Train Leo to prioritize the most critical vulnerabilities in your cybersecurity feeds
Do you need to keep up with the latest vulnerabilities and threats but do not have the time to read all your security feeds? We can help.
In 2018, fifteen thousand vulnerabilities were discovered, the number of exploits doubled and more than four security articles were published every minute. Keeping up with all these trends can be time-consuming and overwhelming.
This is a problem we are very passionate about and have been researching with two of the largest security teams in Silicon Valley.
Today, we are excited to announce a new Leo skill called Security Threats.
We have been teaching Leo to read security articles and find or assess the severity of the software vulnerabilities they mention so that he can help you focus your attention on the most critical threats in your feeds first.
Here is a demo!
Let’s look at how you can train your Leo to prioritize articles mentioning critical vulnerabilities related to Microsoft, WordPress, or Docker.
Cut through the noise
Leo continuously reads your feeds and short-lists the most critical vulnerabilities in the priority tab.
For example, you might have a cybersecurity feed connected to niche security experts, vulnerability databases, keyword alerts, etc. with thousands of new articles per month.
You can train Leo to read those 1,000+ articles and prioritize the 30 or so referencing high severity threats (CVSS > 8) and related to vendors you care about (Microsoft, WordPress, Docker in the example above).
You’re in control
Leo is not an opaque recommendation engine. Instead, Leo has a set of skills that gives you control over defining what information is important to you.
The new Security Threat skill allows Leo to read an article, lookup CVE, CVSS, and exploit information from multiple open source databases and determine how critical a vulnerability is.
The new Security Threat skill also includes a sophisticated machine learning model that allows Leo to assess the severity of a threat based on the vocabulary used to describe the software vulnerability. This is particularly useful for zero-day vulnerabilities which might not have a CVE or CVSS.
Training Leo to prioritize vulnerabilities is very simple.
The first layer of the model captures the severity threshold. High means CVSS > 8 or CVSS > 5 but with an exploit.
The second layer of the model captures the list of vendors.
Control and transparency are core Leo design principles.
All the articles prioritized by Leo have a green priority marker. Clicking on that marker offers an explanation of why the article was prioritized and the opportunity to refine, pause or remove that priority.
When an article is related to a CVE, you can also click on that CVE to get additional information about the vulnerability: description, CVSS score, exploits, patches, etc.
Continuously learning and getting smarter
Leo learns from his mistakes. When a recommendation is wrong, you can use the “Less-Like-This” down arrow button to correct Leo.
You can let Leo know that he misclassified a vulnerability, miscalculated the severity, or misidentified a vendor.
Leo learns from your feedback and gets continuously smarter.
Streamline your open-source intelligence
We are excited to see many security teams declutter their feeds and dig deeper into the vulnerabilities that matter to them. Sign up today and discover what Feedly for Cybersecurity can do for you!
If you are interested in learning more about Leo’s roadmap, you can join the Feedly Community Slack. 2020 will be a thrilling year with new skills and bold experiments!
About the Author
