Over the last twelve months, we interacted with hundreds of cybersecurity teams. One of the common murmurs we are hearing is that it is increasingly harder to keep up with trends and threads in the security space.
In 2018, fifteen thousand vulnerabilities were discovered and the number of exploits doubled – resulting in about four new security articles getting published every second on the Web.
This is a problem we are very passionate about so we are excited to announce a new Leo Security Skill that allows you to prioritize within your feeds the articles that reference the most critical vulnerabilities.
It is a powerful way of focusing your attention on the 10% of vulnerabilities that matter the most – taking into consideration the CVSS score, the content of the article, the level of awareness of the CVE and the products/vectors your care about.
For example, here is a quick tour of how you can train Leo to prioritize the high severity threats related to Microsoft products.
Discover the Best Cybersecurity Sources
The first step, if you do not follow vulnerability sources yet, is to click on Add Content and search for #security or #vulnerability. You will see a list of about one thousand security publications, blogs, and subject matter experts you can easily add to your Feedly. Create a Vulnerabilities feed and add ten to fifteen sources.
Because Feedly is an open platform, you can add any source you want to follow that publishes an RSS feed.
Train Your Leo
The second step is to train Leo to prioritize the most critical vulnerabilities in your feed. Most security teams care about the top 10% of the vulnerabilities that have a CVSS score greater than 8 and/or have an exploit.
The Leo Security Skill allows him to either lookup or predict the CVSS score of a vulnerability mentioned in an article. So when a new article is published in your feed, Leo will first try to lookup the CVSS and exploit information from the Web. If there is no CVE or CVSS, it will try to predict the severity of the vulnerability based on the content and terminology used in the article.
Training Leo to prioritize high severity vulnerabilities around products . you care about is simple.
In the priority modeler, add a first layer of type Security Threat and select the High threshold.
Then add a second Topic layer and pick the list of products you would like Leo to track. Leo will combine both layers and look for high severity vulnerabilities mentioning the products you care about.
Read, Share, and Shine
Leo will continuously read your Vulnerabilities feed and when an article matches the high severity and mentions the products you care about, Leo will annotate that article and move it to your priority queue.
When you open your Vulnerabilities feed, you will first see the shortlist of articles Leo has prioritized. If Leo has found the CVSS information for the mentioned vulnerability, you will see it as part of the metadata of the article.
Prioritized article have a green marker with the name of the priority. If you click on that marker, you will be presented with a short explanation of why Leo prioritized this articles and the controls for you to refine Leo’s training.
This aspect around control and transparency is really important to us. It is what we call collaborative intelligence.
If you see an article or vulnerability that is particularly important, you can save that article into a Feedly board and configure that board to push the content to an email newsletter, a Slack channel or a Microsoft Teams channel. Boards are a powerful way to keep important articles for reference and easily share with your teammates.
Continuously Learning and Getting Smarter
One of the powers of Leo is that he is constantly collaborating with you and learning from you. If you see an article that is highly relevant, you can save it to a board and then use the content of that board to re-enforce Leo’s learning via a Like-board skill.
If Leo was wrong about detecting a vulnerability, assigning a severity to it, or detected a product you are interested in, you can at any point of time click on the down arrow icon (also called Less Like This icon) and provide feedback to Leo.
That feedback is process daily and used to continuously improve the various machine learning models used to power Leo.
Join the Leo Beta
The Leo cybersecurity skill was created over the last 12 months in close collaboration with two of the largest and most advanced security teams in Silicon Valley.
We are excited to hear what the Leo beta community thinks about this new skill! If you are part of the security team and would like to test drive Leo Cyber Security, please join the beta program.
-Mathieu, Olivier, David, and Stephane