able to track IoCs across millions of sources on the web helps us cover every base possible.”
Cybersecurity engineer at a leading Fortune 500 technology company
Find and export indicators of compromise
Feedly for Cybersecurity is an OSINT platform used by more than 100 cybersecurity teams globally to speed up their threat intelligence. See how Feedly can help you conduct threat research up to 70% faster by starting a free trial.
Find IoCs related to a specific threat actor or malware
Let’s say you want to search for indicators of compromise related to a specific threat actor or malware. You can use Web Alerts to flag IoCs that match your query, even if the articles are from sources you don’t specifically follow.
The Web Alert shown in the example below will look for IoCs related to the Cobalt Strike malware family, making it easy to find what’s relevant, export it in seconds, and proactively monitor the web for future IoCs relevant to you.
Find and export IoCs and their context
When you open article(s) that contain IoCs you’d like to upload to your preferred threat intelligence platform, you can export them in either STIX or Markdown formats. This is a significant time saver in contrast to scrolling through the article and copying and pasting what you need.
Your export will also include the IoC context such as the original article link, related malware, threat actor, CVE, product, and TTP information. This makes it even easier to take action. Here is an example of a STIX export:
Automate your IoC collection process with the Feedly API
The Advanced Feedly for Cybersecurity plan includes up to 100,000 requests per month and the full power of the Feedly API. Any action a user is taking in the Feedly application can be performed via the Feedly API, including collecting IoCs. You can access instructions for doing so here.
You can use the Feedly API to aggregate indicators of compromise and their context (associated threat actors, malwares, vulnerabilities and TTPs) from recent articles in a Feed, and return a single STIX object with all of those components and their relationships.
To learn more about the power of the Feedly API or begin a trial or proof of context, click here.
It used to be particularly tedious to track the IoCs that are related to the critical UI CVEs or products my team has to be on top of. Now, with Feedly’s new IoC feature, I can track IoCs in a much faster and more visible way.”
Michael Rossi, Independent Security Consultant
Find relevant IoCs previously published online
Finally, if you need to search for a specific set of IoCs already published online, you can do this via Power Search. Power Search allows you to leverage Leo’s knowledge graph within your existing Feeds or across the web, allowing you to get much more granular and accurate than standard web searches.
Click the “” icon in the left navigation menu to access the Power Search screen. From here, you can look for any articles that contain indicators of compromise. This is ideal when you need to track a malware family you haven’t tracked before, and want to quickly find known IoCs that are already available online.
The Indicators of Compromise feature, CVE dashboard, cyber attacks Smart Topic, and several more advanced features are included with Feedly for Cybersecurity. This enterprise package is perfect for cybersecurity teams that need to conduct open-source threat intelligence more efficiently. To learn more about any of these features, or start a free 30-day trial, click the link below.
Find and export indicators of compromise
Feedly for Cybersecurity is an OSINT platform used by more than 100 cybersecurity teams globally to speed up their threat intelligence. See how Feedly can help you conduct threat research up to 70% faster by starting a free trial.
An inside look at how the Airbus CyberSecurity team is using Feedly to monitor and share actionable insights
Impact
A cohesive, streamlined workflow for threat intelligence that saves hours every week
Increased customer satisfaction due to improved speed of intelligence
Real-time sharing makes it easy to instantly alert customers and collaborators
THE CHALLENGE
“The process used to be way too time consuming and manual”
Chris Pickard, Cyber Threat Intelligence, and Adam Thomas, Vulnerability Analyst, lead the cyber threat intelligence (CTI) team at Airbus CyberSecurity in the UK. The team has since grown significantly, but just a few years ago they were a small team with painfully manual processes for gathering threat intelligence.
Chris remembers, “We had our favorite sites that we would go to stay on top of the latest trends and to monitor newly released vulnerabilities. It was a more time consuming process compared to how we do things now, and on reflection, it was less structured ” He adds, “We’d have all sorts of set places we would go to to get the news and to get the latest vulnerabilities. It worked but it could sometimes be a frustrating process.”
Before the CTI team enhanced their news gathering and vulnerability monitoring capability with Feedly, they collected information individually. The process is now much more collaborative, with each member of the team having access to and visibility of the Feedly platform. He adds, “We wanted a way of getting news to our customers much more quickly and to work together in a more streamlined way.”
