Category Archives: Feedly for Cybersecurity

Blueprint of a highly functional Feedly for Threat Intelligence Account

Cybersecurity
How to structure your Feedly for Threat Intelligence account to optimize your open source threat intelligence

Start free 30 day feedly for threat intelligence trial

Many of the leading cyber security teams use Feedly to organize and automate their open-source threat intelligence and stay ahead of emerging threats. We have had the chance to research 100 of them and review their open-source threat intelligence best practices.

In this article, we will share how they translate their intelligence needs into various types of feeds and how they structure those feeds into a highly functional Feedly account.

Structure of a highly functional threat intelligence account

Most cybersecurity professionals start their day in the Threat Intelligence Dashboard. It offers a broad overview of the emerging threat landscape: trending cybersecurity articles and attacks, new critical vulnerabilities, active attackers, new behaviors, and malware families, so it’s easy to get a sense of what’s going on in just a few minutes.

Start your day with a general overview of the threat landscape with the Threat Intelligence Dashboard

Here’s a brief overview of each section:

  • Trending News: Stay ahead of attacks by seeing which threats are trending in the cybersecurity community.
  • Vulnerabilities: Improve reaction time and respond quickly to new vulnerabilities as they arise, allowing cybersecurity teams and their clients to stay informed of oncoming risks faster.
  • Attackers: Identify at a glance which Threat Actors are trending and quickly create Web Alerts to track their actions and behaviors.
  • Tactics & Techniques: Keep track of which TTPs are proving to be the most prevalent among Threat Actors, map data to the Mitre ATT&CK Navigator to compare with other Threat Actor Profiles, or to identify gaps in your defensive capability.
  • New Malware: Research what New Malware is affecting systems and be vigilant against emerging threats.

Discover critical vulnerabilities

The most effective way to track critical vulnerabilities and zero-days across the web is with Leo, Feedly’s AI research assistant. Leo has been pre-trained to understand vulnerabilities and assess their severity. He reads millions of articles every day, looking for critical security threats.

Track critical vulnerabilities for products deployed in your environment

When Leo finds a CVE, he automatically searches for its CVSS score, related exploits and malware families, links to threat actors, CWE information, and patches. He then organizes all this information into a rich CVE intelligence card.

If the CVE doesn’t have a CVSS score yet, Leo uses machine learning to predict the CVSS score, keeping you one step ahead of the latest emerging threats.

Discover critical vulnerabilities and get a 360-degree view with the CVE intelligence card

Creating a broad Leo Web Alert targeting all critical vulnerabilities gives you a big picture view of what is happening across the threat landscape, while adding specific vendors to the search narrows the focus into more precise and manageable feeds.

Cybersecurity teams often create a Leo Web Alert for each of the main products deployed in their environment and group them into a Vulnerabilities folder.

Track adversary behaviors

One way cybersecurity teams track and visualize the behaviors of specific Threat Actors and Malware Families is by using Feedly’s integration with the Mitre ATT&CK framework. Leo has been pre-trained to understand threat actors (integration with Malpedia), Mitre ATT&CK (version 10), and the concept of threat intelligence reports. These three concepts can be easily combined to track the behavior of selected adversaries.

Here is an example of a Leo Web Alert surfacing all the threat intelligence reports mentioning the Lazarus Group threat actor:

Track threat intelligence reports mentioning the Lazarus Group

Cybersecurity teams often create a Leo Web Alert for each of the threat actors and malware families defined on their threat profiling list and group them into a “Threat Intel” folder.

When Leo finds an article in which he has identified TTPs, he can map the content of that article to the ATT&CK navigator so that cybersecurity teams can easily analyze the adversary behavior and compare it with their existing defenses.

Automatically open TTPs mentioned in an article to the MITRE ATT&CK Navigator

Leo also automatically flags all the malicious IPs, hashes, domains, and URLs (IoCs) he identifies in articles so that they can easily be exported with links to threat actors, malware families, and vulnerabilities using STIX 2.1 and imported into Threat Intelligence Platforms (TIP).

Export IoCs with links to threat actors and malware using STIX 2.1

Track cyber attacks

Security teams can efficiently track cyber attacks targeting their industry or supply chain. Leo has been pre-trained to understand the concept of a cyber attack and who the target of the attack is. Here is an example of how a cybersecurity professional might ask Leo to track all the cyber attacks targeted at the finance industry.

Track cyber-attacks across the finance industry

The focus can also be narrowed down to more specific threats like “data breaches impacting credit cards” or “cyber attacks using multi-factor authentication”

Follow trusted security feeds

Feedly allows cybersecurity teams to follow a wide variety of trusted feeds all in one place, including websites and blogs, newsletters, Reddit communities, and Twitter accounts, searches, and hashtags. The teams that get the most out of Feedly turn it into their one-stop intelligence center so they can share common sources in one place. They end up saving hours each week because they’re no longer sharing articles ad-hoc across email, Slack, and other messaging platforms.

Follow your trusted security websites, blogs, newsletters, Twitter and Reddit in one place

Collect and share threat intelligence with Boards

When an article of importance surfaces, Feedly provides the tools to annotate, highlight, add notes, and save the article to a Board for review later. When an article is saved to a Team Board, Feedly for Threat Intelligence users have additional options to auto-generate Newsletters, share with Slack or Microsoft Teams, or use Feedly’s Rest API to integrate into an existing workflow.

Save and organize selected articles into Boards and share them with your teams

Here are a few examples of Team Boards that have helped cybersecurity teams stay organized:

  • Critical Vulnerabilities Board: Save articles about exploitable vulnerabilities and zero-days that a cybersecurity team will want to research and patch as soon as possible.
  • IoC Report Board: Save articles referencing IoCs that should be pushed to a threat intelligence platform.
  • Threat Intelligence Brief Board: Save articles to share with an executive team.
  • Threat Actors Board: Save articles describing behaviors of specific threat actors active in the industry that should be imported into the TIP for the rest of the team to research.
  • Emerging Malware Board: Save articles about techniques used by emerging malware families.
  • Supply Chain Attacks Board: Save instances of attacks and data breaches reference supply chain or third-party partners.

Try Feedly for Threat Intelligence

All of these features, plus many more, are available as a part of Feedly for Threat Intelligence. To learn more about any of these features, or start a free 30-day trial, click the link below.

Try Feedly for threat intelligence

You might also be interested in

Quickly discover and collect indicators of compromise from millions of sources

Leo recognizes IoCs mentioned in articles, and can gather them for yo

How Airbus CyberSecurity gets actionable cyber threat intelligence to customers in minutes

An inside look at how the Airbus CyberSecurity team is using Feedly to monitor and share actionable insight

How Church & Dwight’s CISO used Feedly to track log4j in real time

Case Study
Get an inside look at how a CISO gathers threat intelligence to track a developing incident.

