Acelere su implementación SASE con la serie Backstage de SASE Week . Sesiones de exploración

cerrar
cerrar
  • Por qué Netskope chevron

    Cambiar la forma en que las redes y la seguridad trabajan juntas.

  • Nuestros clientes chevron

    Netskope atiende a más de 3.400 clientes en todo el mundo, incluidos más de 30 de las 100 empresas más importantes de Fortune

  • Nuestros Partners chevron

    Nos asociamos con líderes en seguridad para ayudarlo a asegurar su viaje a la nube.

Un Líder en SSE.
Y ahora Líder en SASE Single-Vendor.

Descubre por qué Netskope debutó como Líder en el Cuadrante Mágico de Gartner® 2024 para Secure Access Service Edge (SASE) de Proveedor Único.

Obtenga el informe
Visionarios del cliente en primer plano

Lea cómo los clientes innovadores navegan con éxito por el cambiante panorama actual de las redes y la seguridad a través de la Plataforma Netskope One.

Obtenga el eBook
Visionarios del cliente en primer plano
La estrategia de venta centrada en el partner de Netskope permite a nuestros canales maximizar su expansión y rentabilidad y, al mismo tiempo, transformar la seguridad de su empresa.

Más información sobre los socios de Netskope
Grupo de jóvenes profesionales diversos sonriendo
Tu red del mañana

Planifique su camino hacia una red más rápida, más segura y más resistente diseñada para las aplicaciones y los usuarios a los que da soporte.

Obtenga el whitepaper
Tu red del mañana
Presentamos la Netskope One Plataforma

Netskope One es una Plataforma nativa en la nube que ofrece servicios convergentes de seguridad y redes para hacer posible su transformación SASE y de confianza cero.

Más información sobre Netskope One
Abstracto con iluminación azul
Adopte una arquitectura de borde de servicio de acceso seguro (SASE)

Netskope NewEdge es la nube privada de seguridad más grande y de mayor rendimiento del mundo y ofrece a los clientes una cobertura de servicio, un rendimiento y una resiliencia incomparables.

Más información sobre NewEdge
NewEdge
Netskope Cloud Exchange

Cloud Exchange (CE) de Netskope ofrece a sus clientes herramientas de integración eficaces para que saquen partido a su inversión en estrategias de seguridad.

Más información sobre Cloud Exchange
Vista aérea de una ciudad
  • Servicio de seguridad Productos Edge chevron

    Protéjase contra las amenazas avanzadas y en la nube y salvaguarde los datos en todos los vectores.

  • Borderless SD-WAN chevron

    Proporcione con confianza un acceso seguro y de alto rendimiento a cada usuario remoto, dispositivo, sitio y nube.

  • Secure Access Service Edge chevron

    Netskope One SASE proporciona una solución SASE nativa en la nube, totalmente convergente y de un único proveedor.

La plataforma del futuro es Netskope

Intelligent Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG) y Private Access for ZTNA integrados de forma nativa en una única solución para ayudar a todas las empresas en su camino hacia el Servicio de acceso seguro Arquitectura perimetral (SASE).

Todos los productos
Vídeo de Netskope
Next Gen SASE Branch es híbrida: conectada, segura y automatizada

Netskope Next Gen SASE Branch converge Context-Aware SASE Fabric, Zero-Trust Hybrid Security y SkopeAI-Powered Cloud Orchestrator en una oferta de nube unificada, marcando el comienzo de una experiencia de sucursal completamente modernizada para la empresa sin fronteras.

Obtenga más información sobre Next Gen SASE Branch
Personas en la oficina de espacios abiertos.
Diseño de una arquitectura SASE para Dummies

Obtenga un ejemplar gratuito del único manual que necesitará sobre diseño de una arquitectura SASE.

Obtenga el eBook
Cambie a los servicios de seguridad en la nube líderes del mercado con una latencia mínima y una alta fiabilidad.

Más información sobre NewEdge
Autopista iluminada a través de las curvas de la ladera de la montaña
Habilite de forma segura el uso de aplicaciones de IA generativa con control de acceso a aplicaciones, capacitación de usuarios en tiempo real y la mejor protección de datos de su clase.

Descubra cómo aseguramos el uso generativo de IA
Habilite de forma segura ChatGPT y IA generativa
Soluciones de confianza cero para implementaciones de SSE y SASE

Más información sobre Confianza Cero
Conducción en barco en mar abierto
Netskope logra la alta autorización FedRAMP

Elija Netskope GovCloud para acelerar la transformación de su agencia.

Más información sobre Netskope GovCloud
Netskope GovCloud
  • Recursos chevron

    Obtenga más información sobre cómo Netskope puede ayudarle a proteger su viaje hacia la nube.

  • Blog chevron

    Descubra cómo Netskope permite la transformación de la seguridad y las redes a través del perímetro de servicio de acceso seguro (SASE)

  • Eventos y Talleres chevron

    Manténgase a la vanguardia de las últimas tendencias de seguridad y conéctese con sus pares.

