Tweet
Tweet

Slide 1

Slide 1 text

Building Effective CTI Sharing

Slide 2

Slide 2 text

Scott J Roberts

Slide 3

Slide 3 text

Comments? Use #ctisharing and/or @sroberts

Slide 4

Slide 4 text

Table Stakes

Slide 5

Slide 5 text

Talk to Legal

Slide 6

Slide 6 text

TLP https://www.us-cert.gov/tlp

Slide 7

Slide 7 text

● WWWWH&W ● Example: My Story ● What To Do Next?

Slide 8

Slide 8 text

Why?

Slide 9

Slide 9 text

Your Security Will Improve

Slide 10

Slide 10 text

You Will Improve Others Security

Slide 11

Slide 11 text

Share More Get More

Slide 12

Slide 12 text

A rising tide raises all boats

Slide 13

Slide 13 text

When?

Slide 14

Slide 14 text

Ingestion vs. Production

Slide 15

Slide 15 text

When You’re Ready to Act

Slide 16

Slide 16 text

When You’re Ready to Reciprocate

Slide 17

Slide 17 text

When You Can Be Confident

Slide 18

Slide 18 text

Who?

Slide 19

Slide 19 text

Formal Groups

Slide 20

Slide 20 text

Open Source Groups

Slide 21

Slide 21 text

Informal Groups

Slide 22

Slide 22 text

BONUS: Orgs With Similar Technology...

Slide 23

Slide 23 text

BONUS: Competitors

Slide 24

Slide 24 text

What?

Slide 25

Slide 25 text

Indicators of Compromise

Slide 26

Slide 26 text

Tactics, Techniques, & Procedures

Slide 27

Slide 27 text

Reports

Slide 28

Slide 28 text

Techniques, Methods, & Capabilities

Slide 29

Slide 29 text

(Legally Required) Pyramid of Pain https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html

Slide 30

Slide 30 text

Sharing Hierarchy of Value* * The Author acknowledges this is a rip off

Slide 31

Slide 31 text

How?

Slide 32

Slide 32 text

Don’t Ask to Join

Slide 33

Slide 33 text

Be Trusting

Slide 34

Slide 34 text

Be Trustworthy

Slide 35

Slide 35 text

Be Action Oriented

Slide 36

Slide 36 text

BONUS: The Best Groups Have A Written Set of Expectations & Procedures

Slide 37

Slide 37 text

Where?

Slide 38

Slide 38 text

Mailing Lists

Slide 39

Slide 39 text

Chat

Slide 40

Slide 40 text

Semi Structured

Slide 41

Slide 41 text

Threat Intelligence Platform

Slide 42

Slide 42 text

Hybrid

Slide 43

Slide 43 text

Example: My Story

Slide 44

Slide 44 text

This is Kyle @kylemaxwell

Slide 45

Slide 45 text

Kyle & I started a Slack

Slide 46

Slide 46 text

We Invited Folks We Knew Shared Tools & Techniques We Invited More Folks

Slide 47

Slide 47 text

Kyle Invited Mark @markpars0ns

Slide 48

Slide 48 text

Mark Invited Me to Another Slack

Slide 49

Slide 49 text

Met New Folks Shared Intelligence Collaborated On Investigations Demonstrated Value to My Boss

Slide 50

Slide 50 text

So I Invited My Coworker John @swannysec

Slide 51

Slide 51 text

What To Do Next?

Slide 52

Slide 52 text

What To Do Next ● ● ● ● ● ●

Slide 53

Slide 53 text

Go Make Friends & Share Intelligence

Slide 54

Slide 54 text

Join Me @ SANS Rocky Mountain 2017 for FOR578