Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building Effective Threat Intelligence Sharing

Scott J. Roberts
July 23, 2017
Technology
1
110

Building Effective Threat Intelligence Sharing

A SANS Webex I did... awhile ago?

Scott J. Roberts

July 23, 2017
Tweet

More Decks by Scott J. Roberts

See All by Scott J. Roberts
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
94
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
67
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
31
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
23
Homemade Ramen & Threat Intelligence
sroberts
2
490
Introduction to Open Source Security Tools
sroberts
3
4.8k
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
110
Crisis Communication for Incident Response
sroberts
1
320
Hipster DFIR on OSX - BSidesCincy
sroberts
3
3.2k

Other Decks in Technology

See All in Technology
Evangelismo técnico: ¿qué, cómo y por qué?
trishagee
0
360
フルカイテン株式会社 採用資料
fullkaiten
0
40k
サイバーセキュリティと認知バイアス:対策の隙を埋める心理学的アプローチ
shumei_ito
0
380
テストコード品質を高めるためにMutation Testingライブラリ・Strykerを実戦導入してみた話
ysknsid25
7
2.6k
100 名超が参加した日経グループ横断の競技型 AWS 学習イベント「Nikkei Group AWS GameDay」の紹介/mediajaws202411
nikkei_engineer_recruiting
1
170
VideoMamba: State Space Model for Efficient Video Understanding
chou500
0
190
Lambdaと地方とコミュニティ
miu_crescent
2
370
Incident Response Practices: Waroom's Features and Future Challenges
rrreeeyyy
0
160
Shopifyアプリ開発における Shopifyの機能活用
sonatard
4
250
10XにおけるData Contractの導入について: Data Contract事例共有会
10xinc
5
610
【令和最新版】AWS Direct Connectと愉快なGWたちのおさらい
minorun365
PRO
5
750
Python(PYNQ)がテーマのAMD主催のFPGAコンテストに参加してきた
iotengineer22
0
470

Featured

See All Featured
How to train your dragon (web standard)
notwaldorf
88
5.7k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
44
2.2k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Agile that works and the tools we love
rasmusluckow
327
21k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Being A Developer After 40
akosma
86
590k
[RailsConf 2023] Rails as a piece of cake
palkan
52
4.9k
Fashionably flexible responsive web design (full day workshop)
malarkey
405
65k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.3k
Practical Orchestrator
shlominoach
186
10k
Happy Clients
brianwarren
98
6.7k
Build your cross-platform service in a week with App Engine
jlugia
229
18k

Transcript

  1. Building Effective CTI Sharing

  2. Scott J Roberts

  3. Comments? Use #ctisharing and/or @sroberts

  4. Table Stakes

  5. Talk to Legal

  6. TLP https://www.us-cert.gov/tlp

  7. • WWWWH&W • Example: My Story • What To Do

    Next?

  8. Why?

  9. Your Security Will Improve

  10. You Will Improve Others Security

  11. Share More Get More

  12. A rising tide raises all boats

  13. When?

  14. Ingestion vs. Production

  15. When You’re Ready to Act

  16. When You’re Ready to Reciprocate

  17. When You Can Be Confident

  18. Who?

  19. Formal Groups

  20. Open Source Groups

  21. Informal Groups

  22. BONUS: Orgs With Similar Technology...

  23. BONUS: Competitors

  24. What?

  25. Indicators of Compromise

  26. Tactics, Techniques, & Procedures

  27. Reports

  28. Techniques, Methods, & Capabilities

  29. (Legally Required) Pyramid of Pain https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html

  30. Sharing Hierarchy of Value* * The Author acknowledges this is

    a rip off

  31. How?

  32. Don’t Ask to Join

  33. Be Trusting

  34. Be Trustworthy

  35. Be Action Oriented

  36. BONUS: The Best Groups Have A Written Set of Expectations

    & Procedures

  37. Where?

  38. Mailing Lists

  39. Chat

  40. Semi Structured

  41. Threat Intelligence Platform

  42. Hybrid

  43. Example: My Story

  44. This is Kyle @kylemaxwell

  45. Kyle & I started a Slack

  46. We Invited Folks We Knew Shared Tools & Techniques We

    Invited More Folks

  47. Kyle Invited Mark @markpars0ns

  48. Mark Invited Me to Another Slack

  49. Met New Folks Shared Intelligence Collaborated On Investigations Demonstrated Value

    to My Boss

  50. So I Invited My Coworker John @swannysec

  51. What To Do Next?

  52. What To Do Next • • • • • •

  53. Go Make Friends & Share Intelligence

  54. Join Me @ SANS Rocky Mountain 2017 for FOR578