Like many current Feedly for Cybersecurity teams, Chris had been using Feedly for personal use in the past. Once he and Adam discovered Feedly’s cybersecurity-specific features, they felt like they had found a cheat code for finding what matters and getting it to the right people, faster.
“We wanted a way of getting news to our customers more quickly and to work together in a more streamlined way.”
Chris Pickard, Cyber Threat Intelligence
Immediate impact from the proof of concept
Chris and Adam still needed to convince upper management to adopt Feedly for Cybersecurity. Chris says, “One of the obstacles we faced was to convince management of the benefits that Feedly would provide. From a management perspective they were already aware that the team were doing a good job, but the challenge we faced was to demonstrate the improvements Feedly would bring to the table”
After a few months of switching the manual process to a more streamlined intelligence workflow with a trial of Feedly for Cybersecurity, “It reached the point where our customers were giving positive feedback about how we were able to respond to the latest trends, while also keeping them informed of the news and our response to it. The efficiency of the new workflow really helped us promote Feedly within Airbus.” Internal management teams, other security teams, and their external customers noticed and appreciated the increased speed in which they were receiving threat intelligence.
“It reached the point where our customers were giving positive feedback about how we were able to respond to the latest trends, while also keeping them informed of the news and our response to it. The efficiency of the new workflow really helped us promote Feedly within Airbus.”
Chris Pickard, Cyber Threat Intelligence
Adam adds “The feedback that we received from the customers has already proven that Feedly was worth the investment.” He adds, “Once the customer reviews started backing up what we’d been saying all along, then there was no decision to be made, to be honest. It was easy to convince management to adopt Feedly from then on.”
THE SOLUTION
Increasing speed of intelligence with a streamlined OSINT process
At Feedly, we use Airbus CyberSecurity’s workflow as a model to teach other security teams to set up efficient, collaborative intelligence gathering processes using our platform. This is how they get actionable cybersecurity intelligence to their customers in a matter of minutes.
1. Asking Leo to track customer assets and products
Chris and Adam ask Leo, Feedly’s AI research assistant, to track anything related to critical vulnerabilities affecting them and their customers’ assets and products across the web (not just in the sources they follow in Feedly). They can then add the results of these Leo Web Alerts to their Feedly account.
Then, using a portfolio of security sources they trust, Chris and Adam asked Leo to prioritize anything related to their customers, including customer assets and products. With Priorities, Leo reads all incoming information and surfaces the most relevant content, based on the specific parameters Chris and Adam set up. According to Chris, “We know that anything that’s triggering the Priorities is something we need to focus on. Instead of us having to hunt for actionable intelligence from different sources, we can just have a glance at the Priorities and go from there.”
Chris and Adam asked Leo to prioritize news about high vulnerabilities related to their customers and products they use
2. Immediately viewing and sharing CVSS scores and trending vulnerabilities
With Feedly for Cybersecurity, Chris and Adam can see the CVSS score directly in their Feeds, which gives them more tools to share with customers. They can click into a CVE Card, to access all the information related to the CVE, access the severity of a vulnerability, and determine if it should be escalated to their team for further research without zig zagging across different tabs. If not provided by the National Vulnerability Database (NVD), Leo will estimate the CVSS score and CWE attack type for each vulnerability.
“We can just look at Leo’s prioritization and see what needs to be taken care of first,” says Chris. “It’s really helpful to see the top attackers and go from there.”
3. Instantly sharing articles with external email addresses
If they find a critical vulnerability about a customer’s supply chain, for example, Chris and Adam’s team need an easy and fast way to get it to the people who need to know.
The team initially had a solid workflow set up, and with a few tips from Remi on the Feedly customer success team, they made it even more streamlined. Remi says “The Airbus CyberSecurity team had developed a clever workaround with IFTTT to send articles to a list of six external customers.” But there was room for improvement, so “during one success session, we were able to tweak it a bit to send polished emails directly from the Feedly interface, without using a third-party tool as a workaround.”
The Airbus CyberSecurity CTI team sends articles instantly from Feedly to external recipients via email, by tagging them in the Notes
4. Curating relevant content daily for each customer for instant, organized communication
To organize information to share with customers, Chris and Adam created one Team Board per customer. Team Boards are shared spaces to save articles, and can trigger other automations, like the Slack integration or an email. If Chris saves an article to a customer’s Board, it can immediately trigger a Slack message or an email notification to the customer. “I used to have to summarize gathered intelligence in an email and send it to customers. Now I can just attach relevant information to a Board and I can send it instantly to the people that need it.”
