How Airbus CyberSecurity gets actionable cyber threat intelligence to customers in minutes – Feedly Blog


Increasing speed of intelligence with a streamlined OSINT process

At Feedly, we use Airbus CyberSecurity’s workflow as a model to teach other security teams to set up efficient, collaborative intelligence gathering processes using our platform. This is how they get actionable cybersecurity intelligence to their customers in a matter of minutes.

1. Asking Leo to track customer assets and products

Chris and Adam ask Leo, Feedly’s AI research assistant, to track anything related to critical vulnerabilities affecting them and their customers’ assets and products across the web (not just in the sources they follow in Feedly). They can then add the results of these Leo Web Alerts to their Feedly account.

Then, using a portfolio of security sources they trust, Chris and Adam asked Leo to prioritize anything related to their customers, including customer assets and products. With Priorities, Leo reads all incoming information and surfaces the most relevant content, based on the specific parameters Chris and Adam set up. According to Chris, “We know that anything that’s triggering the Priorities is something we need to focus on. Instead of us having to hunt for actionable intelligence from different sources, we can just have a glance at the Priorities and go from there.”

Chris and Adam asked Leo to prioritize news about high vulnerabilities related to their customers and products they use

With Feedly for Cybersecurity, Chris and Adam can see the CVSS score directly in their Feeds, which gives them more tools to share with customers. They can click into a CVE Card, to access all the information related to the CVE, access the severity of a vulnerability, and determine if it should be escalated to their team for further research without zig zagging across different tabs. If not provided by the National Vulnerability Database (NVD), Leo will estimate the CVSS score and CWE attack type for each vulnerability. 

“We can just look at Leo’s prioritization and see what needs to be taken care of first,” says Chris. “It’s really helpful to see the top attackers and go from there.”

3. Instantly sharing articles with external email addresses

If they find a critical vulnerability about a customer’s supply chain, for example, Chris and Adam’s team need an easy and fast way to get it to the people who need to know.

The team initially had a solid workflow set up, and with a few tips from Remi on the Feedly customer success team, they made it even more streamlined. Remi says “The Airbus CyberSecurity team had developed a clever workaround with IFTTT to send articles to a list of six external customers.” But there was room for improvement, so “during one success session, we were able to tweak it a bit to send polished emails directly from the Feedly interface, without using a third-party tool as a workaround.”

Instead of connecting Feedly to email with an IFTTT integration in the middle, Remi showed Chris and Adam how they could actually send parts of an article directly to external email addresses using Notes.  

The Airbus CyberSecurity CTI team sends articles instantly from Feedly to external recipients via email, by tagging them in the Notes

4. Curating relevant content daily for each customer for instant, organized communication

To organize information to share with customers, Chris and Adam created one Team Board per customer. Team Boards are shared spaces to save articles, and can trigger other automations, like the Slack integration or an email. If Chris saves an article to a customer’s Board, it can immediately trigger a Slack message or an email notification to the customer. “I used to have to summarize gathered intelligence in an email and send it to customers. Now ​​I can just attach relevant information to a Board and I can send it instantly to the people that need it.”

In Team Board > Sharing Settings, the team turns on Slack notifications and choose which Slack channel receives a notification when they save an article to that Board.

Notifications from Boards can be sent to anyone via email, whether or not they have a Feedly account. Chris and Adam send articles to analysts, CTO teams, or even the CEO. “Everyone sees these notifications straight away, and it’s just a really good way of getting it to them quicker.”

5. Sending proactive briefings via automated daily and weekly Newsletters

Apart from ad hoc alerts when relevant issues come up for customers, Chris and Adam also send out daily and weekly newsletters on topics of interest. They add any articles that customers might find interesting to a dedicated Board. They’ve configured the Board to automatically send a Newsletter, which is an automated roundup of recently added articles that can be sent at regular intervals.

Instead of copying and pasting multiple articles into a weekly email, Chris and Adam automate their weekly roundups to send directly as Newsletters from their assorted Boards.

Source link

We will be happy to hear your thoughts

Leave a reply

Enable registration in settings - general
Shopping cart