Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Building Effective Threat Intelligence Sharing
Search
Scott J. Roberts
July 23, 2017
Technology
150
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Building Effective Threat Intelligence Sharing
A SANS Webex I did... awhile ago?
Scott J. Roberts
July 23, 2017
More Decks by Scott J. Roberts
See All by Scott J. Roberts
LLM SATs FTW
sroberts
0
1.5k
STRAT - A System-Centric Approach to Cyber Resilience
sroberts
0
89
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
170
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
200
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
130
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
120
Homemade Ramen & Threat Intelligence
sroberts
2
630
Introduction to Open Source Security Tools
sroberts
3
5.1k
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
160
Other Decks in Technology
See All in Technology
「ビジネスがわかるエンジニア」とは何か?
ryooob
0
420
FinOps X 2026 Recap from Engineer Side #JapanFinOps
chacco38
0
180
本当の”仕事”を手放せる未来が見えた
mu7889yoon
0
200
サイバーエージェントにおけるAI推進戦略と変革への取り組み
shotatsuge
0
630
背中から、背中へ /paying forward to community
naitosatoshi
0
190
AWS Summit の片隅で、体育座りしながらコミュニティがにぎわう理由を考えた
k_adachi_01
2
310
AWS Security Hub CSPMの成功・失敗体験
cmusudakeisuke
0
610
Why is RC4 still being used?
tamaiyutaro
0
250
Fabricをフル活用する AI Agent Hub -製造業特化AIエージェントの設計
iotcomjpadmin
0
170
Multi-Agent並列開発を 安全に回すための技術 / Technology for Safely Multi-Agent Parallel Development
tooppoo
0
230
“詰む”前に仕組みを作れ 〜技術の波に溺れないためのキャッチアップ術〜
takasyou
7
4.6k
Text-to-SQLをAgentCoreで実現し、生成されるSQLの精度を定量的に評価する
yakumo
2
210
Featured
See All Featured
Designing Experiences People Love
moore
143
24k
Large-scale JavaScript Application Architecture
addyosmani
515
110k
4 Signs Your Business is Dying
shpigford
187
22k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
38
2.9k
Fashionably flexible responsive web design (full day workshop)
malarkey
408
66k
30 Presentation Tips
portentint
PRO
1
330
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
inesmontani
PRO
3
3.5k
How to make the Groovebox
asonas
2
2.2k
Why You Should Never Use an ORM
jnunemaker
PRO
61
9.9k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
133
19k
How STYLIGHT went responsive
nonsquared
100
6.2k
Docker and Python
trallard
47
3.9k
Transcript
Building Effective CTI Sharing
Scott J Roberts
Comments? Use #ctisharing and/or @sroberts
Table Stakes
Talk to Legal
TLP https://www.us-cert.gov/tlp
• WWWWH&W • Example: My Story • What To Do
Next?
Why?
Your Security Will Improve
You Will Improve Others Security
Share More Get More
A rising tide raises all boats
When?
Ingestion vs. Production
When You’re Ready to Act
When You’re Ready to Reciprocate
When You Can Be Confident
Who?
Formal Groups
Open Source Groups
Informal Groups
BONUS: Orgs With Similar Technology...
BONUS: Competitors
What?
Indicators of Compromise
Tactics, Techniques, & Procedures
Reports
Techniques, Methods, & Capabilities
(Legally Required) Pyramid of Pain https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
Sharing Hierarchy of Value* * The Author acknowledges this is
a rip off
How?
Don’t Ask to Join
Be Trusting
Be Trustworthy
Be Action Oriented
BONUS: The Best Groups Have A Written Set of Expectations
& Procedures
Where?
Mailing Lists
Chat
Semi Structured
Threat Intelligence Platform
Hybrid
Example: My Story
This is Kyle @kylemaxwell
Kyle & I started a Slack
We Invited Folks We Knew Shared Tools & Techniques We
Invited More Folks
Kyle Invited Mark @markpars0ns
Mark Invited Me to Another Slack
Met New Folks Shared Intelligence Collaborated On Investigations Demonstrated Value
to My Boss
So I Invited My Coworker John @swannysec
What To Do Next?
What To Do Next • • • • • •
Go Make Friends & Share Intelligence
Join Me @ SANS Rocky Mountain 2017 for FOR578