In Team Board > Sharing Settings, the team turns on Slack notifications and choose which Slack channel receives a notification when they save an article to that Board.
Notifications from Boards can be sent to anyone via email, whether or not they have a Feedly account. Chris and Adam send articles to analysts, CTO teams, or even the CEO. “Everyone sees these notifications straight away, and it’s just a really good way of getting it to them quicker.”
5. Sending proactive briefings via automated daily and weekly Newsletters
Apart from ad hoc alerts when relevant issues come up for customers, Chris and Adam also send out daily and weekly newsletters on topics of interest. They add any articles that customers might find interesting to a dedicated Board. They’ve configured the Board to automatically send a Newsletter, which is an automated roundup of recently added articles that can be sent at regular intervals.
Instead of copying and pasting multiple articles into a weekly email, Chris and Adam automate their weekly roundups to send directly as Newsletters from their assorted Boards.
THE RESULTS
A fast, streamlined OSINT workflow that leaves time for analysis
The most noticeable impact of using Feedly? The stellar feedback the CTI team has received from both internal and external customers. Chris says, “Customers really love the speed that we are able to quickly get the news to them. As soon as something hits the news, like a critical vulnerability that affects them, we can notify them within minutes.”
Sending out regular news roundups is much easier, too. Chris says, “Team Newsletters have made the biggest difference for me because it’s saved so much time.”
The firehose of information is quickly reduced to only what’s relevant
By asking Leo to track their customers’ assets and products both across the web and within their trusted security sources, Chris and Adam can feel confident they’re not missing anything, but they can also make sure they’re not wasting time on irrelevant news.
“I was amazed by the sheer amount of information Feedly brings in, and then how quickly that’s cut down to what’s relevant, I’ve not used a tool that has the same level of impact.”
“I was amazed by the sheer amount of information Feedly brings in, and then how quickly that’s cut down to what’s relevant, I’ve not used a tool that has the same level of impact.”
Adam Thomas, Vulnerability Analyst
Improved communication and cohesion makes the job easier
The process is now much more collaborative, with each member of the team having access to and visibility of the Feedly platform, which avoids duplicate work. And avoiding duplicate work is like having an extra person on the team. Chris says, “The time saved has enabled us to put more resources into threat hunting, vulnerability research, and improving existing processes.”
Working together in a more cohesive way also gives the team the confidence that they’re collectively catching everything they need. Adam adds, “We know that once we put parameters into Feedly, it’s definitely doing its job and is capturing everything we need it to. And we’re not missing anything.”
“We know that once we put parameters into Feedly, it’s definitely doing its job and is capturing everything we need it to. And we’re not missing anything.”
Adam Thomas, Vulnerability Analyst
Chris (left) and Adam (right) of Airbus CyberSecurity
What’s next: even more automation and indicators of compromise
When it comes to threat intelligence with Feedly, the Airbus CyberSecurity CTI team is only just getting started. What’s next? Adding even more automation. Chris and Adam are looking to leverage Feedly’s API so they can integrate their intelligence gathering workflow with tools they’re already using, like MISP.
They’re also participating in the beta program of Feedly’s Indicators of Compromise feature, so they can quickly discover and collect malicious IoCs from security news sources, Twitter, and Reddit, and then easily export IoCs with context.
Stay tuned, the Airbus CyberSecurity CTI team is leading the way for efficient, collaborative, and effective threat intelligence.
Gather critical insights quickly, all in one place
Cut down the information overload to only the relevant news, so you can proactively alert customers or internal team members in minutes.
How one cybersecurity analyst leveraged Feedly to proactively evaluate news around the breach and protect his company and their clients and stakeholders
Back in 2020, it wasn’t hard to find information about the SolarWinds breach. In fact, the problem for cybersecurity analysts like Drew Gallis was the deafening noise of commentary about the breach. In a time of crisis, sites like New York Times and other editorial sources tend to drown out actionable technical information from security-specific sources.
“SolarWinds catapulted into this massive newsline of all these articles saying stuff with no technical insights.”
