Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Building Effective Threat Intelligence Sharing
Search
Scott J. Roberts
July 23, 2017
Technology
150
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Building Effective Threat Intelligence Sharing
A SANS Webex I did... awhile ago?
Scott J. Roberts
July 23, 2017
More Decks by Scott J. Roberts
See All by Scott J. Roberts
LLM SATs FTW
sroberts
0
1.5k
STRAT - A System-Centric Approach to Cyber Resilience
sroberts
0
89
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
170
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
200
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
130
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
120
Homemade Ramen & Threat Intelligence
sroberts
2
630
Introduction to Open Source Security Tools
sroberts
3
5.1k
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
160
Other Decks in Technology
See All in Technology
ご挨拶「10周年を迎える共創ラボのこれまでとこれから」
iotcomjpadmin
0
160
週末にループ・エンジニアリングの理解を深めるためのスライド
nagatsu
0
700
LiDAR SLAMの実装とセンサ融合 ~Lie群からContinuous-Time LIOまで~
naokiakai
1
460
水を運ぶ人としてのリーダーシップ
izumii19
4
1.1k
【FinOps】データドリブンな意思決定を目指して
z63d
3
540
AI-DLCを “そのまま導入しなかった”話 ~組織に合わせてアジャストした 私たちの実践共有~
hiroramos4
PRO
1
470
AI時代における最適なQA組織の作り方
ymty
3
260
打造你的 AI 工作流:Agent Skill + MCP 實戰工作坊
appleboy
0
250
BPaaSで進むAIオペレーションの現在地 AI実装が効く領域とスケーラビリティの選定と実装
kentarofujii
0
230
AIに障害切り分けを全部やってもらった。 。 。 。
estie
0
290
AIは、人間らしい仕事の夢を見るか?─ AI時代のtoB/toEプロダクトを再設計する
techtekt
PRO
0
190
CVE-2026-20833_脆弱性対応とAES 化について
jukishiya
0
290
Featured
See All Featured
Tips & Tricks on How to Get Your First Job In Tech
honzajavorek
1
550
What the history of the web can teach us about the future of AI
inesmontani
PRO
1
620
The SEO Collaboration Effect
kristinabergwall1
1
490
The #1 spot is gone: here's how to win anyway
tamaranovitovic
3
1.1k
Agile Leadership in an Agile Organization
kimpetersen
PRO
0
170
Sam Torres - BigQuery for SEOs
techseoconnect
PRO
0
290
Reflections from 52 weeks, 52 projects
jeffersonlam
356
21k
Bridging the Design Gap: How Collaborative Modelling removes blockers to flow between stakeholders and teams @FastFlow conf
baasie
0
590
Navigating the Design Leadership Dip - Product Design Week Design Leaders+ Conference 2024
apolaine
1
360
Building Adaptive Systems
keathley
44
3.1k
Hiding What from Whom? A Critical Review of the History of Programming languages for Music
tomoyanonymous
2
870
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
25
2k
Transcript
Building Effective CTI Sharing
Scott J Roberts
Comments? Use #ctisharing and/or @sroberts
Table Stakes
Talk to Legal
TLP https://www.us-cert.gov/tlp
• WWWWH&W • Example: My Story • What To Do
Next?
Why?
Your Security Will Improve
You Will Improve Others Security
Share More Get More
A rising tide raises all boats
When?
Ingestion vs. Production
When You’re Ready to Act
When You’re Ready to Reciprocate
When You Can Be Confident
Who?
Formal Groups
Open Source Groups
Informal Groups
BONUS: Orgs With Similar Technology...
BONUS: Competitors
What?
Indicators of Compromise
Tactics, Techniques, & Procedures
Reports
Techniques, Methods, & Capabilities
(Legally Required) Pyramid of Pain https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
Sharing Hierarchy of Value* * The Author acknowledges this is
a rip off
How?
Don’t Ask to Join
Be Trusting
Be Trustworthy
Be Action Oriented
BONUS: The Best Groups Have A Written Set of Expectations
& Procedures
Where?
Mailing Lists
Chat
Semi Structured
Threat Intelligence Platform
Hybrid
Example: My Story
This is Kyle @kylemaxwell
Kyle & I started a Slack
We Invited Folks We Knew Shared Tools & Techniques We
Invited More Folks
Kyle Invited Mark @markpars0ns
Mark Invited Me to Another Slack
Met New Folks Shared Intelligence Collaborated On Investigations Demonstrated Value
to My Boss
So I Invited My Coworker John @swannysec
What To Do Next?
What To Do Next • • • • • •
Go Make Friends & Share Intelligence
Join Me @ SANS Rocky Mountain 2017 for FOR578