Threat Intelligence

Using Feedly AI to sort technical updates from news commentary during the SolarWinds attack

How one cybersecurity analyst leveraged Feedly AI to proactively evaluate news around the breach and protect his company and their clients and stakeholders

Annie Bacheron Aug 19, 2021

Back in 2020, it wasn’t hard to find information about the SolarWinds breach. In fact, the problem for cybersecurity analysts like Drew Gallis was the deafening noise of commentary about the breach. In a time of crisis, sites like New York Times and other editorial sources tend to drown out actionable technical information from security-specific sources.

SolarWinds catapulted into this massive newsline of all these articles saying stuff with no technical insights.
Drew Gallis, Cybersecurity Analyst, WillowTree

Drew is a cybersecurity analyst at WillowTree, a digital product consultancy with clients including HBO, Domino’s, Anheuser-Busch InBev, FOX Sports and Hilton. He’s part of a small security team responsible for incident response, incident remediation, reporting on security news, and securing web and mobile applications. Given the limited amount of time he has for monitoring threat intelligence, Drew needed a way to separate critical technical updates from useless news commentary around the SolarWinds attack.

Finding actionable technical insights amid the noise of the attack

“A lot of news organizations just point fingers at different companies, without actually providing any technical backing as to why they’re saying these things,” says Drew. He needed to find useful, actionable information he could leverage to equip his company with the facts they needed to protect themselves and their clients from breaches related to SolarWinds.

Drew and the cybersecurity team at WillowTree leaned heavily on their Feedly setup to monitor security news during the SolarWinds attack. In the article he published about the breach, Drew writes, “Feedly allows us to leverage and utilize Feedly AI, which can sort and aggregate our “feeds” by filters which narrows down on key indicators such as organization breaches, critical CVEs, vendor releases, system vulnerabilities, new security tooling, etc.”

I used Feedly to find the real technical insights as to what happened during SolarWinds. So I could easily see IoCs and technical documentation as to how the attack was carried out.
Drew Gallis, Cybersecurity Analyst, WillowTree

Using Feedly AI to eliminate false information and gather IoCs

Drew used Feedly AI to quickly eliminate false information which was abundant on the topic, such as accusations of Russian-owned company TeamCity. He was also able to gather any indicators of compromise (IoCs) on the issue, such as logs, data, and statistics.

By gathering threat intelligence during the SolarWinds attack, Drew and his team were able to hand off actionable reports to developers and project managers to help WillowTree’s clients proactively protect against breaches. He says “I use Feedly to consolidate information and quickly generate actionable documentation and reports that we can then share with our clients. For SolarWinds, I was giving our clients indicators of compromise and different domains associated with the actual breach so they could better protect themselves.”

Drew uses the information he finds in Feedly to make sure he’s not only educating clients about indicators of compromise and proofs of concept related to SolarWinds, but also helping them protect themselves during future attacks.

I use Feedly to consolidate information and quickly generate actionable documentation and reports that we can share with our clients
Drew Gallis, Cybersecurity Analyst, WillowTree

Try Feedly for Cybersecurity

Start a 30-day trial of Feedly for Cybersecurity and keep up with critical threat intelligence, without the noise.

START 30 DAY TRIAL

You might also be interested in

Share