How Church & Dwight’s CISO used Feedly to track log4j in real time – Feedly Blog


Picked up on trending vulnerabilities in Feedly before they were rated

chart icon

Saved an hour each day with streamlined intelligence workflow

target icon

Consolidated the team’s research workflow, improved effectiveness, and reduced overwhelm

David Ortiz is the Chief Information Security Officer (CISO) of Church & Dwight, the company behind brands like ARM & HAMMER, Trojan, OxiClean, OraJel, and other products. As CISO, David’s primary focus is to oversee cybersecurity, IT Risk Management, data privacy operations, and manage risk to the company so he can keep leadership informed. 

Unlike a threat intelligence analyst looking at the day-to-day intel and mitigation, David is concerned with the big-picture impact of cybersecurity on the business. “We don’t want to talk too much about the widgets and the tech, we want to talk more about the impact to the overall business.”

On a “typical” day: David’s daily news progression for effective threat intelligence

Every day, David looks out for indicators that there may have been a critical cyber attack somewhere in Church & Dwight’s supply chain. With that information, he can inform leadership of the business implications. Church & Dwight has a large provider network including contract manufacturers, manufacturers, vendors. The company needs to keep track of what’s happening across the entire supply chain to protect the business at all levels. 

To stay in front of the news, David goes through a systematic news progression every morning before his team’s 9am scrum. He works his way through sources including: 

  • Cybersecurity-specific news sources like WSJ Pro Cybersecurity Cyber Security Hub
  • Twitter, Reddit, and LinkedIn
  • National newspapers and news sources like the Wall Street Journal, The New York Times, and 1440
  • Wikipedia 
The “Today” page in Feedly, where David starts his news progression each morning.

Before using Feedly, he had to visit each one of these sites individually. Now, he says “It is a single place for my news progression. I can go through Feedly and see everything.” Instead of fielding emails from different sources, David gets his newsletters delivered to Feedly as well.

Feedly has saved me an hour a day. It is a single place for my news progression. I can go through Feedly and see everything”

David Ortiz, CISO, Church & Dwight

How David used Feedly to monitor the log4j vulnerabilities

The week that the log4j vulnerability broke in December 2021, David’s news progression looked a little different than on a normal day. 

“When I woke up on Friday morning, our managed security provider had already sent out advisories at 4am East Coast time. I saw that, and I had already gone into Feedly and started reading news and seen it breaking. We knew log4j was coming and used breaking news in conjunction with our vulnerability response activities.”

The Threat Intelligence Dashboard in Feedly shows trending articles, trending vulnerabilities, and trending attackers. Cybersecurity professionals like David use this page for a quick glance at what’s happening if they only have a few minutes to check Feedly.

By the Saturday after the vulnerability broke, news started flooding in. David remembers, “I was looking for critical vulnerabilities and CVSS scores. That’s when Feedly started working its magic: We started to see the news propagate and get organized by Leo.” 

I was looking for critical vulnerabilities and CVSS scores. That’s when Feedly started working its magic: We started to see the news propagate and get organized by Leo”

Even before a CVSS score is assigned to a vulnerability, Leo estimates a score based on the machine learning models we use to prioritize CVEs. And as the story developed and it became clear that log4j was really four distinct vulnerabilities, Feedly helped show that they were trending. David explains, “When the other vulnerabilities were still at a low level — not yet elevated to a critical or high level — Feedly was telling me it was trending, which meant more people were talking about this and more articles were being published about it.” 

When the other vulnerabilities were still at a low level – not yet elevated to a critical or high level — Feedly was telling me it was trending.”

David Ortiz, CISO, Church & Dwight

David was watching both Feedly and the National Vulnerability Database news to see if one specific vulnerability was going to trend and become a critical vulnerability. If it was identified as a critical vulnerability, that would dictate how Church & Dwight security teams respond to the vulnerability.

If no CVSS score has been assigned to a specific CVE, Leo estimates a score based on the machine learning models we use to track CVEs.

David adds, “Feedly helped me follow the vulnerabilities that weren’t yet rated. By looking at the trending vulnerabilities and estimated CVSS scores in Feedly, I could estimate that they would eventually get assigned a high or critical rating, which they did.”

Why this CISO uses Feedly to centralize and optimize his team’s open source threat intelligence

David chose Feedly as his team’s open source threat intelligence tool for three main reasons: 

  1. He wanted a centralized place to reduce information overload for his team 
  2. He wanted a place where his team can share common data and benefit from shared knowledge
  3. He wanted to get in front of the news

1. A centralized place to reduce information overload and notification fatigue

David’s extremely conscious of the impact of information overload on his team, and designed his Feedly setup with that in mind. “Feedly is a common area to share data so that we’re not fatiguing one another with more news and more notifications.” 

David strategically set up two main Team Newsletters to send automatically and summarize news, instead of sending one-off texts and Slack messages that would distract his team. 

  • One weekly newsletter that sends every Friday and includes any articles David and the team saved to a Feedly Board that week 
  • One “breaking” newsletter that sends automatically — but only when there’s what the team considers breaking news
David and the team save relevant articles to a Team Board, which sends a Newsletter automatically each week.

2. A place to share common data and avoid duplicate work

Instead of everyone on his team having separate, siloed security sources, David and his team use Feedly as the common area to share those trusted sources of data. This means everyone’s on the same page about threat intelligence and risk management, and the whole team benefits from having multiple smart cybersecurity minds working together. 

3. A way to get in front of the news

Before adopting Feedly as his open source threat intelligence tool, David used to complete his daily “news progression” every day across various different sources. But now, he’s able to consolidate his intelligence in one place and streamline the process.

What’s next for this CISO  

When there’s not a critical vulnerability front and center, David focuses on projects on the company’s security roadmap, including risk reduction and safeguarding data. “Feedly helps me stay in front of the news so I can help keep the company safe.”

And what’s next for David’s work with Feedly? David continues to work with his team in the process of gathering open source threat intelligence . He’s looking forward to the upcoming Customizable Newsletters feature (coming soon!) that will make it even easier to send advisories and customize them with internal knowledge.

Stay ahead of attacks and vulnerabilities

Try Feedly for Threat Intelligence so you can gather open source intelligence and share insights with the people who need them, faster.

START FREE 30-DAY TRIAL



Source link

We will be happy to hear your thoughts

Leave a reply

KARAOKE MANIAC
Logo
Enable registration in settings - general
Shopping cart