Leo and Cybersecurity
Do you need to keep up with the latest vulnerabilities and threats but do not have the time to read all your security feeds? We can help.
In 2018, fifteen thousand vulnerabilities were discovered, the number of exploits doubled and more than four security articles were published every minute. Keeping up with all these trends can be time-consuming and overwhelming.
This is a problem we are very passionate about and have been researching with with two of the largest security teams in Silicon Valley.
Today, we are excited to announce a new Leo skill called Security Threats.
We have been teaching Leo to read security articles and find or assess the severity of the software vulnerabilities they mention so that he can help you focus your attention on the most critical threats in your feeds first.
Here is a demo!
Let’s look at how you can train your Leo to prioritize articles mentioning critical vulnerabilities related to Microsoft, WordPress, or Docker.
Leo continuously reads your feeds and short-lists the most critical vulnerabilities in the priority tab.
For example, you might have a cybersecurity feed connected to niche security experts, vulnerability databases, keyword alerts, etc. with thousands of new articles per month.
You can train Leo to read those 1,000+ articles and prioritize the 30 or so referencing high severity threats (CVSS > 8) and related to vendors you care about (Microsoft, WordPress, Docker in the example above).
Leo is not a black box recommendation engine. Instead, Leo ships with a set of skills that gives you control over defining what information in important to you.
The new Security Threat skill allows Leo to read an article, lookup CVE, CVSS, and exploit information from multiple open source databases and determine how critical a vulnerability is.
The new Security Threat skill also includes a sophisticated machine learning model that allows Leo to assess the severity of a threat based on the vocabulary used to describe the software vulnerability. This is particularly useful for zero-day vulnerabilities which might not have a CVE or CVSS.
Training Leo to prioritize vulnerabilities is very simple.
The first layer of the model captures the severity threshold. High means CVSS > 8 or CVSS > 5 but with an exploit.
The second layer of the model capture the list of vendors
Control and transparency are core Leo design principles.
All the articles prioritized by Leo have a green priority marker. Clicking on that marker offers an explanation of why the article was prioritized and the opportunity to refine, pause or remove that priority.
When an article is related to a CVE, you can also click on that CVE to get additional information about the vulnerability: description, CVSS score, exploits, patches, etc.
Leo learns from his mistakes. When a recommendation is wrong, you can use the “Less-Like-This” down arrow button to correct Leo.
You can let Leo know that he misclassified a vulnerability, miscalculated the severity, or mis-identified a vendor.
Leo learns from your feedback and gets continuously smarter.
If you do not have a cybersecurity feed in your Feedly yet, there is a cybersecurity bundle that lets you create a feed with fifty of the best security sources in a couple of clicks.
Leo Cybersecurity is generally available to all Feedly Teams/Business users. If you have any questions or feedback regarding Leo, you are welcome to join the Feedly Lab Slack and connect with the dev team.
-Mathieu, Olivier, David, and Stephane