Impact
box icon

Picked up on trending vulnerabilities in Feedly before they were rated

chart icon

Saved an hour each day with streamlined intelligence workflow

target icon

Consolidated the team’s research workflow, improved effectiveness, and reduced overwhelm

David Ortiz is the Chief Information Security Officer (CISO) of Church & Dwight, the company behind brands like ARM & HAMMER, Trojan, OxiClean, OraJel, and other products. As CISO, David’s primary focus is to oversee cybersecurity, IT Risk Management, data privacy operations, and manage risk to the company so he can keep leadership informed. 

Unlike a threat intelligence analyst looking at the day-to-day intel and mitigation, David is concerned with the big-picture impact of cybersecurity on the business. “We don’t want to talk too much about the widgets and the tech, we want to talk more about the impact to the overall business.”

On a “typical” day: David’s daily news progression for effective threat intelligence

Every day, David looks out for indicators that there may have been a critical cyber attack somewhere in Church & Dwight’s supply chain. With that information, he can inform leadership of the business implications. Church & Dwight has a large provider network including contract manufacturers, manufacturers, vendors. The company needs to keep track of what’s happening across the entire supply chain to protect the business at all levels. 

To stay in front of the news, David goes through a systematic news progression every morning before his team’s 9am scrum. He works his way through sources including: 

  • Cybersecurity-specific news sources like WSJ Pro Cybersecurity Cyber Security Hub
  • Twitter, Reddit, and LinkedIn
  • National newspapers and news sources like the Wall Street Journal, The New York Times, and 1440
  • Wikipedia 
The “Today” page in Feedly, where David starts his news progression each morning.

Before using Feedly, he had to visit each one of these sites individually. Now, he says “It is a single place for my news progression. I can go through Feedly and see everything.” Instead of fielding emails from different sources, David gets his newsletters delivered to Feedly as well.

Feedly has saved me an hour a day. It is a single place for my news progression. I can go through Feedly and see everything”

David Ortiz, CISO, Church & Dwight

How David used Feedly to monitor the log4j vulnerabilities

The week that the log4j vulnerability broke in December 2021, David’s news progression looked a little different than on a normal day. 

“When I woke up on Friday morning, our managed security provider had already sent out advisories at 4am East Coast time. I saw that, and I had already gone into Feedly and started reading news and seen it breaking. We knew log4j was coming and used breaking news in conjunction with our vulnerability response activities.”

The Threat Intelligence Dashboard in Feedly shows trending articles, trending vulnerabilities, and trending attackers. Cybersecurity professionals like David use this page for a quick glance at what’s happening if they only have a few minutes to check Feedly.

By the Saturday after the vulnerability broke, news started flooding in. David remembers, “I was looking for critical vulnerabilities and CVSS scores. That’s when Feedly started working its magic: We started to see the news propagate and get organized by Leo.” 

I was looking for critical vulnerabilities and CVSS scores. That’s when Feedly started working its magic: We started to see the news propagate and get organized by Leo”

Even before a CVSS score is assigned to a vulnerability, Leo estimates a score based on the machine learning models we use to prioritize CVEs. And as the story developed and it became clear that log4j was really four distinct vulnerabilities, Feedly helped show that they were trending. David explains, “When the other vulnerabilities were still at a low level — not yet elevated to a critical or high level — Feedly was telling me it was trending, which meant more people were talking about this and more articles were being published about it.” 

When the other vulnerabilities were still at a low level – not yet elevated to a critical or high level — Feedly was telling me it was trending.”

David Ortiz, CISO, Church & Dwight

David was watching both Feedly and the National Vulnerability Database news to see if one specific vulnerability was going to trend and become a critical vulnerability. If it was identified as a critical vulnerability, that would dictate how Church & Dwight security teams respond to the vulnerability.

If no CVSS score has been assigned to a specific CVE, Leo estimates a score based on the machine learning models we use to track CVEs.

David adds, “Feedly helped me follow the vulnerabilities that weren’t yet rated. By looking at the trending vulnerabilities and estimated CVSS scores in Feedly, I could estimate that they would eventually get assigned a high or critical rating, which they did.”

Why this CISO uses Feedly to centralize and optimize his team’s open source threat intelligence

David chose Feedly as his team’s open source threat intelligence tool for three main reasons: 

  1. He wanted a centralized place to reduce information overload for his team 
  2. He wanted a place where his team can share common data and benefit from shared knowledge
  3. He wanted to get in front of the news

1. A centralized place to reduce information overload and notification fatigue

David’s extremely conscious of the impact of information overload on his team, and designed his Feedly setup with that in mind. “Feedly is a common area to share data so that we’re not fatiguing one another with more news and more notifications.” 

David strategically set up two main Team Newsletters to send automatically and summarize news, instead of sending one-off texts and Slack messages that would distract his team. 

  • One weekly newsletter that sends every Friday and includes any articles David and the team saved to a Feedly Board that week 
  • One “breaking” newsletter that sends automatically — but only when there’s what the team considers breaking news
David and the team save relevant articles to a Team Board, which sends a Newsletter automatically each week.

2. A place to share common data and avoid duplicate work

Instead of everyone on his team having separate, siloed security sources, David and his team use Feedly as the common area to share those trusted sources of data. This means everyone’s on the same page about threat intelligence and risk management, and the whole team benefits from having multiple smart cybersecurity minds working together. 

3. A way to get in front of the news

Before adopting Feedly as his open source threat intelligence tool, David used to complete his daily “news progression” every day across various different sources. But now, he’s able to consolidate his intelligence in one place and streamline the process.

What’s next for this CISO  

When there’s not a critical vulnerability front and center, David focuses on projects on the company’s security roadmap, including risk reduction and safeguarding data. “Feedly helps me stay in front of the news so I can help keep the company safe.”

And what’s next for David’s work with Feedly? David continues to work with his team in the process of gathering open source threat intelligence . He’s looking forward to the upcoming Customizable Newsletters feature (coming soon!) that will make it even easier to send advisories and customize them with internal knowledge.

Stay ahead of attacks and vulnerabilities

Try Feedly for Threat Intelligence so you can gather open source intelligence and share insights with the people who need them, faster.