Drew Gallis, Cybersecurity Analyst, WillowTree
Drew is a cybersecurity analyst at WillowTree, a digital product consultancy with clients including HBO, Domino’s, Anheuser-Busch InBev, FOX Sports and Hilton. He’s part of a small security team responsible for incident response, incident remediation, reporting on security news, and securing web and mobile applications. Given the limited amount of time he has for monitoring threat intelligence, Drew needed a way to separate critical technical updates from useless news commentary around the SolarWinds attack.
Finding actionable technical insights amid the noise of the attack
“A lot of news organizations just point fingers at different companies, without actually providing any technical backing as to why they’re saying these things,” says Drew. He needed to find useful, actionable information he could leverage to equip his company with the facts they needed to protect themselves and their clients from breaches related to SolarWinds.
Drew and the cybersecurity team at WillowTree leaned heavily on their Feedly setup to monitor security news during the SolarWinds attack. In the article he published about the breach, Drew writes, “Feedly allows us to leverage and utilize an AI called Leo, which can sort and aggregate our “feeds” by filters which narrows down on key indicators such as organization breaches, critical CVEs, vendor releases, system vulnerabilities, new security tooling, etc.”
“I used Feedly to find the real technical insights as to what happened during SolarWinds. So I could easily see IoCs and technical documentation as to how the attack was carried out.”
Using Leo to eliminate false information and gather IoCs
Drew used Leo to quickly eliminate false information which was abundant on the topic, such as accusations of Russian-owned company TeamCity. He was also able to gather any indicators of compromise (IoCs) on the issue, such as logs, data, and statistics.
By gathering threat intelligence during the SolarWinds attack, Drew and his team were able to hand off actionable reports to developers and project managers to help WillowTree’s clients proactively protect against breaches. He says “I use Feedly to consolidate information and quickly generate actionable documentation and reports that we can then share with our clients. For SolarWinds, I was giving our clients indicators of compromise and different domains associated with the actual breach so they could better protect themselves.”
Drew uses the information he finds in Feedly to make sure he’s not only educating clients about indicators of compromise and proofs of concept related to SolarWinds, but also helping them protect themselves during future attacks.
“I use Feedly to consolidate information and quickly generate actionable documentation and reports that we can share with our clients”
WillowTree uses Feedly for Cybersecurity to separate the actionable insights from the noisy commentary. To learn more about using Feedly for threat intelligence, read the full case study about WillowTree’s setup.
Try Feedly for Cybersecurity
Start a 30-day trial of Feedly for Cybersecurity and keep up with critical threat intelligence, without the noise.
Drew Gallis, analyst at WillowTree, leverages Feedly for Cybersecurity to track cyber threats across the company’s supply chain and protect clients
Impact
Keeps track of critical vulnerabilities in the supply chain so he can react quickly.
Went from spending 2-3 hours sorting through threat intelligence news to 30 minutes of reading only the most relevant articles.
Monitors breaches and vulnerabilities that could put clients at risk…and creates proactive solutions before they become disasters.
THE CUSTOMER
WillowTree, Digital Product Consultancy
Started using Feedly For Cybersecurity: 2020
WillowTree is a digital product consultancy with clients including HBO, Domino’s, Anheuser-Busch InBev, FOX Sports and Hilton. Drew Gallis, a security analyst at WillowTree’s Virginia headquarters, is part of a small team responsible for company security and for proactively alerting WillowTree’s clients of security concerns.
THE CHALLENGE
A limited amount of time to dedicate to threat intelligence
With a small team dedicated to cybersecurity, efficiency is everything. The team at Willow Tree has to stay on top of the threat landscape so nothing falls through the cracks. While Drew’s official title is “Cyber Security Analyst,” he wears multiple hats: incident response, incident remediation, reporting on security news, and securing web and mobile applications developed by WillowTree, with 20-30 projects running at any given time.
Consuming information fast so he can quickly share actionable insights across the company
Drew is deeply passionate about cybersecurity and wants to get the word out to everyone in the company. He’s genuinely excited about sharing information that helps other people (developers, clients, etc.) do their jobs better and be safer.
Only about 20% of Drew’s job is dedicated to risk and analysis, and even less of that time is available for news monitoring. So he needed a way to find the best news about critical vulnerabilities without eating up the rest of his time at work.
