Many leading cybersecurity teams rely on Feedly to organize and automate their open-source threat intelligence, helping them stay ahead of emerging threats. After researching and reviewing 100 of these teams, we have gathered their best practices for utilizing open-source threat intelligence in this article.
One of the key features that cybersecurity professionals find valuable is the Threat Intelligence Dashboard in Feedly. This dashboard provides a comprehensive overview of the emerging threat landscape, including trending cybersecurity articles and attacks, new vulnerabilities, active attackers, new behaviors, and malware families. Within a few minutes, professionals can gain insight into what’s happening in the cybersecurity community.
The Trending News section allows teams to stay ahead of attacks by seeing which threats are gaining traction in the cybersecurity community. This enables them to prioritize their response efforts effectively. The Vulnerabilities section helps improve reaction time by keeping professionals informed of new vulnerabilities as they arise, facilitating prompt response and risk mitigation. The Attackers section provides an easy way to identify trending Threat Actors and create Web Alerts to track their actions and behaviors. This helps teams keep a close eye on potential threats. Additionally, the Tactics & Techniques section allows professionals to keep track of the most prevalent TTPs (Tactics, Techniques, and Procedures) among Threat Actors. This information can be compared with other Threat Actor Profiles to identify defensive gaps. Finally, the New Malware section helps professionals research the latest malware affecting systems, enabling them to stay vigilant against emerging threats.
Feedly AI plays a crucial role in tracking critical vulnerabilities and zero-days across the web. It harnesses the power of artificial intelligence to understand vulnerabilities and assess their severity. By reading millions of articles every day, Feedly AI identifies critical security threats. It automatically searches for relevant information related to a CVE (Common Vulnerabilities and Exposures), including CVSS (Common Vulnerability Scoring System) scores, related exploits and malware families, links to threat actors, CWE (Common Weakness Enumeration) information, and patches. This information is then organized into a rich CVE insights card. Even when a CVE doesn’t have a CVSS score, Feedly AI uses machine learning to predict the score, enabling professionals to stay ahead of emerging threats.
To effectively leverage Feedly AI, cybersecurity teams often create an AI Feed targeting all critical vulnerabilities. This gives them a broad view of the threat landscape. Additionally, they can create specific AI Feeds for each main product deployed in their environment, narrowing down the focus. These feeds are grouped into a Vulnerabilities folder for easy management.
Tracking and visualizing the behaviors of specific Threat Actors and Malware Families is another crucial aspect of open-source threat intelligence. Feedly’s integration with the Mitre ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework enables teams to achieve this. With pre-trained understanding of threat actors (integration with Malpedia), Mitre ATT&CK, and threat intelligence report models, Feedly AI provides valuable insights into adversary behavior. By creating AI Feeds for each threat actor and malware family defined on their threat profiling list, teams can track their behaviors and group them into a “Threat Intel” folder. Additionally, Feedly AI can map the content of articles to the ATT&CK Navigator, allowing for easy analysis and comparison with existing defenses. The automatic flagging of malicious IPs, hashes, domains, and URLs (Indicators of Compromise) further enhances the threat intelligence capabilities.
Tracking cyber attacks targeting specific industries or supply chains is also made efficient through Feedly AI. Professionals can instruct Feedly AI to track cyber attacks targeting specific sectors, enabling them to stay informed about potential threats. This feature can be further narrowed down to specific types of threats, such as data breaches impacting credit cards or cyber attacks using multi-factor authentication.
In addition to leveraging Feedly AI, cybersecurity teams can enhance their threat intelligence by following trusted security feeds in Feedly. This centralized platform allows them to follow websites, blogs, newsletters, Reddit communities, Twitter accounts, searches, and hashtags all in one place. By consolidating their sources in Feedly, teams save valuable time previously spent sharing articles across various platforms.
Feedly also provides tools for collecting and sharing threat intelligence with Boards. Professionals can annotate, highlight, add notes, and save articles to Boards for future reference. Additionally, with Feedly for Threat Intelligence, users gain access to features such as auto-generating newsletters, sharing articles with platforms like Slack or Microsoft Teams, and integration into existing workflows through Feedly’s Rest API. Team Boards can be created for various purposes, such as saving articles about critical vulnerabilities, IoCs (Indicators of Compromise) reports, threat intelligence briefings for executive teams, descriptions of threat actor behaviors, emerging malware techniques, or instances of supply chain attacks.
In conclusion, Feedly serves as a critical tool for cybersecurity teams to organize and automate their open-source threat intelligence. By leveraging Feedly AI, tracking specific Threat Actors and Malware Families, and following trusted security feeds, teams can stay ahead of emerging threats and effectively respond to potential attacks. The ability to collect and share threat intelligence through Boards further enhances collaboration within teams and facilitates efficient information sharing.