START FREE 30-DAY TRIAL

How Airbus CyberSecurity gets actionable cyber threat intelligence to customers in minutes

Case Study
An inside look at how the Airbus CyberSecurity team is using Feedly to monitor and share actionable insights

Impact
box icon

A cohesive, streamlined workflow for threat intelligence that saves hours every week

chart icon

Increased customer satisfaction due to improved speed of intelligence

target icon

Real-time sharing makes it easy to instantly alert customers and collaborators

THE CHALLENGE
“The process used to be way too time consuming and manual”

Chris Pickard, Cyber Threat Intelligence, and Adam Thomas, Vulnerability Analyst, lead the cyber threat intelligence (CTI) team at Airbus CyberSecurity in the UK. The team has since grown significantly, but just a few years ago they were a small team with painfully manual processes for gathering threat intelligence. 

Chris remembers, “We had our favorite sites that we would go to stay on top of the latest trends and to monitor newly released vulnerabilities. It was a more time consuming process compared to how we do things now, and on reflection, it was less structured ” He adds, “We’d have all sorts of set places we would go to to get the news and to get the latest vulnerabilities. It worked but it could sometimes be a frustrating process.”  

Before the CTI team enhanced their news gathering and vulnerability monitoring capability with Feedly, they collected information individually. The process is now much more collaborative, with each member of the team having access to and visibility of the Feedly platform. He adds, “We wanted a way of getting news to our customers much more quickly and to work together in a more streamlined way.”

Like many current Feedly for Cybersecurity teams, Chris had been using Feedly for personal use in the past. Once he and Adam discovered Feedly’s cybersecurity-specific features, they felt like they had found a cheat code for finding what matters and getting it to the right people, faster. 

“We wanted a way of getting news to our customers more quickly and to work together in a more streamlined way.”

Chris Pickard, Cyber Threat Intelligence

Immediate impact from the proof of concept

Chris and Adam still needed to convince upper management to adopt Feedly for Cybersecurity. Chris says, “One of the obstacles we faced was to convince management of the benefits that Feedly would provide. From a management perspective they were already aware that the team were doing a good job, but the challenge we faced was to demonstrate the improvements Feedly would bring to the table”

After a few months of switching the manual process to a more streamlined intelligence workflow with a trial of Feedly for Cybersecurity, “It reached the point where our customers were giving  positive feedback about how we were able to respond to the latest trends, while also keeping them informed of the news and our response to it. The efficiency of the new workflow really helped us promote Feedly within Airbus.” Internal management teams, other security teams, and their external  customers noticed and appreciated the increased speed in which they were receiving threat intelligence. 

It reached the point where our customers were giving positive feedback about how we were able to respond to the latest trends, while also keeping them informed of the news and our response to it. The efficiency of the new workflow really helped us promote Feedly within Airbus.

Chris Pickard, Cyber Threat Intelligence

Adam adds “The feedback that we received from the customers has already proven that Feedly was worth the investment.” He adds, “Once the customer reviews started backing up what we’d been saying all along, then there was no decision to be made, to be honest. It was easy to convince management to adopt Feedly from then on.” 

THE SOLUTION
Increasing speed of intelligence with a streamlined OSINT process

At Feedly, we use Airbus CyberSecurity’s workflow as a model to teach other security teams to set up efficient, collaborative intelligence gathering processes using our platform. This is how they get actionable cybersecurity intelligence to their customers in a matter of minutes.

1. Asking Leo to track customer assets and products

Chris and Adam ask Leo, Feedly’s AI research assistant, to track anything related to critical vulnerabilities affecting them and their customers’ assets and products across the web (not just in the sources they follow in Feedly). They can then add the results of these Leo Web Alerts to their Feedly account.

Then, using a portfolio of security sources they trust, Chris and Adam asked Leo to prioritize anything related to their customers, including customer assets and products. With Priorities, Leo reads all incoming information and surfaces the most relevant content, based on the specific parameters Chris and Adam set up. According to Chris, “We know that anything that’s triggering the Priorities is something we need to focus on. Instead of us having to hunt for actionable intelligence from different sources, we can just have a glance at the Priorities and go from there.”

Chris and Adam asked Leo to prioritize news about high vulnerabilities related to their customers and products they use

With Feedly for Cybersecurity, Chris and Adam can see the CVSS score directly in their Feeds, which gives them more tools to share with customers. They can click into a CVE Card, to access all the information related to the CVE, access the severity of a vulnerability, and determine if it should be escalated to their team for further research without zig zagging across different tabs. If not provided by the National Vulnerability Database (NVD), Leo will estimate the CVSS score and CWE attack type for each vulnerability. 

“We can just look at Leo’s prioritization and see what needs to be taken care of first,” says Chris. “It’s really helpful to see the top attackers and go from there.”

3. Instantly sharing articles with external email addresses

If they find a critical vulnerability about a customer’s supply chain, for example, Chris and Adam’s team need an easy and fast way to get it to the people who need to know.

The team initially had a solid workflow set up, and with a few tips from Remi on the Feedly customer success team, they made it even more streamlined. Remi says “The Airbus CyberSecurity team had developed a clever workaround with IFTTT to send articles to a list of six external customers.” But there was room for improvement, so “during one success session, we were able to tweak it a bit to send polished emails directly from the Feedly interface, without using a third-party tool as a workaround.”

Instead of connecting Feedly to email with an IFTTT integration in the middle, Remi showed Chris and Adam how they could actually send parts of an article directly to external email addresses using Notes.  

The Airbus CyberSecurity CTI team sends articles instantly from Feedly to external recipients via email, by tagging them in the Notes

4. Curating relevant content daily for each customer for instant, organized communication

To organize information to share with customers, Chris and Adam created one Team Board per customer. Team Boards are shared spaces to save articles, and can trigger other automations, like the Slack integration or an email. If Chris saves an article to a customer’s Board, it can immediately trigger a Slack message or an email notification to the customer. “I used to have to summarize gathered intelligence in an email and send it to customers. Now ​​I can just attach relevant information to a Board and I can send it instantly to the people that need it.”

In Team Board > Sharing Settings, the team turns on Slack notifications and choose which Slack channel receives a notification when they save an article to that Board.

Notifications from Boards can be sent to anyone via email, whether or not they have a Feedly account. Chris and Adam send articles to analysts, CTO teams, or even the CEO. “Everyone sees these notifications straight away, and it’s just a really good way of getting it to them quicker.”

5. Sending proactive briefings via automated daily and weekly Newsletters

Apart from ad hoc alerts when relevant issues come up for customers, Chris and Adam also send out daily and weekly newsletters on topics of interest. They add any articles that customers might find interesting to a dedicated Board. They’ve configured the Board to automatically send a Newsletter, which is an automated roundup of recently added articles that can be sent at regular intervals.

