Categories: Delivery Brasil

How to track emerging cyber threats in real-time


The core of Feedly for Threat Intelligence is an AI engine, that automatically gathers, analyzes, and prioritizes intelligence from millions of sources in real-time.

In this article, we’ll show you how to use AI Models to:

  • Monitor critical vulnerabilities and zero-days
  • Research the behavior of specific threat actors and malware families
  • Understand the threat landscape around your industry
  • Track niche cybersecurity topics

Meet Feedly AI

Feedly AI reads millions of articles, reports, and social media posts every day and automatically tags key threat intelligence concepts: critical vulnerabilities, malware families, threat actors, indicators of compromise, ATT&CK techniques, companies, vendors, industries, etc.

All this information is at your fingertips in near real-time via a powerful and intuitive search and tracking interface called (Feedly) AI Feeds.

Curious how it works? Let’s take a look at an AI Feed designed to track critical vulnerabilities and zero-days related to Cisco Systems:

Creating an AI Feed is a three-step process:

  1. Use AI Models to define the intelligence you want to gather. In our example, we use the ‘High Vulnerability’ and ‘Cisco Systems’ AI Models to discover new critical vulnerabilities related to Cisco Systems.
  2. Use AND, OR, NOT operators to combine multiple AI Models and refine your focus. In our example, we use AND to track articles and reports that reference both ‘High Vulnerabilities’ and ‘Cisco Systems’.
  3. If needed, refine sources with your own trusted sources. By default, (Feedly) AI Feeds will search across the Cybersecurity Bundle (a collection of 50,000+ security news sources, threat research blogs, newsletters, vendor advisories, government agencies, vulnerability databases, CISO magazines, and Reddit communities curated collectively by 200,000 cyber professionals using Feedly and partitioned by Feedly AI into three tiers based on popularity and authority).

With AI Feeds, you can add to a team or personal folder. New articles, reports, or social media posts matching the specified AI Models will appear in the AI Feeds.

The power of AI Feeds is that ‘High Vulnerability’ and ‘Cisco Systems’ are not simple keyword matches. These AI Models are machine learning models that encapsulate a broader understanding of each concept:

  • ‘High Vulnerability’ is an AI Model that tracks vulnerabilities with a CVSS score above 8 or a CVSS score above 5 that includes a known exploit. If the vulnerability does not have a CVSS score yet, a machine learning model is used to forecast the CVSS score based on the descriptions of the vulnerability. Learn more
  • ‘Cisco Systems’ is a ‘Company’ AI Model that tracks for mentions of Cisco by its name or any known aliases. When the company name is ambiguous, a disambiguation model is used to remove false positives.

Without AI Models, gathering intelligence would require a tedious effort of trying to find a long list of the right keywords, leaving room for blind spots and lots of irrelevant results.

Feedly for Threat Intelligence comes with a wide range of pre-trained AI Models so that you can easily translate your intelligence needs into AI Feeds.

Let’s see how we can combine these AI Models to proactively track specific threats and stay one step ahead of your adversaries.

Research the behavior of specific threat actors and malware families

Tracking the behavior of threat actors and malware families can be tedious and overwhelming, taking up valuable time that could be spent hunting for malicious activity in your environment.

That’s why Feedly has created a set of AI Models that automatically tag threat actors, malware families, TTPs, and IoCs.

Let’s take a look at an AI Feed designed to track the latest IoCs and TTPs related to Lazarus Group across threat intelligence reports published on the web:

  • ‘Lazarus Group’ is a ‘Threat Actor’ AI Model powered by Malpedia that tracks mentions of the threat actor by name or its many aliases. Learn more
  • ‘Indicators of Compromise’ is an AI Model that tracks malicious URLs, IPs, email addresses, domains, and hashes. Learn more
  • ‘Tactics & Techniques’ is an AI Model powered by the Mitre ATT&CK v10 framework that tracks tactics, techniques, and sub-techniques and their relationships. Learn more
  • ‘Threat Intelligence Report’ is an AI Model that flags intel reports containing in-depth technical details about IoCs, TTPs, threat actors, and malware. Learn more

Here are some additional AI Models you can use to broaden or narrow your threat profiling:

Understand the threat landscape around your industry

Staying up to date with the latest attacks against your industry can help you be better prepared when putting defenses in place, as well as help you learn about which threat actors to look out for so you can be more targeted when gathering intelligence.

Let’s take a look at an AI Feed designed to gather intelligence about cyber attacks in the finance industry:

  • ‘Cyber Attacks’ is an AI Model that tracks instances of cyber attacks and tries to determine who or what the target of the attack is. Learn more
  • ‘Finance Industry’ is an ‘Industry’ AI Model that classifies articles related to the finance industry based on company mentions and terminology. Learn more

You can also easily narrow your focus on a specific type of attack:

Monitor critical vulnerabilities and zero-days

Manually keeping ahead of new vulnerabilities and zero-days is an impossible task, but you can set up AI Feeds to help you stay up to date on new vulnerabilities that come across the radar of the global cybersecurity community.

Feedly aggregates vulnerability information from NVD and over 20 vendor advisory sites — as well as monitoring many sources to find exploits for each CVE — in near real-time.

Let’s take a look at an AI Feed designed to surface critical vulnerabilities and zero-days related to a vendor deployed in your environment:

When you discover a new CVE, you can use the CVE insights card to get a 360 degree view of that vulnerability and decide if you should create a ticket for your response team.

Track niche cybersecurity topics

You can also use AI Feeds to track niche cybersecurity topics.

Let’s take a look at an AI Feed designed to gather intelligence about malicious, compromised, or hijacked packages:

Here are some additional AI Models you can use to track niche cybersecurity topics:

Getting smarter every day

The world’s leading cybersecurity teams use Feedly for their OSINT, so the product constantly improves, and we add more AI models. Check out the latest AI Models.



Source link

Delivery Brasil

Share
Published by
Delivery Brasil

Recent Posts

McDonald’s mexe em cardápio nos EUA para lanches caberem no bolso do consumidor

O McDonald’s anunciou um novo menu de baixo custo, o “McValue”, uma nova categoria de…

5 horas ago

Cesta de Natal: preços devem ficar 9% mais caros neste ano, diz pesquisa; veja lista

A cesta de Natal fechará o ano com alta de 9,16%, projeta a prévia do…

3 dias ago

Alimentos nos EUA estão caros e deportações em massa podem piorar situação; entenda

Os americanos estão fartos das altas contas do supermercado e esperam que o presidente eleito…

5 dias ago

Empresas estão diminuindo variedade de produtos nas prateleiras para reduzir custos nos EUA

O pepperoni estava saindo de controle na Hormel, empresa de alimentos dos Estados Unidos.No ano…

2 semanas ago

Confiança do consumidor dos EUA bate recorde em sete meses, mostra pesquisa

A confiança do consumidor dos Estados Unidos aumentou para um recorde de sete meses no…

2 semanas ago

Preços mundiais dos alimentos atingem em outubro maior alta em 18 meses, diz FAO

Os preços mundiais dos alimentos subiram em outubro, atingindo a maior alta em 18 meses,…

2 semanas ago