Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Building Effective Threat Intelligence Sharing
Search
Scott J. Roberts
July 23, 2017
Technology
1
95
Building Effective Threat Intelligence Sharing
A SANS Webex I did... awhile ago?
Scott J. Roberts
July 23, 2017
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
Homemade Ramen & Threat Intelligence
sroberts
2
420
Introduction to Open Source Security Tools
sroberts
3
4.7k
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
92
Crisis Communication for Incident Response
sroberts
1
280
Hipster DFIR on OSX - BSidesCincy
sroberts
3
3.1k
Community Intelligence & Open Source Tools
sroberts
5
1.1k
Responding @ Scale: osquery for Mass Incident Response and Detection
sroberts
1
12k
Hipster DFIR on OSX
sroberts
2
950
Crisis Communication for Incident Response
sroberts
2
7.6k
Other Decks in Technology
See All in Technology
Datadog による 自己完結的アプリケーションモニタリング
recruitengineers
PRO
3
130
新卒1年目がプロジェクトを進めるときにコケたポイント
ryunakayama
1
110
Feature Flag Deep Dive
biwashi
20
5.1k
ECS on FargateへのSeekable OCI導入レポート
iwamot
0
260
SwiftUIのpropertyWrapperをふんわり理解する
jambo_develop_team
0
110
技育祭2024春 LT Finatextホールディングス
kevinrobot34
1
120
スケジュール指定のFargate Spotと友達になれた話
news_it_enj
0
240
SmartHR プロダクトエンジニア求人ガイド 2024上期
smarthr
0
140
Command-line interface tool design / PHPerKaigi 2024
k1low
4
1k
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
1.8k
fujiwara-ware OSSをひたすら紹介する/ya8-2024
fujiwara3
7
380
君はApplication Composerというサービスを知っているか
tsukuboshi
1
520
Featured
See All Featured
Building Effective Engineering Teams - LeadDev
addyosmani
25
1.6k
Design by the Numbers
sachag
274
18k
How to name files
jennybc
62
91k
Pencils Down: Stop Designing & Start Developing
hursman
115
11k
Adopting Sorbet at Scale
ufuk
66
8.5k
Being A Developer After 40
akosma
56
580k
What's new in Ruby 2.0
geeforr
335
31k
Principles of Awesome APIs and How to Build Them.
keavy
119
16k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
242
20k
Building Adaptive Systems
keathley
29
1.8k
Web Components: a chance to create the future
zenorocha
304
41k
Producing Creativity
orderedlist
PRO
335
39k
Transcript
Building Effective CTI Sharing
Scott J Roberts
Comments? Use #ctisharing and/or @sroberts
Table Stakes
Talk to Legal
TLP https://www.us-cert.gov/tlp
• WWWWH&W • Example: My Story • What To Do
Next?
Why?
Your Security Will Improve
You Will Improve Others Security
Share More Get More
A rising tide raises all boats
When?
Ingestion vs. Production
When You’re Ready to Act
When You’re Ready to Reciprocate
When You Can Be Confident
Who?
Formal Groups
Open Source Groups
Informal Groups
BONUS: Orgs With Similar Technology...
BONUS: Competitors
What?
Indicators of Compromise
Tactics, Techniques, & Procedures
Reports
Techniques, Methods, & Capabilities
(Legally Required) Pyramid of Pain https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
Sharing Hierarchy of Value* * The Author acknowledges this is
a rip off
How?
Don’t Ask to Join
Be Trusting
Be Trustworthy
Be Action Oriented
BONUS: The Best Groups Have A Written Set of Expectations
& Procedures
Where?
Mailing Lists
Chat
Semi Structured
Threat Intelligence Platform
Hybrid
Example: My Story
This is Kyle @kylemaxwell
Kyle & I started a Slack
We Invited Folks We Knew Shared Tools & Techniques We
Invited More Folks
Kyle Invited Mark @markpars0ns
Mark Invited Me to Another Slack
Met New Folks Shared Intelligence Collaborated On Investigations Demonstrated Value
to My Boss
So I Invited My Coworker John @swannysec
What To Do Next?
What To Do Next • • • • • •
Go Make Friends & Share Intelligence
Join Me @ SANS Rocky Mountain 2017 for FOR578