Instead of copying and pasting multiple articles into a weekly email, Chris and Adam automate their weekly roundups to send directly as Newsletters from their assorted Boards.

THE RESULTS
A fast, streamlined OSINT workflow that leaves time for analysis

The most noticeable impact of using Feedly? The stellar feedback the CTI team has received from both internal and external customers. Chris says, “Customers really love the speed that we are able to quickly get the news to them. As soon as something hits the news, like a critical vulnerability that affects them, we can notify them within minutes.”

Sending out regular news roundups is much easier, too. Chris says, “Team Newsletters have made the biggest difference for me because it’s saved so much time.”

The firehose of information is quickly reduced to only what’s relevant

By asking Leo to track their customers’ assets and products both across the web and within their trusted security sources, Chris and Adam can feel confident they’re not missing anything, but they can also make sure they’re not wasting time on irrelevant news. 

“I was amazed by the sheer amount of information Feedly brings in, and then how quickly that’s cut down to what’s relevant, I’ve not used a tool that has the same level of impact.”

“I was amazed by the sheer amount of information Feedly brings in, and then how quickly that’s cut down to what’s relevant, I’ve not used a tool that has the same level of impact.”

Adam Thomas, Vulnerability Analyst

Improved communication and cohesion makes the job easier

The process is now much more collaborative, with each member of the team having access to and visibility of the Feedly platform, which avoids duplicate work. And avoiding duplicate work is like having an extra person on the team. Chris says, “The time saved has enabled us to put more resources into threat hunting, vulnerability research, and improving existing processes.”

Working together in a more cohesive way also gives the team the confidence that they’re collectively catching everything they need. Adam adds, “We know that once we put parameters into Feedly, it’s definitely doing its job and is capturing everything we need it to. And we’re not missing anything.”

“We know that once we put parameters into Feedly, it’s definitely doing its job and is capturing everything we need it to. And we’re not missing anything.

Adam Thomas, Vulnerability Analyst

Chris (left) and Adam (right) of Airbus CyberSecurity

What’s next: even more automation and indicators of compromise

When it comes to threat intelligence with Feedly, the Airbus CyberSecurity CTI team is only just getting started. What’s next? Adding even more automation. Chris and Adam are looking to leverage Feedly’s API so they can integrate their intelligence gathering workflow with tools they’re already using, like MISP. 

They’re also participating in the beta program of Feedly’s Indicators of Compromise feature, so they can quickly discover and collect malicious IoCs from security news sources, Twitter, and Reddit, and then easily export IoCs with context. 

Stay tuned, the Airbus CyberSecurity CTI team is leading the way for efficient, collaborative, and effective threat intelligence. 

Gather critical insights quickly, all in one place

Cut down the information overload to only the relevant news, so you can proactively alert customers or internal team members in minutes.

start 30 day trial

You might also be interested in

How a WillowTree cybersecurity analyst gathers threat intelligence in just 30 minutes a day

Drew Gallis, analyst at WillowTree, leverages Feedly for Cybersecurity to track cyber threats across the company’s supply chain and protect client

Quickly discover and collect indicators of compromise from millions of sources

Leo recognizes IoCs mentioned in articles, and can gather them for yo

Using AI to sort technical updates from news commentary during the SolarWinds attack: A case study

Case Study
How one cybersecurity analyst leveraged Feedly to proactively evaluate news around the breach and protect his company and their clients and stakeholders

Back in 2020, it wasn’t hard to find information about the SolarWinds breach. In fact, the problem for cybersecurity analysts like Drew Gallis was the deafening noise of commentary about the breach. In a time of crisis, sites like New York Times and other editorial sources tend to drown out actionable technical information from security-specific sources. 

“SolarWinds catapulted into this massive newsline of all these articles saying stuff with no technical insights.”

Drew Gallis, Cybersecurity Analyst, WillowTree

Drew is a cybersecurity analyst at WillowTree, a digital product consultancy with clients including HBO, Domino’s, Anheuser-Busch InBev, FOX Sports and Hilton. He’s part of a small security team responsible for incident response, incident remediation, reporting on security news, and securing web and mobile applications. Given the limited amount of time he has for monitoring threat intelligence, Drew needed a way to separate critical technical updates from useless news commentary around the SolarWinds attack.

Finding actionable technical insights amid the noise of the attack

“A lot of news organizations just point fingers at different companies, without actually providing any technical backing as to why they’re saying these things,” says Drew. He needed to find useful, actionable information he could leverage to equip his company with the facts they needed to protect themselves and their clients from breaches related to SolarWinds. 

Drew and the cybersecurity team at WillowTree leaned heavily on their Feedly setup to monitor security news during the SolarWinds attack. In the article he published about the breach, Drew writes, “Feedly allows us to leverage and utilize an AI called Leo, which can sort and aggregate our “feeds” by filters which narrows down on key indicators such as organization breaches, critical CVEs, vendor releases, system vulnerabilities, new security tooling, etc.”

“I used Feedly to find the real technical insights as to what happened during SolarWinds. So I could easily see IoCs and technical documentation as to how the attack was carried out.”

Using Leo to eliminate false information and gather IoCs

Drew used Leo to quickly eliminate false information which was abundant on the topic, such as accusations of Russian-owned company TeamCity. He was also able to gather any indicators of compromise (IoCs) on the issue, such as logs, data, and statistics. 

By gathering threat intelligence during the SolarWinds attack, Drew and his team were able to hand off actionable reports to developers and project managers to help WillowTree’s clients proactively protect against breaches. He says “I use Feedly to consolidate information and quickly generate actionable documentation and reports that we can then share with our clients. For SolarWinds, I was giving our clients indicators of compromise and different domains associated with the actual breach so they could better protect themselves.” 

Drew uses the information he finds in Feedly to make sure he’s not only educating clients about indicators of compromise and proofs of concept related to SolarWinds, but also helping them protect themselves during future attacks. 

“I use Feedly to consolidate information and quickly generate actionable documentation and reports that we can share with our clients”

WillowTree uses Feedly for Cybersecurity to separate the actionable insights from the noisy commentary. To learn more about using Feedly for threat intelligence, read the full case study about WillowTree’s setup.

