Notícias do Delivery e do Brasil                                                                           
Pular para o conteúdo
Início » Cyber Threat Intelligence Case Study

Cyber Threat Intelligence Case Study


Impact

Keeps track of critical vulnerabilities in the supply chain so he can react quickly

Went from spending 2-3 hours sorting through threat intelligence news to 30 minutes of reading only the most relevant articles

Monitors breaches and vulnerabilities that could put clients at risk…and creates proactive solutions before they become disasters

THE CUSTOMER

WillowTree, Digital Product Consultancy

Started using Feedly For Cybersecurity: 2020

WillowTree is a digital product consultancy with clients including HBO, Domino’s, Anheuser-Busch InBev, FOX Sports and Hilton. Drew Gallis, a security analyst at WillowTree’s Virginia headquarters, is part of a small team responsible for company security and for proactively alerting WillowTree’s clients of security concerns.

THE CHALLENGE

A limited amount of time to dedicate to threat intelligence

With a small team dedicated to cybersecurity, efficiency is everything. The team at Willow Tree has to stay on top of the threat landscape so nothing falls through the cracks. While Drew’s official title is “Cyber Security Analyst,” he wears multiple hats: incident response, incident remediation, reporting on security news, and securing web and mobile applications developed by WillowTree, with 20-30 projects running at any given time.

Consuming information fast so he can quickly share actionable insights across the company

Drew is deeply passionate about cybersecurity and wants to get the word out to everyone in the company. He’s genuinely excited about sharing information that helps other people (developers, clients, etc.) do their jobs better and be safer.

Only about 20% of Drew’s job is dedicated to risk and analysis, and even less of that time is available for news monitoring. So he needed a way to find the best news about critical vulnerabilities without eating up the rest of his time at work.

Trying out Feedly for Cybersecurity to consolidate and prioritize in one place

Drew’s mentor and supervisor, Adrian Guevara, Head of Cyber Security at WillowTree, had been using Feedly’s free plan for years to consolidate all of his cybersecurity information into one place. So when Drew and his team learned about Feedly for Cybersecurity’s ability to help them refine their Feeds and prioritize the most important information, they had to try it.

I only have about 20% of my day to look into risk and analyze different things going on within our organization. I wanted to narrow our data and focus on certain points with my limited time.

Drew Gallis, Cyber Security Analyst, WillowTree

THE SOLUTION

Reducing the volume of information to only critical insights

Adrian and Drew already had all of their top cybersecurity sources organized into Feeds on the free plan. So when they joined Feedly for Cybersecurity, all they had to do was start using Feedly AI to prioritize the most important news. Feedly AI reads every article in their Feeds, and then separates the most important ones into the ‘Priority’ tab. Thanks to this sorting and organization, Adrian and Drew can spend their limited attention reading the high-priority news first.

The biggest thing for us was exploring Feedly AI’s functionality. We made tailored filters to prioritize specific services, specific programming languages, specific packages, and different vendors we use.

Drew Gallis, Cyber Security Analyst, WillowTree

Prioritizing critical vulnerabilities in WillowTree’s tech stack

First, Drew set up AI Feeds for all the software tools and services that they use internally at WillowTree. This was simple: He just used AND to add each supplier’s name.

Then, Drew added a layer to this AI Feed. In addition to prioritizing products and services used at WillowTree, he prioritized high CVEs for services in WillowTree’s tech stack.

Normally there wouldn’t be too many articles in my Priority tab, so if I saw a news article pop up, I knew it would be something pressing.

Drew Gallis, Cyber Security Analyst, WillowTree

Tracking major programming languages

Drew asked Feedly AI to prioritize articles that mention any of the major programming languages used for clients at WillowTree. These include: Swift, .NET, Python, C, JavaScript, and TypeScript.

Tracking the vulnerabilities that potentially impact clients

Drew also wanted to prioritize news about breaches or cybersecurity events affecting WillowTree’s clients so he could notify them as soon as possible. He used client names (most of which Feedly AI recognizes as companies) in a Priority looking for data breaches.

Tracking issues regarding MacOS

Since WillowTree is a primarily MacOS company, they’re especially interested in any vulnerabilities affecting MacOS. Drew asked Feedly AI to prioritize vulnerabilities related to MacOS so he could easily tell the rest of the company if there was something to be concerned about.

THE RESULTS

Protecting WillowTree and their clients in just 25% of the time

Since using Feedly AI, Drew has been able to cut down intelligence gathering time every day to just 30 minutes. He knows which articles are most important to read, and can easily see what’s happening in the world of cybersecurity. Not only can he respond quicker to threats and vulnerabilities, Feedly AI also gives him more time to focus on other important work.

Instead of having to look and sort through articles over 2-hour periods, now I can do it in about 30 minutes, and get better quality of information with Feedly AI.

Drew Gallis, Cyber Security Analyst, WillowTree

Protecting WillowTree with continual threat monitoring

Drew leveraged his Feedly setup during the SolarWinds attack to get the critical information, without the noise that happens during this kind of event. Drew didn’t care about the editorial commentary around SolarWinds; he wanted the technical facts so that he could serve his company and their clients.

How WillowTree sorted technical updates from news commentary during the SolarWinds breach: Read the full story.

Beyond the SolarWinds event, Drew is able to equip WillowTree developers with the information they need to protect the company. Whenever he finds a vulnerability through Feedly, he shares more about it with the team so they understand why fixing it is important. He also uses the information he finds in Feedly to verify Proof of Concepts (PoCs).

Alerting WillowTree clients to security concerns

Drew also uses Feedly to get indicators of compromise (IoCs) to share with clients, to better protect them now and prevent future threats. He can now send developers and project managers actionable documentation that they can share with clients in the case of a threat.

Before using Feedly AI, Drew spent upwards of two hours each day monitoring security news. Now, he’s reduced the time spent monitoring to just 30 minutes per day. Since using Feedly AI to prioritize critical news, he spends 75% less time, but gets better quality information because his Feeds are tailored to his exact needs.

Security news is massive in terms of the scope and the breadth it can go, because each industry has different news. Feedly will save you time and help you condense all of your news articles and news feeds into one place.

Drew Gallis, Cyber Security Analyst, WillowTree

Drew’s team is expanding with a new security hire soon. He plans to train the new team member on the monitoring foundation he’s set up with Feedly so he and his team can continue to efficiently monitor supply chain threats, alert clients, and get the information they need.

Gather threat intelligence without the noise

Streamline your threat intelligence in Feedly so you can focus on real threats and ignore the distractions.

START 30 DAY TRIAL

f508736c6d4f12317521e24965d633d48a6bf54d-932x719 Cyber Threat Intelligence Case Study



Source link