Leo and Cybersecurity

Do you need to keep up with the latest vulnerabilities and threats but do not have the time to read all your security feeds? We can help.

In 2018, fifteen thousand vulnerabilities were discovered, the number of exploits doubled and more than four security articles were published every minute. Keeping up with all these trends can be time-consuming and overwhelming.

This is a problem we are very passionate about.

We are excited to announce that we have been working with two of the largest cybersecurity teams in Silicon Valley to create a new Leo skill called Security Threat.

The goal of this new skill is to allow you to focus your attention on the most critical vulnerabilities in your feeds – taking into consideration the CVSS score, the content of the article, the level of awareness of the CVE and the products/vectors your care about.

In this post, we are going to show you how to train your Leo to prioritize in your feeds the most critical vulnerabilities related to Microsoft.

Discover the Best Cybersecurity Sources

The first step, if you do not follow vulnerability sources yet, is to click on Add Content and search for #security or #vulnerability. You will see a list of about one thousand security publications, blogs, and subject matter experts you can easily add to your Feedly.

Create a security feed and pick ten sources:

Access to 1,000 sources across 25 security topics

Because Feedly is an open platform, you can add any source you want to follow that publishes an RSS feed.

Train Your Leo

The second step is to train Leo to prioritize the most critical vulnerabilities in your security feed. Most security teams care about the most critical vulnerabilities: the ones which have a CVSS score greater than 8 and/or have an exploit and are related to products they have installed in their environment.

The Leo Security Skill allows you to either lookup or predict the CVSS score of a vulnerability mentioned in an article. When a new article is published in your feed, Leo will first try to lookup the CVSS and exploit information from multiple open source Web databases. If there is no CVE or CVSS, it will try to predict the severity of the vulnerability based on the content and terminology used in the article.

Training Leo to prioritize high severity vulnerabilities around the products you care about is very easy:

The new Leo Security Threat skill

In the priority modeler, add a first layer of type Security Threat and select the High threshold.

Prioritize high severity threat related to Microsoft via a 2-layer model

Then add a second Topic layer and pick the list of products you would like Leo to track.

That is it! Leo will combine both layers and look for high severity vulnerabilities mentioning the products you care about.

Read, Share, and Shine

Leo will continuously read your Vulnerabilities feed and when an article matches the high severity threshold and mentions a product you care about, Leo will annotate that article and move it to your priority shortlist.

Prioritized security feed

When you open your Vulnerabilities feed, you will first see the shortlist of articles Leo has prioritized. If Leo has found the CVSS information for the mentioned vulnerability, you will see it as part of the metadata of the article.

Prioritized article have a green marker with the name of the priority. If you click on that marker, you will be presented with a short explanation of why Leo prioritized this articles and the controls for you to refine Leo’s training.

This aspect around control and transparency is really important to us. It is what we call collaborative intelligence.

Save to board to share via a newsletter, Slack or Microsoft Teams

If you see an article or vulnerability that is particularly important, you can save that article into a Feedly board and configure that board to push the content to an email newsletter, a Slack channel or a Microsoft Teams channel. Boards are a powerful way to keep important articles for reference and easily share with your teammates.

Continuously Learning and Getting Smarter

One of the powers of Leo is that he is constantly collaborating with you and learning from you. If you see an article that is highly relevant, you can save it to a board and then use the content of that board to re-enforce Leo’s learning via a Like-board skill.

The Leo Less Like This feedback loop

If Leo was wrong about detecting a vulnerability, assigning a severity to it, or detected a product you are interested in, you can at any point of time click on the down arrow icon (also called Less Like This icon) and provide feedback to Leo.

That feedback is process daily and used to continuously improve the various machine learning models used to power Leo.

Join the Leo Beta

The Leo cybersecurity skill was created over the last 12 months in close collaboration with two of the largest and most advanced security teams in Silicon Valley.

We are excited to hear what the Leo beta community thinks about this new skill! If you are part of the security team and would like to test drive Leo Cyber Security, please join the beta program.

-Mathieu, Olivier, David, and Stephane