Try Feedly for Cybersecurity

Start a 30-day trial of Feedly for Cybersecurity and keep up with critical threat intelligence, without the noise.

start 30 day trial

You might also be interested in

How a WillowTree cybersecurity analyst gathers threat intelligence in just 30 minutes a day

Drew Gallis, analyst at WillowTree, leverages Feedly for Cybersecurity to track cyber threats across the company’s supply chain and protect client

How Airbus CyberSecurity gets actionable cyber threat intelligence to customers in minutes

An inside look at how the Airbus CyberSecurity team is using Feedly to monitor and share actionable insight

How a WillowTree cybersecurity analyst gathers threat intelligence in just 30 minutes a day

Case Study
Drew Gallis, analyst at WillowTree, leverages Feedly for Cybersecurity to track cyber threats across the company’s supply chain and protect clients

Impact
box icon

Keeps track of critical vulnerabilities in the supply chain so he can react quickly.

chart icon

Went from spending 2-3 hours sorting through threat intelligence news to 30 minutes of reading only the most relevant articles.

target icon

Monitors breaches and vulnerabilities that could put clients at risk…and creates proactive solutions before they become disasters.

THE CUSTOMER
WillowTree, Digital Product Consultancy

Started using Feedly For Cybersecurity: 2020

WillowTree is a digital product consultancy with clients including HBO, Domino’s, Anheuser-Busch InBev, FOX Sports and Hilton. Drew Gallis, a security analyst at WillowTree’s Virginia headquarters, is part of a small team responsible for company security and for proactively alerting WillowTree’s clients of security concerns.

THE CHALLENGE
A limited amount of time to dedicate to threat intelligence

With a small team dedicated to cybersecurity, efficiency is everything. The team at Willow Tree has to stay on top of the threat landscape so nothing falls through the cracks. While Drew’s official title is “Cyber Security Analyst,” he wears multiple hats: incident response, incident remediation, reporting on security news, and securing web and mobile applications developed by WillowTree, with 20-30 projects running at any given time. 

Consuming information fast so he can quickly share actionable insights across the company 

Drew is deeply passionate about cybersecurity and wants to get the word out to everyone in the company. He’s genuinely excited about sharing information that helps other people (developers, clients, etc.) do their jobs better and be safer.

Only about 20% of Drew’s job is dedicated to risk and analysis, and even less of that time is available for news monitoring. So he needed a way to find the best news about critical vulnerabilities without eating up the rest of his time at work. 

Trying out Feedly for Cybersecurity to consolidate and prioritize in one place

Drew’s mentor and supervisor, Adrian Guevara, Head of Cyber Security at WillowTree, had been using Feedly’s free plan for years to consolidate all of his cybersecurity information into one place. So when Drew and his team learned about Feedly for Cybersecurity’s ability to help them refine their Feeds and prioritize the most important information, they had to try it. 

“I only have about 20% of my day to look into risk and analyze different things going on within our organization. I wanted to narrow our data and focus on certain points with my limited time.

Drew Gallis, Cyber Security Analyst, WillowTree

THE SOLUTION
Reducing the volume of information to only critical insights

Adrian and Drew already had all of their top cybersecurity sources organized into Feeds on the free plan. So when they joined Feedly for Cybersecurity, all they had to do was start using Leo, their AI research assistant in Feedly, to prioritize the most important news. Leo reads every article in their Feeds, and then separates the most important ones into the ‘Priority’ tab. Thanks to this sorting and organization, Adrian and Drew can spend their limited attention reading the high-priority news first. 

“The biggest thing for us was exploring Leo’s functionality. We made tailored filters to prioritize specific services, specific programming languages, specific packages, and different vendors we use.”

Prioritizing critical vulnerabilities in WillowTree’s tech stack

First, Drew set up Leo Priorities for all the software tools and services that they use internally at WillowTree. This was simple: He just used AND to add each supplier’s name to a Priority. 

Drew prioritized critical vulnerabilities for any of the companies in WillowTree’s supply chain.

Then, Drew added a layer to this Priority. In addition to prioritizing products and services used at WillowTree, he prioritized high CVEs for services in WillowTree’s tech stack. 

“Normally there wouldn’t be too many articles in my Priority tab, so if I saw a news article pop up, I knew it would be something pressing.

Tracking major programming languages 

Drew asked Leo to prioritize articles that mention any of the major programming languages used for clients at WillowTree. These include: Swift, .NET, Python, C, JavaScript, and TypeScript. 

Drew prioritized critical vulnerabilities for major programming languages WillowTree and their clients use.

Tracking the vulnerabilities that potentially impact clients

Drew also wanted to prioritize news about breaches or cybersecurity events affecting WillowTree’s clients so he could notify them as soon as possible. He used client names (most of which Leo recognizes as companies) in a Priority looking for data breaches. 

Drew created this Priority to find out about data breaches in conjunction with WillowTree’s clients.

Tracking issues regarding MacOS

Since WillowTree is a primarily MacOS company, they’re especially interested in any vulnerabilities affecting MacOS. Drew asked Leo to prioritize vulnerabilities related to MacOS so he could easily tell the rest of the company if there was something to be concerned about.

Drew prioritized articles about MacOS vulnerabilities within his team’s cybersecurity Feed.

THE RESULTS
Protecting WillowTree and their clients in just 25% of the time

Since using Leo, Drew has been able to cut down intelligence gathering time every day to just 30 minutes. He knows which articles are most important to read, and can easily see what’s happening in the world of cybersecurity. Not only can he respond quicker to threats and vulnerabilities, Leo also gives him more time to focus on other important work.

“Instead of having to look and sort through articles over 2-hour periods, now I can do it in about 30 minutes, and get better quality of information with Leo.

Protecting WillowTree with continual threat monitoring

Drew leveraged his Feedly setup during the SolarWinds attack to get the critical information, without the noise that happens during this kind of event. Drew didn’t care about the editorial commentary around SolarWinds; he wanted the technical facts so that he could serve his company and their clients. 

How WillowTree sorted technical updates from news commentary during the  SolarWinds breach: Read the full story

Beyond the SolarWinds event, Drew is able to equip WillowTree developers with the information they need to protect the company. Whenever he finds a vulnerability through Feedly, he shares more about it with the team so they understand why fixing it is important. He also uses the information he finds in Feedly to verify Proof of Concepts (PoCs).

Alerting WillowTree clients to security concerns 

Drew also uses Feedly to get indicators of compromise (IoCs) to share with clients, to better protect them now and prevent future threats. He can now send developers and project managers actionable documentation that they can share with clients in the case of a threat.

Before using Feedly and Leo, Drew spent upwards of two hours each day monitoring security news. Now, he’s reduced the time spent monitoring to just 30 minutes per day. Since using Leo to prioritize critical news, he spends 75% less time, but gets better quality information because his Feeds are tailored to his exact needs. 

“Security news is massive in terms of the scope and the breadth it can go, because each industry has different news. Feedly will save you time and help you condense all of your news articles and news feeds into one place.”

Drew’s team is expanding with a new security hire soon. He plans to train the new team member on the monitoring foundation he’s set up with Feedly so he and his team can continue to efficiently monitor supply chain threats, alert clients, and get the information they need. 

