Threat Intelligence Case Study – Delta Dental daltonit
Impact
More relevant threat intelligence in half the time
A complete picture of emerging threats in only 15 minutes
A streamlined and effective intelligence-gathering process
The short version
The customer: Roger, Senior Security Engineer, Cyber Risk Management Solutions, Delta Dental: Roger monitors vulnerabilities and threats for Delta Dental, the leading dental insurance provider in the US. Every week, he puts together a risk advisory report that goes out to approximately fifty people in the infrastructure and application teams.
The challenge: spending hours manually monitoring vulnerabilities. Monitoring emerging threats and vulnerabilities used to involve visiting dozens of threat intelligence websites each day.
The solution: Gathering intelligence in one place with Feedly. The vulnerability management team uses Feedly to gather, prioritize, and manage all of the intelligence on critical vulnerabilities in a single place.
The results: Better intelligence gathered in half the time. With Feedly, the vulnerability management team at Delta Dental spends 50% less time gathering intelligence and monitoring threats — and the data they gather is more relevant, too. They gather insights from millions of different sources in near real-time, so get the complete picture on emerging threats.
THE CLIENT
A small vulnerability management team
On any given day, Roger has a lot on his plate: he’s in charge of vulnerability management for Delta Dental, the United States’s leading dental insurance provider. His responsibilities include identification, analysis, validation, and remediation of all vulnerability risks. “I run the full gamut of risk management, but specifically pertaining to vulnerabilities,” Roger explains. “It’s my responsibility to make sure that the entire program is running efficiently.”
Roger tracks vulnerabilities on a daily basis to monitor critical and emergent threats. One of the most important and time-consuming aspects of his job is the weekly risk advisory report he puts together for Delta Dental’s infrastructure and application teams. With the information Roger gathers each week, his colleagues can fix vulnerabilities and update software to keep their entire network secure. The vulnerability management team functions like a managed security service provider (MSSP) for other Delta Dental IT teams.
“I identify and report vulnerabilities so that other teams can save time and go straight to implementing solutions,” Roger says.
THE CHALLENGE
Spending hours each week manually researching and tracking vulnerabilities
The vulnerability team’s threat assessment process used to look like this:
- Every day, Roger would manually visit multiple threat intel websites.
- He’d also work through dozens of more generic sources like news websites, Google, and LinkedIn to track and monitor vulnerabilities that could have serious consequences for his company.
- Every day he looked at urgent and emerging threats, and once a week he compiled a report with information for relevant stakeholders.
The information-gathering process took hours each day. “I was spending at least eight to twelve hours a week researching vulnerabilities that could affect our enterprise. It was quite intensive.”
The vulnerability management team used many different tools for vulnerability management, but they didn’t have an easy solution for risk advisory, which left them spending hours manually gathering threat intelligence. “We needed to make stakeholders aware of the multitude of risks that exist out there. There are millions of risks. And we had no way to demonstrate that to stakeholders without doing intense manual labor on a daily and weekly basis.”
Staying on top of a large enterprise tech stack
THE SOLUTION
Feedly: A risk advisory tool to fill gaps in the vulnerability management process
One of the biggest vulnerabilities that an enterprise like Delta Dental faces is outdated or unsupported application software. Large companies use hundreds of different tools to run smoothly, and in worst-case scenarios, a small bug can take down a whole system.
“With a tech stack this size, there will be bugs every day. And if we don’t implement the patch or the update, obviously hackers can take advantage of that,” Roger says.
“I was spending at least eight to twelve hours a week researching vulnerabilities that could affect our enterprise. It was quite intensive.”
Now, Roger uses Feedly AI to gather, analyze, and prioritize intelligence from millions of sources in near real-time, so that the vulnerability management team can see it all at once, in one place. Instead of spending hours manually gathering data, Roger can easily find the most up-to-date information on software releases and patches, zero-days, exploit databases, and more.
Monitoring vulnerabilities for products & vendors in their supply chain
Roger takes three main steps to prioritize critical vulnerabilities affecting products and vendors used by Delta Dental:
- He sets up Feedly AI Feeds to track critical vulnerabilities related to specific products and vendors.
- He checks Feedly daily to find and research high-priority CVEs that could impact Delta Dental.
- He then brings those CVEs into Kenna to help prioritize their remediate and communication strategy with Delta Dental’s stakeholders.
He uses this intelligence to build his weekly report and create recommendations for fixes and patches for the infrastructure and applications teams.
“With Feedly, I can look at a lot of different sources in a single place: threat intel websites, news wires, social media, things like that, so I have all of the latest information on current threats and technology updates. And I leverage that to populate my reports.”
Spotting critical issues faster
In addition to using Feedly as a risk advisory tool for weekly non-emergency vulnerability reports, Roger uses Feedly daily to spot critical issues and flag them right away. In minutes, he can get a complete picture of an emerging threat from multiple sources, instead of relying on any single report from one company. “When I research an emergent threat, I immediately have the latest and greatest data, because I can look directly at all of the different sources that come into Feedly,” Roger says.
Having all of this threat intel in one place gives the team better data to work with and more insights into the vulnerability. It makes the research much faster, and even gives them an edge over other cyber security analysts.
“I like to see what the hackers are seeing,” Roger explains. “And I like to see what different organizations are saying about this vulnerability, not just the instructions to fix it. I want to understand what the actual impact would be, if we were compromised.”
“When I research an emergent threat, I immediately have the latest and greatest data, because I can look directly at all of the different sources that come into Feedly”
THE RESULTS
More relevant threat intelligence in half the time
Instead of spending eight to twelve hours putting the risk advisory report together each week, Roger now only needs four or five. By using Feedly for Threat Intelligence, he’s cut the amount of time he spends gathering intelligence about emerging vulnerabilities in half. But perhaps even more importantly, the team can now gather better intelligence with much less effort.
When a new critical threat emerges, Roger can leverage Feedly to get a complete picture of the threat and its possible repercussions for Delta Dental in as little as fifteen minutes. Without Feedly, gathering that much intelligence could take days.
Feedly should be a first step for anybody working in vulnerability management.
This served the team well when several critical threats first emerged, including the Windows Printer Spooler vulnerability and POLINA ransomware. “Instead of just going to Microsoft or visiting a single resource, I was able to use Feedly to research it and gather the latest and greatest data from lots of different sources,” Roger says. “By leveraging Feedly, we were able to get a really complete picture from all of these different perspectives.”
Today, when it comes to investigating vulnerabilities, Roger’s first step is always to check Feedly. It’s become an indispensable tool in his cybersecurity arsenal.
“My process is always Feedly first, and then I go to our intel tool second,” Roger says. “Feedly should be a first step for anybody working in vulnerability management.”
Fill the gaps in your risk advisory process
Feedly for Threat Intelligence can help you gather intelligence and monitor emerging threats in near real-time.
[ad_2]