Trying out Feedly for Cybersecurity to consolidate and prioritize in one place
Drew’s mentor and supervisor, Adrian Guevara, Head of Cyber Security at WillowTree, had been using Feedly’s free plan for years to consolidate all of his cybersecurity information into one place. So when Drew and his team learned about Feedly for Cybersecurity’s ability to help them refine their Feeds and prioritize the most important information, they had to try it.
“I only have about 20% of my day to look into risk and analyze different things going on within our organization. I wanted to narrow our data and focus on certain points with my limited time.”
Drew Gallis, Cyber Security Analyst, WillowTree
THE SOLUTION
Reducing the volume of information to only critical insights
Adrian and Drew already had all of their top cybersecurity sources organized into Feeds on the free plan. So when they joined Feedly for Cybersecurity, all they had to do was start using Leo, their AI research assistant in Feedly, to prioritize the most important news. Leo reads every article in their Feeds, and then separates the most important ones into the ‘Priority’ tab. Thanks to this sorting and organization, Adrian and Drew can spend their limited attention reading the high-priority news first.
“The biggest thing for us was exploring Leo’s functionality. We made tailored filters to prioritize specific services, specific programming languages, specific packages, and different vendors we use.”
Prioritizing critical vulnerabilities in WillowTree’s tech stack
First, Drew set up Leo Priorities for all the software tools and services that they use internally at WillowTree. This was simple: He just used AND to add each supplier’s name to a Priority.
Drew prioritized critical vulnerabilities for any of the companies in WillowTree’s supply chain.
Then, Drew added a layer to this Priority. In addition to prioritizing products and services used at WillowTree, he prioritized high CVEs for services in WillowTree’s tech stack.
“Normally there wouldn’t be too many articles in my Priority tab, so if I saw a news article pop up, I knew it would be something pressing.”
Tracking major programming languages
Drew asked Leo to prioritize articles that mention any of the major programming languages used for clients at WillowTree. These include: Swift, .NET, Python, C, JavaScript, and TypeScript.
Drew prioritized critical vulnerabilities for major programming languages WillowTree and their clients use.
Tracking the vulnerabilities that potentially impact clients
Drew also wanted to prioritize news about breaches or cybersecurity events affecting WillowTree’s clients so he could notify them as soon as possible. He used client names (most of which Leo recognizes as companies) in a Priority looking for data breaches.
Drew created this Priority to find out about data breaches in conjunction with WillowTree’s clients.
Tracking issues regarding MacOS
Since WillowTree is a primarily MacOS company, they’re especially interested in any vulnerabilities affecting MacOS. Drew asked Leo to prioritize vulnerabilities related to MacOS so he could easily tell the rest of the company if there was something to be concerned about.
Drew prioritized articles about MacOS vulnerabilities within his team’s cybersecurity Feed.
THE RESULTS
Protecting WillowTree and their clients in just 25% of the time
Since using Leo, Drew has been able to cut down intelligence gathering time every day to just 30 minutes. He knows which articles are most important to read, and can easily see what’s happening in the world of cybersecurity. Not only can he respond quicker to threats and vulnerabilities, Leo also gives him more time to focus on other important work.
“Instead of having to look and sort through articles over 2-hour periods, now I can do it in about 30 minutes, and get better quality of information with Leo.”
Protecting WillowTree with continual threat monitoring
Drew leveraged his Feedly setup during the SolarWinds attack to get the critical information, without the noise that happens during this kind of event. Drew didn’t care about the editorial commentary around SolarWinds; he wanted the technical facts so that he could serve his company and their clients.
How WillowTree sorted technical updates from news commentary during the SolarWinds breach: Read the full story.
Beyond the SolarWinds event, Drew is able to equip WillowTree developers with the information they need to protect the company. Whenever he finds a vulnerability through Feedly, he shares more about it with the team so they understand why fixing it is important. He also uses the information he finds in Feedly to verify Proof of Concepts (PoCs).
Alerting WillowTree clients to security concerns
Drew also uses Feedly to get indicators of compromise (IoCs) to share with clients, to better protect them now and prevent future threats. He can now send developers and project managers actionable documentation that they can share with clients in the case of a threat.
Before using Feedly and Leo, Drew spent upwards of two hours each day monitoring security news. Now, he’s reduced the time spent monitoring to just 30 minutes per day. Since using Leo to prioritize critical news, he spends 75% less time, but gets better quality information because his Feeds are tailored to his exact needs.