Gather threat intelligence without the noise

Streamline your threat intelligence in Feedly so you can focus on real threats and ignore the distractions.

start 30 day trial

You might also be interested in

Using AI to sort technical updates from news commentary during the SolarWinds attack: A case study

How one cybersecurity analyst leveraged Feedly to proactively evaluate news around the breach and protect his company and their clients and stakeholder

How Airbus CyberSecurity gets actionable cyber threat intelligence to customers in minutes

An inside look at how the Airbus CyberSecurity team is using Feedly to monitor and share actionable insight

How an Australian energy provider stays on top of critical cyber threats with Feedly

Case Study
This analyst team designed AI-powered security Feeds in Feedly that proactively alert them about specific topics, threats, and threat actors

Impact
box icon

Discovered a supply chain data breach a week before the public announcement

chart icon

Able to monitor hundreds of suppliers for breaches

target icon

Detected a critical vulnerability within 2 hours of its release and patched it immediately

This Feedly for Cybersecurity client has graciously allowed us to share their story on the condition of anonymity. Client names have been changed.

THE CUSTOMER
This energy provider “helps keep the lights on for customers”

Started using Feedly Cybersecurity: 2020

This Feedly client plays a critical role across the Australian energy sector. In tandem with other market players, they help protect Australia’s national energy supply from cyber attacks. “We help keep the lights on for customers,” says Joe, Cybersecurity Threat Analyst.

THE CHALLENGE
Cybersecurity threat intelligence at human speed is no longer sustainable

The onslaught of information

The world of cyber threat tracking runs on a different clock than human speed. The firehose of cyber news makes it hard for our client’s security analysts to find the signal through the noise. Analysts like Joe and his team struggled to keep up with the onslaught of information. Joe used to manage his own personal spreadsheet of 350 sources of information, which he ranked by tiers based on how trusted they were. But the amount of screen time required to keep up with incoming information and identify trends was unsustainable. “The cyber world is like drinking from a firehose in terms of the information we see,” says Joe.

There’s this concept of cyber time. Last week’s issue is like three years ago. We’re so swamped with information, we don’t have time to dive deep on a lot of stuff.”

– Joe, Cybersecurity Threat Analyst

Ever-changing types of attacks and attackers

As cyber threats and ransomware crews become increasingly sophisticated, the human ability to monitor the cyber threat landscape falls behind. No matter how knowledgeable you are, cybersecurity at human speed can’t keep up with ransomware crews using increasingly complex software to manage their operations. 

For companies like this energy provider, the stakes are high. “If they encrypt our environment, we can’t supply energy to customers,” says Joe. 

A data breach of even the smallest of our client’s vendors could put them at risk, so Joe and his team needed a way to keep an eye on even the smallest of breaches. 

THE SOLUTION
Using AI to flag specific cyber attacks, threats, and vulnerabilities

The analyst team at this company needed better tools to help leverage their time and attention and stop doing manual research. Joe’s team had been using Feedly to aggregate information for years. But when his boss, Oliver, Cyber Security Manager, found out that Feedly’s cybersecurity-specific plan could use AI to flag cyber attacks, threats, and vulnerabilities, they knew they had to try it. 

Organizing their security sources into focused Feeds 

Oliver created Feeds around three main focus areas: renewable energy sources + cybersecurity, critical vulnerabilities, and supply chain threats. 

The team selected sources of information they trusted to track cybersecurity news. Not all articles from their trusted sources concern the energy sector. To filter out cybersecurity news unrelated to the energy sector, they configured Leo, Feedly’s AI research assistant, to flag articles about the specific areas they care about.

“Before using Leo, we had very generic Feeds. We were just looking for energy and cybersecurity news in our region. But over time, I’ve been able to nuance our requirements over supply chain attacks, like Solar Winds.”

Tracking ransomware in the energy space

For example, the analyst team has always tracked news at the intersection of cybersecurity and the energy sector. But once they started using Feedly for Cybersecurity, they created a Leo Priority to flag articles that cover ransomware in the energy industry.

The team created a Leo Priority to flag articles about ransomware and the energy industry.

Tracking supply chain attacks

“We were concerned about the supply chain risk for our company,” says Joe. “We talked to our internal procurement team to really understand our top 30 providers, with whom we spend millions of dollars.”

To track supply chain risks, the team selected the exact vendors they work with and created a personalized stream of intelligence to track risks coming from their supply chain. “We were able to turn the list of our top partners into a Leo Priority and ask him to flag cyber attacks targeting those partners,” explains Joe. 

The analyst team used the “Leo company lists” feature to track a list of 650 suppliers — from Microsoft to small law offices. Leo now flags articles about cyber attacks on those companies.  

With a Priority in place, Leo flags articles about data breaches related to any of the company’s suppliers, so they’ll know when one of the companies in their supply chain is breached or attacked. Leo recognizes most of these names as companies, so he can differentiate if an attack is about Amazon (company) vs. Amazon (the river), for example.

Pushing articles to Slack to share with the local intelligence community 

Beyond their internal intelligence team, Joe and Oliver share information across several platforms with peer organizations cybersecurity teams around the globe. 

When members of Joe’s team save articles to the “Attacks in Energy Sector” Board, they automatically get pushed to a designated channel in Slack.

Joe and Oliver add critical articles to a specific Feedly Board. They’ve connected the Board to the collaboration platforms, so when Joe or his teammates add articles to the Board, their security community will automatically see critical updates. 

The analyst team can add Notes when they save articles to their “Attacks in Energy Sector” Board, and those notes will show up in the designated Slack channel.

THE RESULTS
Staying ahead of the curve

In October 2020, thanks to the work Joe had done to create Priorities based on their top 30 suppliers, his team proactively identified a data breach from one of their vendors. 

“Thanks to my supply chain Priority in Feedly, we identified that one of our vendors had been breached a week before the company actually officially told us.”

This proactive alerting allowed Joe’s team to inform procurement areas and monitor leak sites to see if any sensitive material had been published. Luckily none had been released, and the issue eventually went away.

In March 2021, Joe checked his Feedly in the morning as usual, and found an F5 breach within two hours of the breach itself. “I was sitting at my desk, and I saw the F5 vulnerability pop up in Feedly. I pushed it out to management, and then there was a massive effort to patch that problem within two days, which was awesome.” 

I was sitting at my desk, and I saw the F5 vulnerability pop up in Feedly. I pushed it out to management, and then there was a massive effort to patch that problem within two days, which was awesome.”

