Threat Intelligence

How a WillowTree cybersecurity analyst gathers threat intelligence in just 30 minutes a day

Drew Gallis, analyst at WillowTree, leverages Feedly Threat Intelligence to track cyber threats across the company’s supply chain and protect clients

Annie Bacheron Aug 17, 2021

Impact

Keeps track of critical vulnerabilities in the supply chain so he can react quickly
Went from spending 2-3 hours sorting through threat intelligence news to 30 minutes of reading only the most relevant articles
Monitors breaches and vulnerabilities that could put clients at risk…and creates proactive solutions before they become disasters

THE CUSTOMER
WillowTree, Digital Product Consultancy

Started using Feedly Threat Intelligence: 2020

WillowTree is a digital product consultancy with clients including HBO, Domino’s, Anheuser-Busch InBev, FOX Sports and Hilton. Drew Gallis, a security analyst at WillowTree’s Virginia headquarters, is part of a small team responsible for company security and for proactively alerting WillowTree’s clients of security concerns.

THE CHALLENGE
A limited amount of time to dedicate to threat intelligence

With a small team dedicated to cybersecurity, efficiency is everything. The team at Willow Tree has to stay on top of the threat landscape so nothing falls through the cracks. While Drew’s official title is “Cyber Security Analyst,” he wears multiple hats: incident response, incident remediation, reporting on security news, and securing web and mobile applications developed by WillowTree, with 20-30 projects running at any given time.

Consuming information fast so he can quickly share actionable insights across the company

Drew is deeply passionate about cybersecurity and wants to get the word out to everyone in the company. He’s genuinely excited about sharing information that helps other people (developers, clients, etc.) do their jobs better and be safer.

Only about 20% of Drew’s job is dedicated to risk and analysis, and even less of that time is available for news monitoring. So he needed a way to find the best news about critical vulnerabilities without eating up the rest of his time at work.

Trying out Feedly Threat Intelligence to consolidate and prioritize in one place

Drew’s mentor and supervisor, Adrian Guevara, Head of Cyber Security at WillowTree, had been using Feedly’s free plan for years to consolidate all of his cybersecurity information into one place. So when Drew and his team learned about how Feedly Threat Intelligence could help them refine their Feeds and prioritize the most important information, they had to try it.

I only have about 20% of my day to look into risk and analyze different things going on within our organization. I wanted to narrow our data and focus on certain points with my limited time.

Drew Gallis, Cyber Security Analyst, WillowTree

THE SOLUTION
Reducing the volume of information to only critical insights

Adrian and Drew already had all of their top cybersecurity sources organized into Feeds on the free plan. So when they joined Feedly Threat Intelligence, all they had to do was start using Feedly AI to prioritize the most important news. Thanks to this sorting and organization, Adrian and Drew can spend their limited attention reading the high-priority news first.

The biggest thing for us was exploring Feedly AI’s functionality. We made tailored filters to prioritize specific services, specific programming languages, specific packages, and different vendors we use.

Drew Gallis, Cyber Security Analyst, WillowTree

Prioritizing critical vulnerabilities in WillowTree’s tech stack

First, Drew set up AI Feeds for all the software tools and services that they use internally at WillowTree. This was simple: He just used AND to add each supplier’s name.

Drew prioritized critical vulnerabilities for any of the companies in WillowTree’s supply chain.

Then, Drew added a layer to this AI Feed. In addition to tracking products and services used at WillowTree, he tracks high CVEs for services in WillowTree’s tech stack.

Normally there wouldn’t be too many articles in my Priority tab, so if I saw a news article pop up, I knew it would be something pressing.

Drew Gallis, Cyber Security Analyst, WillowTree

Tracking major programming languages

Drew created an AI Feed to track mentions of any of the major programming languages used for clients at WillowTree. These include: Swift, .NET, Python, C, JavaScript, and TypeScript.

Drew tracks critical vulnerabilities for major programming languages WillowTree and their clients use.

Tracking the vulnerabilities that potentially impact clients

Drew also wanted to track news about breaches or cybersecurity events affecting WillowTree’s clients so he could notify them as soon as possible. He used client names (most of which Feedly AI recognizes as companies) in an AI Feed looking for data breaches.

Drew created this AI Feed to find out about data breaches in conjunction with WillowTree’s clients.

Tracking issues regarding MacOS

Since WillowTree is a primarily MacOS company, they’re especially interested in any vulnerabilities affecting MacOS. Drew tracked vulnerabilities related to MacOS so he could easily tell the rest of the company if there was something to be concerned about.

Drew prioritized articles about MacOS vulnerabilities within his team’s cybersecurity Feed.

THE RESULTS
Protecting WillowTree and their clients in just 25% of the time

Since using Feedly Threat Intelligence, Drew has been able to cut down intelligence gathering time every day to just 30 minutes. He knows which articles are most important to read, and can easily see what’s happening in the world of cybersecurity. Not only can he respond quicker to threats and vulnerabilities, but he has more time to focus on other important work.

Instead of having to look and sort through articles over 2-hour periods, now I can do it in about 30 minutes, and get better quality of information with Feedly AI.

Drew Gallis, Cyber Security Analyst, WillowTree

Protecting WillowTree with continual threat monitoring

Drew leveraged his Feedly setup during the SolarWinds attack to get the critical information, without the noise that happens during this kind of event. Drew didn’t care about the editorial commentary around SolarWinds; he wanted the technical facts so that he could serve his company and their clients.

How WillowTree sorted technical updates from news commentary during the SolarWinds breach: Read the full story.

Beyond the SolarWinds event, Drew is able to equip WillowTree developers with the information they need to protect the company. Whenever he finds a vulnerability through Feedly, he shares more about it with the team so they understand why fixing it is important. He also uses the information he finds in Feedly to verify Proof of Concepts (PoCs).

Alerting WillowTree clients to security concerns

Drew also uses Feedly to get indicators of compromise (IoCs) to share with clients, to better protect them now and prevent future threats. He can now send developers and project managers actionable documentation that they can share with clients in the case of a threat.

Before using Feedly AI, Drew spent upwards of two hours each day monitoring security news. Now, he’s reduced the time spent monitoring to just 30 minutes per day. Since using Feedly AI to prioritize critical news, he spends 75% less time, but gets better quality information because his Feeds are tailored to his exact needs.

Security news is massive in terms of the scope and the breadth it can go, because each industry has different news. Feedly will save you time and help you condense all of your news articles and news feeds into one place.

Drew Gallis, Cyber Security Analyst, WillowTree

Drew’s team is expanding with a new security hire soon. He plans to train the new team member on the monitoring foundation he’s set up with Feedly so he and his team can continue to efficiently monitor supply chain threats, alert clients, and get the information they need.

Gather threat intelligence without the noise

Streamline your threat intelligence in Feedly so you can focus on real threats and ignore the distractions.

Start 30 Day Trial
Share