  • Seguridad definida chevron

    Todo lo que necesitas saber en nuestra enciclopedia de ciberseguridad.

Podcast Security Visionaries

El futuro de la seguridad: cuántica, IA y cambio macropolítico
Emily Wearmouth y Max Havey hablan con el CEO de Netskope, Sanjay Beri, y el CTO, Krishna Narayanaswamy, sobre el futuro de la seguridad.

Reproducir el pódcast Ver todos los podcasts
El futuro de la seguridad: cuántica, IA y cambio macropolítico
Últimos blogs

Lea cómo Netskope puede habilitar el viaje hacia Zero Trust y SASE a través de las capacidades de perímetro de servicio de acceso seguro (SASE).

Lea el blog
Amanecer y cielo nublado
SASE Week 2024 bajo demanda

Aprenda a navegar por los últimos avances en SASE y Zero Trust y explore cómo estos marcos se están adaptando para abordar los desafíos de ciberseguridad e infraestructura

Explorar sesiones
SASE Week 2024
¿Qué es SASE?

Infórmese sobre la futura convergencia de las herramientas de red y seguridad en el modelo de negocio actual de la nube.

Conozca el SASE
  • Empresa chevron

    Le ayudamos a mantenerse a la vanguardia de los desafíos de seguridad de la nube, los datos y la red.

  • Ofertas de Trabajo chevron

    Join Netskope's 3,000+ amazing team members building the industry’s leading cloud-native security platform.

  • Soluciones para clientes chevron

    Le apoyamos en cada paso del camino, garantizando su éxito con Netskope.

  • Formación y Acreditaciones chevron

    La formación de Netskope le ayudará a convertirse en un experto en seguridad en la nube.

Apoyar la sostenibilidad a través de la seguridad de los datos

Netskope se enorgullece de participar en Vision 2045: una iniciativa destinada a crear conciencia sobre el papel de la industria privada en la sostenibilidad.

Descubra más
Apoyando la sustentabilidad a través de la seguridad de los datos
Ayude a dar forma al futuro de la seguridad en la nube

At Netskope, founders and leaders work shoulder-to-shoulder with their colleagues, even the most renowned experts check their egos at the door, and the best ideas win.

Únete al equipo
Empleo en Netskope
El talentoso y experimentado equipo de servicios profesionales de Netskope proporciona un enfoque prescriptivo para su exitosa implementación.

Más información sobre servicios profesionales
Servicios profesionales de Netskope
Asegure su viaje de transformación digital y aproveche al máximo sus aplicaciones en la nube, web y privadas con la capacitación de Netskope.

Infórmese sobre Capacitaciones y Certificaciones
Grupo de jóvenes profesionales que trabajan

Leveraging Feedly and Netskope Cloud Threat Exchange to Accelerate Threat Intelligence Gathering, Analysis, and Sharing

Jun 22 2023

Cyber threat intelligence is a foundational piece of any organization’s security program, providing defenders with awareness of activities occurring in the threat landscape. Accounting for all threats an organization may face is a daunting and nearly impossible task. Some organizations may take the step to stay informed by following industry leaders or a news service. While this approach to threat intelligence gathering is better than nothing, it’s inefficient and often causes organizations to lag or miss critical intelligence leaving them in the dark about the latest threats. This occurs because the “noise” a security analyst must go through to find information relevant to their organization or the minor technologies that compose an organization’s tech stack is overwhelming. This article discusses how organizations like Netskope can use Feedly for Threat Intelligence, backed with their Feedly AI, to help security teams cut through the noise and keep track of critical technologies in the organization’s tech stack and supply chain. 

Organizational challenges of cyber threat intelligence (CTI) 

When initially performing CTI, teams can encounter several challenges when defining goals and setting workflows. The cyber threat intelligence lifecycle can help teams get an initial workflow started, but defining clear and concise goals can be more difficult. The first question CTI teams should ask is, “What intelligence brings value to the organization and its security team?” Answering this question helps set attainable goals and clarifies what intelligence should be gathered. In practice, this looks different for each organization based on its environment and technology stack. Intelligence programs should also consider how their intelligence enhances security operations. CTI can flow directly into how an organization performs alerting and threat hunting, but isolating operational intelligence within the vastness of intelligence poses a challenge. Such questions raised here are “What threats to monitor” and “How to collect indicators of compromise.” An easy way to start is to monitor the threat landscape of the organization’s industry. While industry monitoring may not get as granular as monitoring specific threat actors, it provides a good starting place to see which adversaries an organization may face. From there, security teams can home in on changes in TTPs and collect new IoCs to strengthen the organization’s security stack and provide threat hunters with a better understanding of the adversaries they hunt. 

What is Feedly for Threat Intelligence, and how does it help in the CTI process?