Avoiding information overload

When a vulnerability is exposed, “information overload goes up — you can see how the malware reporting goes up associated with that particular vulnerability” says Joe. In response to an exposed vulnerability, there’s a corresponding increase in exploits. That’s where Feedly comes in. Instead of wading through pages of articles about vulnerabilities and exploits that don’t concern his company, Joe can use Leo to surface vulnerabilities and exploits relevant to them.

“And that’s the power of Feedly. Using the smarts, intelligence, and Leo’s natural language processing to align vulnerabilities with exploits. What pops out at the end is what you need to know, what you need to take action on. Not the noise.”

What’s next: expanding the supply chain tracking 

In late 2020, the analyst team discovered that a smaller supplier was attacked after using a tool with an unpatched vulnerability. Criminals were able to steal data through a File Transfer tool. Our client was spending a relatively small amount of money with this company, so they weren’t on their list of top 30 suppliers, but this made Joe and his team realize they needed to expand their supply chain tracking in Feedly. 

The more they personalize their Feeds with help from Leo, the more our client’s security analysts can stay focused on the real threats. As Joe trusts Feedly more and more, he can focus on the high level analysis, and rely on Leo’s natural language processing to do the tedious work for him. 

Joe is excited for the possibilities to get even more proactive with upcoming Feedly features. In addition to their supply chain tracking project, the analyst team plans to use the Feedly API to push alerts directly to their internal intelligence platform, which will make it even easier to focus on threats.

From a proactive monitoring perspective, the power of using Feedly is to actually inform you of breaches before anyone else knows.”

More proactive threat intelligence. Less noise.

Streamline your threat intelligence in Feedly so you can focus on real threats and ignore the distractions.

TRY FEEDLY FOR CYBERSECURITY

The new Cybersecurity Trending Dashboard (beta)

An at-a-glance overview of the evolving cybersecurity threat landscape

Keeping up with the most critical threats, vulnerabilities, and threat actors can be time consuming and overwhelming.

We have been working with some existing Feedly for Cybersecurity customers to create a trending dashboard that offers an at-a-glance overview of the evolving cybersecurity threat landscape.

Today, we are excited to launch a beta of the Cybersecurity Trending Dashboard to all the Feedly for Cybersecurity customers.

TRY Feedly for Cybersecurity

Here is a quick walkthrough!

Trending Threats

The first component of the Trending Dashboard is a list of the trending threats reported across 1,200 different cybersecurity sources (news sites, blogs, or Twitter accounts).

The Today section now includes a Trending in Cybersecurity dashboard

It allows you to get a quick overview of what are the critical threats that are being reported across all the cybersecurity sites the Feedly community is reading. You can think of this as a TechMeme for Cybersecurity.

The model producing this dashboard is focusing on the news published in the last 24 hours.

Behind the scenes, Leo, your AI research assistant, reads all the articles across all the cybersecurity sources and Twitter accounts. Leo dismisses articles that are not about cybersecurity threats, clusters the ones that are reporting the same threat, and ranks them using different “features”.

The initial model we are pushing to beta is a global model. This means that your personal priorities and mute filters are not affecting this model (yet!).

Trending Vulnerabilities

The second component of the Trending Dashboard is a list of the trending vulnerabilities that are being discovered or discussed across cybersecurity sources.

You can click on a specific vulnerability and drill down to a page that captures all the mentions and chatter around that vulnerability.

See the chatter about a specific vulnerability

Trending Threat Actors

The last component is a list of trending threat actor mentions. It allows you to get an overview of which threat actors are being covered in the news.

You can click on a specific threat actor and get a “Search across the Web” overview of the mentions.

See the chatter about a specific threat actor

Continuously learning and getting smarter

Every component has a “Less Like This” down arrow button that you can use to provide feedback to Leo. The feedback is going to be reviewed by the product team during the beta to understand how to improve the relevance, deduplication, and prioritization. Leo loves candid feedback.

Using the Less Like This down arrow button to offer Leo feedback

We look forward to listening to your feedback and continuously improving the Cybersecurity Trending Dashboard over the next 8 weeks.

TRY Feedly for Cybersecurity

We also want to thank the customers who suggested this feature and worked with us during the Alpha. You know who you are!

Can I personalize the Trending Cybersecurity Dashboard?

Not in the current version. Once we have the core model optimized, we will look at ways to allow you personalize the dashboard by industry, product, threat types.

What is the best way to offer feedback to the product team during the beta?

If you have feedback regarding specific articles or CVEs, please use the Less Like This down arrow button to submit your feedback. If you have ideas on how to improve the concept, please email leo@feedly.com

How can I get a demo of Feedly for Cybersecurity?

If you are part of a cybersecurity team and want to get a demo of how Feedly for Cybersecurity can help you streamline your open-source intelligence, you can request a demo and a free trial here.

Can I access the Cybersecurity Trending Dashboard in the Feedly mobile app?

Not yet. The beta is only available in the Feedly Web application. We will integrate this feature into the mobile experience once the beta is complete.

Can I remove the Trending Cybersecurity Dashboard from my Today page?

Yes. If you go to your Leo preferences (https://feedly.com/i/account/leo) and scroll to the bottom of that page, you will see an option to hide the Trending Dashboard.

Introducing Feedly for Cybersecurity

New Feature
Streamline your open-source intelligence

150,000 cybersecurity professionals use Feedly to keep up with the latest security news and research insights about critical threats (vulnerabilities, malware, data breaches, threat actor groups, etc.)

Cybersecurity is a game of foresight. It is a chessboard where hackers and defenders are looking to checkmate each other.

Learning more about the tactics, techniques, and procedures used by hackers can help you better prepare against them, saving you the cost and headaches that come with a breach or attack. The cost of ransomware attacks in the U.S. surpassed $7.5 billion in 2019.

But information gathering is tedious: hundreds of new articles and tweets need to be reviewed and triaged every day. Finding critical threats in that sea of information is time-consuming and overwhelming.

Today, we’re excited to launch Feedly for Cybersecurity: a collection of integrations and Leo models that help you cut through the noise, break barriers between team silos, and streamline your threat intelligence.

Try Feedly for Cybersecurity

Leo is your AI research assistant. Ask him to read your security feeds and prioritize what matters to you:

Vulnerabilities, CVE, CVSS, and exploits

Malware, adware, ransomware, bots, …

Threat actor groups

Trending dashboard

API

Leo understands malware threats

Research and prepare for the latest malware threats without the information overload

Cybersecurity is a game of foresight. It’s a chessboard on which attackers and defenders are constantly looking for checkmate. 

