Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building Effective Threat Intelligence Sharing

Avatar for Scott J. Roberts Scott J. Roberts
July 23, 2017
Technology
1
120

Building Effective Threat Intelligence Sharing

A SANS Webex I did... awhile ago?

Avatar for Scott J. Roberts

Scott J. Roberts

July 23, 2017
Tweet

More Decks by Scott J. Roberts

See All by Scott J. Roberts
LLM SATs FTW
Avatar for Scott J. Roberts sroberts
0
580
STRAT - A System-Centric Approach to Cyber Resilience
Avatar for Scott J. Roberts sroberts
0
27
Tortured Responders Dept - Scott & Rebekah's Edition
Avatar for Scott J. Roberts sroberts
0
120
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
Avatar for Scott J. Roberts sroberts
0
120
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
Avatar for Scott J. Roberts sroberts
0
76
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
Avatar for Scott J. Roberts sroberts
0
55
Homemade Ramen & Threat Intelligence
Avatar for Scott J. Roberts sroberts
2
560
Introduction to Open Source Security Tools
Avatar for Scott J. Roberts sroberts
3
4.9k
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
Avatar for Scott J. Roberts sroberts
0
120

Other Decks in Technology

See All in Technology
結局QUICで通信は速くなるの?
Avatar for kota-yata kota_yata
9
7.5k
人を動かすことについて考える
Avatar for nakamichi ichimichi
2
300
20250818_KGX・One Hokkaidoコラボイベント
Avatar for tohge05 tohgeyukihiro
0
130
Yahoo!ニュースにおけるソフトウェア開発
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
0
210
Rethinking Incident Response: Context-Aware AI in Practice - Incident Buddy Edition -
Avatar for rrreeeyyy rrreeeyyy
0
130
S3のライフサイクル設計でハマったポイント
Avatar for Kumada mkumada
0
100
Goでマークダウンの独自記法を実装する
Avatar for lag129 lag129
0
200
サイボウズフロントエンドの横断活動から考える AI時代にできること
Avatar for mugi / Hajime Mugishima mugi_uno
4
1.4k
AIドリブンのソフトウェア開発 - うまいやり方とまずいやり方
Avatar for Riotaro OKADA okdt
PRO
9
510
認知戦の理解と、市民としての対抗策
Avatar for hogehuga hogehuga
0
250
[kickflow]20250319_少人数チームでのAutify活用
Avatar for shin otouhujej
0
200
R-SCoRe: Revisiting Scene Coordinate Regression for Robust Large-Scale Visual Localization
Avatar for Takuya MINAGAWA takmin
0
390

Featured

See All Featured
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
Avatar for soudai sone soudai
PRO
183
54k
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
33
8.8k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
131
19k
Helping Users Find Their Own Way: Creating Modern Search Experiences
Avatar for Dan Newman danielanewman
29
2.8k
Why Our Code Smells
Avatar for Brandon Keepers bkeepers
PRO
338
57k
Stop Working from a Prison Cell
Avatar for Chris Michel hatefulcrawdad
271
21k
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
234
17k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
Avatar for panda_program panda_program
110
20k
[RailsConf 2023] Rails as a piece of cake
Avatar for Vladimir Dementyev palkan
56
5.8k
Producing Creativity
Avatar for Steve Smith orderedlist
PRO
347
40k
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
48
50k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
Avatar for Michelle Schulp Hunt marktimemedia
31
2.5k

Transcript

  1. Building Effective CTI Sharing

  2. Scott J Roberts

  3. Comments? Use #ctisharing and/or @sroberts

  4. Table Stakes

  5. Talk to Legal

  6. TLP https://www.us-cert.gov/tlp

  7. • WWWWH&W • Example: My Story • What To Do

    Next?

  8. Why?

  9. Your Security Will Improve

  10. You Will Improve Others Security

  11. Share More Get More

  12. A rising tide raises all boats

  13. When?

  14. Ingestion vs. Production

  15. When You’re Ready to Act

  16. When You’re Ready to Reciprocate

  17. When You Can Be Confident

  18. Who?

  19. Formal Groups

  20. Open Source Groups

  21. Informal Groups

  22. BONUS: Orgs With Similar Technology...

  23. BONUS: Competitors

  24. What?

  25. Indicators of Compromise

  26. Tactics, Techniques, & Procedures

  27. Reports

  28. Techniques, Methods, & Capabilities

  29. (Legally Required) Pyramid of Pain https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html

  30. Sharing Hierarchy of Value* * The Author acknowledges this is

    a rip off

  31. How?

  32. Don’t Ask to Join

  33. Be Trusting

  34. Be Trustworthy

  35. Be Action Oriented

  36. BONUS: The Best Groups Have A Written Set of Expectations

    & Procedures

  37. Where?

  38. Mailing Lists

  39. Chat

  40. Semi Structured

  41. Threat Intelligence Platform

  42. Hybrid

  43. Example: My Story

  44. This is Kyle @kylemaxwell

  45. Kyle & I started a Slack

  46. We Invited Folks We Knew Shared Tools & Techniques We

    Invited More Folks

  47. Kyle Invited Mark @markpars0ns

  48. Mark Invited Me to Another Slack

  49. Met New Folks Shared Intelligence Collaborated On Investigations Demonstrated Value

    to My Boss

  50. So I Invited My Coworker John @swannysec

  51. What To Do Next?

  52. What To Do Next • • • • • •

  53. Go Make Friends & Share Intelligence

  54. Join Me @ SANS Rocky Mountain 2017 for FOR578