How a WillowTree cybersecurity analyst gathers threat intelligence in just 30 minutes a day

Fecha de publicación: 17/08/2021
Fuente: Noticias ICEX
Lugar: Case Study
Case Study
Drew Gallis, analyst at WillowTree, leverages Feedly for Cybersecurity to track cyber threats across the company’s supply chain and protect clients

ImpactKeeps track of critical vulnerabilities in the supply chain so he can react quickly.Went from spending 2-3 hours sorting through threat intelligence news to 30 minutes of reading only the most relevant articles.Monitors breaches and vulnerabilities that could put clients at risk…and creates proactive solutions before they become disasters.



THE CUSTOMERWillowTree, Digital Product Consultancy



Started using Feedly For Cybersecurity: 2020



WillowTree is a digital product consultancy with clients including HBO, Domino’s, Anheuser-Busch InBev, FOX Sports and Hilton. Drew Gallis, a security analyst at WillowTree’s Virginia headquarters, is part of a small team responsible for company security and for proactively alerting WillowTree’s clients of security concerns.




THE CHALLENGEA limited amount of time to dedicate to threat intelligence



With a small team dedicated to cybersecurity, efficiency is everything. The team at Willow Tree has to stay on top of the threat landscape so nothing falls through the cracks. While Drew’s official title is “Cyber Security Analyst,” he wears multiple hats: incident response, incident remediation, reporting on security news, and securing web and mobile applications developed by WillowTree, with 20-30 projects running at any given time. 



Consuming information fast so he can quickly share actionable insights across the company 



Drew is deeply passionate about cybersecurity and wants to get the word out to everyone in the company. He’s genuinely excited about sharing information that helps other people (developers, clients, etc.) do their jobs better and be safer.



Only about 20% of Drew’s job is dedicated to risk and analysis, and even less of that time is available for news monitoring. So he needed a way to find the best news about critical vulnerabilities without eating up the rest of his time at work. 



Trying out Feedly for Cybersecurity to consolidate and prioritize in one place



Drew’s mentor and supervisor, Adrian Guevara, Head of Cyber Security at WillowTree, had been using Feedly’s free plan for years to consolidate all of his cybersecurity information into one place. So when Drew and his team learned about Feedly for Cybersecurity’s ability to help them refine their Feeds and prioritize the most important information, they had to try it. 



“I only have about 20% of my day to look into risk and analyze different things going on within our organization. I wanted to narrow our data and focus on certain points with my limited time.”Drew Gallis, Cyber Security Analyst, WillowTree





THE SOLUTIONReducing the volume of information to only critical insights



Adrian and Drew already had all of their top cybersecurity sources organized into Feeds on the free plan. So when they joined Feedly for Cybersecurity, all they had to do was start using Leo, their AI research assistant in Feedly, to prioritize the most important news. Leo reads every article in their Feeds, and then separates the most important ones into the ‘Priority’ tab. Thanks to this sorting and organization, Adrian and Drew can spend their limited attention reading the high-priority news first. 



“The biggest thing for us was exploring Leo’s functionality. We made tailored filters to prioritize specific services, specific programming languages, specific packages, and different vendors we use.”



Prioritizing critical vulnerabilities in WillowTree’s tech stack



First, Drew set up Leo Priorities for all the software tools and services that they use internally at WillowTree. This was simple: He just used AND to add each supplier’s name to a Priority. 



Drew prioritized critical vulnerabilities for any of the companies in WillowTree’s supply chain.



Then, Drew added a layer to this Priority. In addition to prioritizing products and services used at WillowTree, he prioritized high CVEs for services in WillowTree’s tech stack. 



“Normally there wouldn’t be too many articles in my Priority tab, so if I saw a news article pop up, I knew it would be something pressing.”



Tracking major programming languages 



Drew asked Leo to prioritize articles that mention any of the major programming languages used for clients at WillowTree. These include: Swift, .NET, Python, C, JavaScript, and TypeScript. 



Drew prioritized critical vulnerabilities for major programming languages WillowTree and their clients use.



Tracking the vulnerabilities that potentially impact clients



Drew also wanted to prioritize news about breaches or cybersecurity events affecting WillowTree’s clients so he could notify them as soon as possible. He used client names (most of which Leo recognizes as companies) in a Priority looking for data breaches. 



Drew created this Priority to find out about data breaches in conjunction with WillowTree’s clients.



Tracking issues regarding MacOS



Since WillowTree is a primarily MacOS company, they’re especially interested in any vulnerabilities affecting MacOS. Drew asked Leo to prioritize vulnerabilities related to MacOS so he could easily tell the rest of the company if there was something to be concerned about.



Drew prioritized articles about MacOS vulnerabilities within his team’s cybersecurity Feed.





THE RESULTSProtecting WillowTree and their clients in just 25% of the time



Since using Leo, Drew has been able to cut down intelligence gathering time every day to just 30 minutes. He knows which articles are most important to read, and can easily see what’s happening in the world of cybersecurity. Not only can he respond quicker to threats and vulnerabilities, Leo also gives him more time to focus on other important work.



“Instead of having to look and sort through articles over 2-hour periods, now I can do it in about 30 minutes, and get better quality of information with Leo.”



Protecting WillowTree with continual threat monitoring



Drew leveraged his Feedly setup during the SolarWinds attack to get the critical information, without the noise that happens during this kind of event. Drew didn’t care about the editorial commentary around SolarWinds; he wanted the technical facts so that he could serve his company and their clients. 



How WillowTree sorted technical updates from news commentary during the  SolarWinds breach: Read the full story. 



Beyond the SolarWinds event, Drew is able to equip WillowTree developers with the information they need to protect the company. Whenever he finds a vulnerability through Feedly, he shares more about it with the team so they understand why fixing it is important. He also uses the information he finds in Feedly to verify Proof of Concepts (PoCs).



Alerting WillowTree clients to security concerns 



Drew also uses Feedly to get indicators of compromise (IoCs) to share with clients, to better protect them now and prevent future threats. He can now send developers and project managers actionable documentation that they can share with clients in the case of a threat.



Before using Feedly and Leo, Drew spent upwards of two hours each day monitoring security news. Now, he’s reduced the time spent monitoring to just 30 minutes per day. Since using Leo to prioritize critical news, he spends 75% less time, but gets better quality information because his Feeds are tailored to his exact needs. 



“Security news is massive in terms of the scope and the breadth it can go, because each industry has different news. Feedly will save you time and help you condense all of your news articles and news feeds into one place.”



Drew’s team is expanding with a new security hire soon. He plans to train the new team member on the monitoring foundation he’s set up with Feedly so he and his team can continue to efficiently monitor supply chain threats, alert clients, and get the information they need. 




Gather threat intelligence without the noiseStreamline your threat intelligence in Feedly so you can focus on real threats and ignore the distractions.start 30 day trial



You might also be interested inUsing AI to sort technical updates from news commentary during the SolarWinds attack: A case studyHow one cybersecurity analyst leveraged Feedly to proactively evaluate news around the breach and protect his company and their clients and stakeholderHow Airbus CyberSecurity gets actionable cyber threat intelligence to customers in minutesAn inside look at how the Airbus CyberSecurity team is using Feedly to monitor and share actionable insight