“Security news is massive in terms of the scope and the breadth it can go, because each industry has different news. Feedly will save you time and help you condense all of your news articles and news feeds into one place.”
Drew’s team is expanding with a new security hire soon. He plans to train the new team member on the monitoring foundation he’s set up with Feedly so he and his team can continue to efficiently monitor supply chain threats, alert clients, and get the information they need.
Gather threat intelligence without the noise
Streamline your threat intelligence in Feedly so you can focus on real threats and ignore the distractions.
Easily track critical cyber attacks across your industry and supply chain.
The only constant in the realm of cyber security is change; hackers are continuously maturing and becoming more sophisticated, attack patterns are constantly evolving, and the threat landscape is growing more volatile every day; one cyber attack occurs every 39 seconds.
That’s why we’ve enhanced Leo’s knowledge of cyber attacks, targets, and industries so you can keep pace with the threat landscape and do what you do best: maintain the integrity of your security posture. You can ask Leo, your AI research assistant, to flag critical cyber attacks in your feeds and focus on specific attacks targeting your industry or supply chain. You can also push attack insights to your internal platforms via the Feedly API.
Track all types of cyber attacks with a single smart topic priority
Leo flags important information to focus your efforts on targeted insights. Leo understands cyber attacks because we taught him about malware, ransomware, data breaches, phishing, social engineering, and fraud.
You can train Leo further and have him focus on the specific topics, threats, and threat actors you care about to gain a deeper understanding of the threat landscape as it applies to you.
From a proactive monitoring perspective, the power of using Feedly and Leo is to actually inform you of breaches before anyone else knows.”
Cybersecurity Analyst at a top energy provider
You can start by training Leo to recognize cyber attacks as a smart topic, a concept that Leo has been trained to understand with our AI models. Simply navigate to the security category you want to add this insight to and enter “cyber attack” as a topic. Training Leo to highlight cyber attacks in your security feed keeps you up-to-date with the most recent reports. Highlighting the attacks that are actually being conducted in the wild helps you effectively prioritize and ensures you never miss a thing.
Focus on attacks targeting specific industries or Fortune 500 companies
We’ve taught Leo to recognize 19 industry sectors to ensure you always have the most current industry-relevant threat intelligence at your fingertips. Don’t see your industry? No problem! Ask us and we’ll teach Leo to recognize it.
We were able to turn the list of our top partners into a Leo Priority and ask Leo to flag cyberattacks targeting those partners. That’s how we identified that one of our vendors had been breached a week before that the actual company told us.”
Cybersecurity Analyst at top energy provider
Leo also recognizes each company listed in the Forbes Fortune 500 list to help you optimize and maintain your vendor security initiatives.You can gain these deeper insights simply by adding the industry or company you want Leo to flag for you.
You can use Leo to detect new risks, reinforce your vendor risk programs, and potentially be the first to discover a breach.
Track attacks targeting your supply chain
Track up to 1,000 vendors in your supply chain to see the most relevant cyber attacks early.
Supply chain attacks have been in the limelight recently. Now, Leo can help you cross-reference your known vulnerabilities with the latest threat intelligence. Proactive alerting informs you of critical vulnerabilities, cyber attacks, and emerging threats before anyone else. Need to know about zero-day exploits as soon as they are targeted? No problem. Need to create your own list of companies you want to track? Leo has your back.
Leo continuously gets smarter and more accurate. This process is optimized with your feedback! With the ‘Less Like This’ button, you can let Leo know the article he prioritized is wrong or not relevant to you.
Everything you need, nothing you don’t
Every second counts in cybersecurity. You tell Leo what you want and he populates the insights you need, when you need them.
Leo does the work upfront so you can filter out the noise and save massive time, working smarter and faster. Up to 80% faster.
Before using Leo to track cyber attacks, we would struggle with an overload of data and waste time sifting through information. Our feed is now 2-3 times shorter, we do not miss out on any important cyber attacks and we earned back so much time!“
Anonymous Cybersecurity Analyst
Want to track specific cyber attacks in your field?
The Leo Cyber Attack skill is one of Leo’s advanced AI skills in the Feedly for Cybersecurity package.