Hackers launch a new ransomware attack every 14 seconds. They’re increasingly more capable and sophisticated. Learning how they plan attacks, what techniques they use, and who they’re targeting, can make you so much better prepared. You’ll save the cost and headache of a cyber assault too. This is especially important considering that the cost of ransomware attacks in the U.S. alone surpassed $7.5 billion in 2019.

But investigating malware threats is tedious. Hundreds of new articles and tweets need to be reviewed and triaged every day. Finding critical threats in that sea of information is time-consuming and overwhelming.

We want to help you streamline your tactical and operational open-source intelligence, so that you can better protect your environment.

That’s why we’ve taught Leo, your AI research assistant, to recognize malware threats. You can ask him to read your security feeds and prioritize what’s relevant to you, your sector, and your environment.

try feedly for cybersecurity

Let’s imagine that you work in a threat intelligence team and are responsible for researching and analyzing the threat landscape. You’re particularly interested in evolving malware threats (including ransomware and malvertisement).

Cut through the noise

You can train Leo to read your Security News feed and prioritize articles related to malware.

Leo prioritizes malware articles in your Security News feed

Leo continuously reads the thousands of articles published in those feeds. It’s an efficient way to cut through the noise and keep up with the evolving malware landscape without the overwhelm.

You’re in control

Leo has been trained to understand broad topics like malware, as well as hundreds of specific malware types like malvertisement, ransomware, adware, bots, rootkits, spyware, etc.

Asking Leo to prioritize malware in your Security News feed is as simple as creating a new Topic priority and selecting ‘malware’ as the topic.

Ask Leo to prioritize malware threats in your Security News feed

You can combine topics with +AND and +OR and create even more targeted priorities for Leo. For example, use +AND to focus on malware related to Android or top companies in your sector.

Refine the priority to malware and Android

You can also ask Leo to look for a specific type of malware like malvertisement or ransomware.

Prioritize ransomware threats

Continuously learning and getting smarter

Leo is smart. He continuously learns from your feedback. When Leo is wrong, you can use the ‘Less Like This’ down arrow button to let him know that an article he’s prioritized isn’t about malware.

Let Leo know when he’s wrong

Break down silos

Bring your research team into the picture. They can create a Threat Intel Report Board and save the most critical insights they discover in their Feedly. Then everyone with the same Board can leave notes and highlight the biggest threats. 

We’ve seen teams create tactical and operational Boards. For instance, a Vulnerability Report can be built up with information for those that deal with security procedures, while strategic CISO Newsletters can keep management up to speed about malware and your planned response.

Articles bookmarked in a Board can be shared with the rest of the team via daily newsletters, Slack and Microsoft Teams notifications, or pushed to other apps using the Feedly Cybersecurity API.

Share the threat intelligence you collect in Feedly with other teams and apps

Streamline your open-source intelligence

We’re excited to see how your security team will declutter your feeds and dig deeper into the critical threats that matter to you. Sign up today and discover Feedly for Cybersecurity.

try feedly for cybersecurity

You might also be interested in

Leo understands vulnerability threats

Train Leo to prioritize the most critical vulnerabilities in your cybersecurity feed

Leo understands threat actor groups

Research threat actor groups and learn more about their tactics, techniques, and procedures, without the overwhel

Leo understands threat actor groups

Research threat actor groups and learn more about their tactics, techniques, and procedures, without the overwhelm

Cyber attacks continue to wreak havoc around the world. The actors waging these wars don’t just care about fraud either. They’re part of criminal organisations. Foreign governments stealing data for defense or national interests. Even terrorists or activists driven to disrupt and cause harm. 

What’s more, they’re increasingly capable and sophisticated. It’s a growing threat that can strike anyone at any time.

When you learn about threat actors’ tactics and motivations, you can better prepare against them, saving you the costs and headaches that come with a breach or attack. 

But there’s so much content to wade through when investigating these threat actors. It’s like fishing blind in an ocean. You’ll never know what’s coming back on the hook. More time and stress is spent on finding information about the threat, rather than acting on it. You can be overwhelmed. 

We’re passionate about helping you refine and streamline your open-source intelligence. That’s why we’ve taught Leo, your AI research assistant, to recognize threat actor groups. He can find them in your Feedly security feeds, prioritizing articles related to the actors and sectors you care about.

try feedly for cybersecurity

Let’s imagine that you work in the telecommunications sector, and you’re researching the tactics and motivations of MuddyWater, an Iranian threat actor group.

Cut through the noise

You can train Leo to read all your cybersecurity, foreign affairs, and cyber warfare sources, and prioritize articles related to MuddyWater.

Prioritize a threat actor

Leo continuously reads the articles in your feeds and prioritizes the ones that mention MuddyWater (or any of its aliases). It’s a powerful and effective way to keep up with their latest techniques, tactics, and procedures.

You’re in control

Leo has been trained to recognize all the threat actor groups referenced by the MITRE ATT&CK framework. This is a list of common names for hacking groups, as recognized by the global security community.

Asking Leo to prioritize MuddyWater in your security feed is as simple as creating a new Topic priority and selecting ‘MuddyWater’ as the topic.

Enter a threat actor alias in the topic field

When you prioritize MuddyWater, Leo will also look for other synonyms for that group like Seedworm and TEMP.Zagros.

You can combine topics with +AND and +OR to create even more targeted priorities for Leo. For example, use +AND to combine an actor group with an attack vector or a sector. This narrows his focus further so you find exactly what you’re looking for.

Continuously learning and getting smarter

Because Leo is integrated with the MITRE ATT&CK framework, it’s continuously learning and getting smarter. As new groups or aliases are identified, they’ll be automatically updated in your Feedly.

Leo recognizes threat actor groups listed on the MITRE ATT&CK framework

Break down silos

As you search and discover new content, share insights with your research team. Together, you can create a Threat Intel Report Feedly Board and bookmark the most critical insights you discover. You can also add notes and highlights about why a threat is high-priority.

We’ve already seen security teams create tactical Boards, such as a Vulnerability Report, to share with their operations experts. You might also want to build a CISO Newsletter to keep your management updated. It’s all possible within Feedly.  

Articles bookmarked in a Board can be shared with the rest of the team via daily newsletters, Slack or Microsoft Teams notifications, or pushed to other apps using the Feedly Cybersecurity API.

Share the threat intelligence you collect in Feedly with other teams and apps

Streamline your open-source intelligence

We’re excited to see how your security team will declutter your feeds and dig deeper into the critical threats that matter to you. Sign up today and discover Feedly for Cybersecurity.

try feedly for cybersecurity

If you’re interested in learning more about Leo’s roadmap, you can join the Feedly Community Slack channel. 2020 will be a thrilling year with new skills and bold experiments!