Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Building Effective Threat Intelligence Sharing
Search
Scott J. Roberts
July 23, 2017
Technology
1
120
Building Effective Threat Intelligence Sharing
A SANS Webex I did... awhile ago?
Scott J. Roberts
July 23, 2017
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
99
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
77
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
46
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
26
Homemade Ramen & Threat Intelligence
sroberts
2
510
Introduction to Open Source Security Tools
sroberts
3
4.8k
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
110
Crisis Communication for Incident Response
sroberts
1
340
Hipster DFIR on OSX - BSidesCincy
sroberts
3
3.2k
Other Decks in Technology
See All in Technology
Kubernetesでメールの大量配信をしている話/k8sjp-20250205
hfukamachi
0
210
ソフトウェアアーキテクトのための意思決定術: Software Architecture and Decision-Making
snoozer05
PRO
18
4.3k
日経電子版 x AIエージェントの可能性とAgentic RAGによって提案書生成を行う技術
masahiro_nishimi
1
170
Enhancing SRE Using AI
yoshiiryo1
1
430
アーキテクチャわからん、の話
shirayanagiryuji
0
230
クラウドネイティブ時代を乗り越えるためのオブザーバビリティ(可観測性)ことはじめ_CloudNative-Observability
tkhresk
0
110
生成AIの利活用を加速させるための取り組み「prAIrie-dog」/ Shibuya_AI_1
visional_engineering_and_design
1
110
君はPostScriptなウィンドウシステム 「NeWS」をご存知か?/sunnews
koyhoge
0
600
High Performance PHP
cmuench
0
120
まだ間に合う! エンジニアのための生成AIアプリ開発入門 on AWS
minorun365
PRO
4
450
Creative Pair
kawaguti
PRO
1
150
Ask! NIKKEI RAG検索技術の深層
hotchpotch
11
2.2k
Featured
See All Featured
Docker and Python
trallard
43
3.2k
Optimising Largest Contentful Paint
csswizardry
33
3.1k
Speed Design
sergeychernyshev
25
760
Side Projects
sachag
452
42k
How to train your dragon (web standard)
notwaldorf
90
5.8k
The World Runs on Bad Software
bkeepers
PRO
67
11k
The Pragmatic Product Professional
lauravandoore
32
6.4k
The Invisible Side of Design
smashingmag
299
50k
Building Adaptive Systems
keathley
39
2.4k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.3k
Into the Great Unknown - MozCon
thekraken
34
1.6k
Transcript
Building Effective CTI Sharing
Scott J Roberts
Comments? Use #ctisharing and/or @sroberts
Table Stakes
Talk to Legal
TLP https://www.us-cert.gov/tlp
• WWWWH&W • Example: My Story • What To Do
Next?
Why?
Your Security Will Improve
You Will Improve Others Security
Share More Get More
A rising tide raises all boats
When?
Ingestion vs. Production
When You’re Ready to Act
When You’re Ready to Reciprocate
When You Can Be Confident
Who?
Formal Groups
Open Source Groups
Informal Groups
BONUS: Orgs With Similar Technology...
BONUS: Competitors
What?
Indicators of Compromise
Tactics, Techniques, & Procedures
Reports
Techniques, Methods, & Capabilities
(Legally Required) Pyramid of Pain https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
Sharing Hierarchy of Value* * The Author acknowledges this is
a rip off
How?
Don’t Ask to Join
Be Trusting
Be Trustworthy
Be Action Oriented
BONUS: The Best Groups Have A Written Set of Expectations
& Procedures
Where?
Mailing Lists
Chat
Semi Structured
Threat Intelligence Platform
Hybrid
Example: My Story
This is Kyle @kylemaxwell
Kyle & I started a Slack
We Invited Folks We Knew Shared Tools & Techniques We
Invited More Folks
Kyle Invited Mark @markpars0ns
Mark Invited Me to Another Slack
Met New Folks Shared Intelligence Collaborated On Investigations Demonstrated Value
to My Boss
So I Invited My Coworker John @swannysec
What To Do Next?
What To Do Next • • • • • •
Go Make Friends & Share Intelligence
Join Me @ SANS Rocky Mountain 2017 for FOR578