Real-time Methods for Monitoring Emerging Cyber Threats

The core of Feedly for Threat Intelligence is an AI engine that gathers, analyzes, and prioritizes intelligence from millions of sources in real-time. This article explores four use cases for utilizing AI Models in Feedly to enhance threat intelligence capabilities.

Feedly AI reads millions of articles, reports, and social media posts daily and automatically tags key threat intelligence concepts. These concepts include critical vulnerabilities, malware families, threat actors, indicators of compromise, ATT&CK techniques, companies, vendors, and industries. This information is accessible in near real-time through a search and tracking interface called (Feedly) AI Feeds.

To track critical vulnerabilities and zero-days related to specific entities like Cisco Systems, users can create an AI Feed. Creating an AI Feed involves using AI Models to define the desired intelligence. Operators like AND, OR, and NOT can be used to combine and refine multiple AI Models. Additionally, users can customize sources with their own trusted ones.

Feedly AI Feeds search across the Cybersecurity Bundle, which comprises over 50,000 security news sources, threat research blogs, newsletters, vendor advisories, government agencies, vulnerability databases, CISO magazines, and Reddit communities. The bundle is curated collectively by 200,000 cyber professionals using Feedly and categorized into three tiers based on popularity and authority.

The power of AI Feeds lies in the capabilities of the AI Models. For example, the ‘High Vulnerability’ AI Model tracks vulnerabilities with a CVSS score above 8 or a CVSS score above 5 that includes a known exploit. If a vulnerability lacks a CVSS score, a machine learning model forecasts it based on the vulnerability descriptions. Similarly, the ‘Cisco Systems’ AI Model tracks mentions of Cisco by name or known aliases, utilizing a disambiguation model to eliminate false positives.

Gathering intelligence without AI Models would require manually searching for keyword matches, which is time-consuming and prone to blind spots and irrelevant results. Feedly for Threat Intelligence offers a range of pre-trained AI Models to simplify the translation of intelligence needs into AI Feeds.

One use case for utilizing AI Models is researching the behavior of specific threat actors and malware families. Feedly offers AI Models that automatically tag threat actors, malware families, tactics, techniques, and indicators of compromise. This allows users to create AI Feeds that track the latest IoCs and TTPs related to specific threat actors across threat intelligence reports.

Understanding the threat landscape around your industry is another crucial use case. By utilizing AI Models, users can gather intelligence about cyber attacks in their industry and identify relevant threat actors. This information helps in the preparation of defenses and targeted intelligence gathering.

Monitoring critical vulnerabilities and zero-days is made easier with AI Feeds. Feedly aggregates vulnerability information from various sources, including the National Vulnerability Database (NVD) and vendor advisory sites. This allows users to stay up to date on new vulnerabilities that come to the attention of the global cybersecurity community.

Lastly, AI Feeds can be used to track niche cybersecurity topics. Users can create AI Feeds that gather intelligence about specific topics such as malicious or compromised packages.

Feedly constantly improves its product and adds new AI models to meet the evolving needs of cybersecurity teams. By utilizing Feedly for Threat Intelligence and its AI capabilities, organizations can enhance their threat intelligence capabilities and stay one step ahead of adversaries.

[Conclusion not provided]