Contextualized CVE information for faster threat research, without the overwhelm
Cyber attacks are increasing in volume and sophistication across every industry and category, leaving threat analysts and frontline security teams faced with a flood of information. The consequences of missing critical information are astronomical, but no human can keep up with this onslaught of data on their own.
You needrelevant, real-time, accurate information – and scrolling through an endless list of sources won’t get you there. That’s why we’re excited to announce that Leo, your AI research assistant, now aggregates information on vulnerabilities, exploits, malware families, and threat actors into a single view so that he can help you proactively track and research CVEs.
The Leo CVE Dashboard gives you at-a-glance visibility into relevant trending vulnerabilities, and you can use Leo to focus any of your feeds for faster insight into risks impacting your business’s software, hardware, and application stack.
Information overload is real. This is why we enhanced Leo’s cybersecurity knowledge graph so he can help you proactively track and research critical vulnerabilities and zero-day exploits relevant to you.
With Leo, you can prioritize the CVEs that impact your organization’s technology stack and reduce the time it takes to investigate threats by up to 70%. All of this information is available at a glance via the Leo CVE Dashboard and throughout your Feeds.
Before using Feedly for Cybersecurity, my biggest challenge was to quickly sort through all the data to find the top CVEs by mention, and track their relationships with exploits, patches, etc. It would take a lot of work to search through unstructured text and large bulk files. With Leo, it’s so much easier to quickly review details of a CVE and its associated relationships.”
Michael Rossi, Independent Security Consultant, Cybeta
The Leo CVE Dashboard: a complete CVE overview in a glimpse
If you want to dive deeper into a CVE, exploit, or threat, Leo synthesizes vulnerability, patch, exploit/PoC, malware, and threat actor information into a single CVE Dashboard. Leo eliminates the time you used to spend opening a new browser tab, searching, browsing for the resource you want, and skimming everything individually to find what mattered.
Instead of having dozens of research tabs open in your browser, The Leo CVE Dashboard consolidates the information into a single location where you have at-a-glance views of:
Number of Web and Social Media mentions, including Twitter and Reddit
For new vulnerabilities that don’t have a CVSS assigned yet, Leo uses a proprietary NLP model based on the CVSS v3 methodology to forecast this score. This way, you can spot new threats and take proactive steps in real-time.
Color-coding helps you make quick decisions about the next steps in your investigation. The darker the color on the Awareness graph, the more people are talking about the CVE across the web.
Get complete CVE overviews in a glimpse.
Leo provides links to all the external resources you need to investigate the CVE, so you can more rapidly respond to threats and improve important cybersecurity metrics like mean time to detection (MTTD), mean time to investigate (MTTI), and mean time to remediate (MTTR).
Dig deeper, faster, to determine if a specific vulnerability represents a critical risk for your organization based on its technology stack to decide whether to flag the intel and share it with the rest of your team.
For example, you can click on “Affected System” or “Patched” to go directly to those sources like the National Institute of Standards and Technology (NIST) National Vulnerability Database or websites with patches for remediation purposes.
Click elements on the dashboard for more context and source material.
“Before using Feedly for Cybersecurity, it was hard to prioritize which vulnerabilities were more important at a glance and determine if they applied to our networks. Now that we use Leo, we have been saving so much time, it’s much appreciated!“
– Feedly for Cybersecurity Customer
Leo can surface relevant critical vulnerabilities across your Feeds
In addition to his interactive CVE Dashboard, Leo also prioritizes the most recent and talked about CVEs, right on your Today page. Simply click on a CVE name to see the dashboard complete with the information necessary for critical decision-making.
Leo knows cybersecurity because we taught him about CVE, CVSS, exploits, patches, threat actors, and other security intelligence concepts. Leo summarizes the information from various resources including NVD, vendor advisories, blogs, Twitter, and Reddit so you don’t have to check each location, sifting through posts unrelated to the CVE you care about.
The Trending in Cybersecurity dashboard showcases the top 5 trending vulnerabilities.
You can add new Leo Priorities on top of your current feed to add contextual business risk. For example, if your technology stack includes Oracle, Adobe, and Google Chrome, but not Samba, you can refine Leo’s priorities so you only see what’s relevant to your organization.
Train Leo to prioritize vulnerabilities based on CVSS score to increase the relevance of your feed. Leo can flag risks related to your organization’s unique technology stack so you can out pace attackers.