Feedly for Threat Intelligence helps security teams collect and share actionable open source intelligence faster. It includes AI models that scour the open web and continuously gather, enrich and synthesize threat insights, all while reducing noise so teams can analyze threats more efficiently. For instance, you can monitor specific threat actors active in your industry, track the exploits of new vulnerabilities, or dive deeper into specific malware. Feedly’s AI models make it easy to get targeted feeds related to your environment. For example, most organizations utilize Windows OS on their endpoints. With Feedly, a team could look at “Microsoft Windows” AND “Critical Vulnerabilities.” This feed will display trending information related to the Windows OS and vulnerabilities with a CVSS above 8 or vulnerabilities with a CVSS above 5 that also have an exploit. It enables vulnerability management teams to prioritize the remediation of vulnerabilities based on what is actively observed in the threat landscape. 

Utilizing Feedly for Threat Intelligence to track vulnerabilities in an organization’s tech stack also provides the benefit of uncovering research where vulnerabilities are chained together to cause compromise of greater severity than any one vulnerability. Getting insights on the latest methodologies of chaining these vulnerabilities allows security teams to fully gauge the risk of vulnerable assets.

One of the advantages of Feedly AI is helping to identify zero-day vulnerabilities before they are widely reported so you can start your assessment. Zero-days are flaws in the software or service that lack mitigations, such as software patches or configuration changes. With Feedly for Threat Intelligence, an organization can monitor for zero-days affecting their technology stack or all zero-days found in the wild. It has helped Netskope discover, track, analyze, and respond to zero-day threats several days before mainstream reporting so the team could proactively create vulnerability reports for leadership. 

To help analysts understand vulnerabilities, Feedly for Threat Intelligence provides a CVE intelligence card for each CVE. The CVE card shows all the important information on a CVE that an analyst would need to assess whether actions need to be taken or if the organization is unaffected. Within the CVE intelligence card are details such as severity, affected systems, exploit availability, available patches, linked malware/threat actors, and a CVE timeline of reported, published, exploited, and released, along with a trend line of how commonly it is being reported. The CVE card also shows the latest references so analysts can read up on the latest news.

Threat intelligence extends beyond vulnerability management to other areas, including investigating threat actors, threat hunting, identifying Indicators of Compromise, and much more. Feedly for Threat Intelligence has helped Netscope perform other forms of threat intelligence, such as investigating threat actor tactics, techniques, and procedures (TTPs) and capabilities. Tracking how threat actors evolve helps security teams understand how adversaries operate so the teams can implement appropriate and effective security controls and shore up any weaknesses found within the security stack. If an organization has a Red Team, then the Red Team can emulate the observed behaviors to test the detection and response of the current security stack. 

Along similar lines, threat actors’ TTPs and capabilities are indicators of compromise. Having up-to-date IoCs is invaluable to a security team as this ensures effective block lists are in place to stop the latest threats.

Automating IoC ingestion and sharing with Netskope Cloud Threat Exchange 

Intelligence is only useful if it is actionable. Now that you are getting more reliable insights into the threats that pose the highest risk to your organization, you can’t be asked to spend your entire day updating blocklists or sending alerts to your SOC. Netskope Cloud Exchange makes it easy to automate IoC ingestion AND take action on this intelligence.

Netskope Cloud Exchange is essentially a large API broker with four separate modules based on the type of data you want to share throughout your security stack. The Cloud Threat Exchange module allows us to share file hash and URL indicators between different tools through plugins. At the time, there was no plugin specifically for connecting to a Feedly stream, so we developed a custom CTE plugin that allows us to ingest IoCs found in our Feedly stream and automatically add them to objects serving as blocklists in our Netskope tenant. While an initial time investment was required to curate our Feedly stream and build the plugin, in the long run, this frees up time our analysts can use to be proactive in other areas, such as engaging in threat hunts.

Not all IoCs are created equal; the context around them is essential to analysts understanding the risk they pose to your organization. With our plugin, we made sure that we included Traffic Light Protocol,  TTPs, and a link to the original article where the IoC was found. This affords us more granularity when writing our business rules and subsequent sharing configurations within Netskope Cloud Exchange while also providing analysts with additional information and resources to understand potential threats. 

One component of operationalizing the threat feed was leveraging the reputation scoring feature of Netskope Cloud Exchange. We initially set a lower reputation scoring for the indicators coming from Feedly as we had not spent as much time writing exclusions and tuning rules for the Feedly stream. Our sharing configurations that leverage the reputation score of an indicator are doing so because high-confidence indicators create fewer false positives. Over time, as we curated the feed and felt more confident in the results we received, we edited the Feedly plugin configuration to have a higher reputation score and get closer to those thresholds set by our business rules. 

The custom plugin we developed is now available to all customers as the official Netskope Cloud Threat Exchange plugin for pulling threat indicators from a Feedly stream. You can check out our configuration walkthrough video here to get started with bringing automation to your threat intelligence workflows.