You can start by training Leo to surface CVE’s based on Qualitative Severity Rating Scale — choose our preset for “high” or specify the CVSS scores to build your organization’s context into what you see.
Training Leo by using “HIGH” in combination with either products or vulnerability types personalizes your feed based on your organization’s unique needs. This lets you focus on the risks specific to your organization, weeding out the information you don’t need.
Surface the critical (CVSS > 8 or CVSS > 5 and exploit) vulnerabilities related to Oracle, Adobe, and Chrome.
All of these features, plus several more, are available as a part of Feedly for Cybersecurity. This package of Leo skills, enterprise features, and advanced knowledge graph access is perfect for cybersecurity teams that need to reduce noise and quickly identify risks. To learn more about any of these features, or start a free 30-day trial, click the link below.
Try Feedly for Cybersecurity
Save time researching CVEs so you can spend more time securing them.
An at-a-glance overview of the evolving cybersecurity threat landscape
Keeping up with the most critical threats, vulnerabilities, and threat actors can be time consuming and overwhelming.
We have been working with some existing Feedly for Cybersecurity customers to create a trending dashboard that offers an at-a-glance overview of the evolving cybersecurity threat landscape.
Today, we are excited to launch a beta of the Cybersecurity Trending Dashboard to all the Feedly for Cybersecurity customers.
The first component of the Trending Dashboard is a list of the trending threats reported across 1,200 different cybersecurity sources (news sites, blogs, or Twitter accounts).
The Today section now includes a Trending in Cybersecurity dashboard
It allows you to get a quick overview of what are the critical threats that are being reported across all the cybersecurity sites the Feedly community is reading. You can think of this as a TechMeme for Cybersecurity.
The model producing this dashboard is focusing on the news published in the last 24 hours.
Behind the scenes, Leo, your AI research assistant, reads all the articles across all the cybersecurity sources and Twitter accounts. Leo dismisses articles that are not about cybersecurity threats, clusters the ones that are reporting the same threat, and ranks them using different “features”.
The initial model we are pushing to beta is a global model. This means that your personal priorities and mute filters are not affecting this model (yet!).
Trending Vulnerabilities
The second component of the Trending Dashboard is a list of the trending vulnerabilities that are being discovered or discussed across cybersecurity sources.
You can click on a specific vulnerability and drill down to a page that captures all the mentions and chatter around that vulnerability.
See the chatter about a specific vulnerability
Trending Threat Actors
The last component is a list of trending threat actor mentions. It allows you to get an overview of which threat actors are being covered in the news.
You can click on a specific threat actor and get a “Search across the Web” overview of the mentions.
See the chatter about a specific threat actor
Continuously learning and getting smarter
Every component has a “Less Like This” down arrow button that you can use to provide feedback to Leo. The feedback is going to be reviewed by the product team during the beta to understand how to improve the relevance, deduplication, and prioritization. Leo loves candid feedback.
Using the Less Like This down arrow button to offer Leo feedback
We look forward to listening to your feedback and continuously improving the Cybersecurity Trending Dashboard over the next 8 weeks.
We also want to thank the customers who suggested this feature and worked with us during the Alpha. You know who you are!
Can I personalize the Trending Cybersecurity Dashboard?
Not in the current version. Once we have the core model optimized, we will look at ways to allow you personalize the dashboard by industry, product, threat types.
What is the best way to offer feedback to the product team during the beta?
If you have feedback regarding specific articles or CVEs, please use the Less Like This down arrow button to submit your feedback. If you have ideas on how to improve the concept, please email leo@feedly.com
How can I get a demo of Feedly for Cybersecurity?
If you are part of a cybersecurity team and want to get a demo of how Feedly for Cybersecurity can help you streamline your open-source intelligence, you can request a demo and a free trial here.
Can I access the Cybersecurity Trending Dashboard in the Feedly mobile app?
Not yet. The beta is only available in the Feedly Web application. We will integrate this feature into the mobile experience once the beta is complete.
Can I remove the Trending Cybersecurity Dashboard from my Today page?
” icon in the left navigation menu to access the Power Search screen. From here, you can look for any articles that contain indicators of compromise. This is ideal when you need to track a malware family you haven’t tracked before, and want to quickly find known IoCs that are already available online.
