Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Building Effective Threat Intelligence Sharing
Search
Scott J. Roberts
July 23, 2017
Technology
1
120
Building Effective Threat Intelligence Sharing
A SANS Webex I did... awhile ago?
Scott J. Roberts
July 23, 2017
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
LLM SATs FTW
sroberts
0
3
STRAT - A System-Centric Approach to Cyber Resilience
sroberts
0
8
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
110
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
90
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
60
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
37
Homemade Ramen & Threat Intelligence
sroberts
2
520
Introduction to Open Source Security Tools
sroberts
3
4.9k
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
120
Other Decks in Technology
See All in Technology
genspark_presentation.pdf
haruki_uiru
1
250
AI-in-the-Enterprise|OpenAIが公開した「AI導入7つの教訓」——ChatGPTで変わる企業の未来とは?
customercloud
PRO
0
160
SaaS公式MCPサーバーをリリースして得た学び
kawamataryo
4
1k
LLMの開発と社会実装の今と未来 / AI Builders' Community (ABC) vol.2
pfn
PRO
1
130
10分で学ぶ、RAGの仕組みと実践
supermarimobros
0
920
コードや知識を組み込む / Incorporating Codes and Knowledge
ks91
PRO
0
170
伝わるコードレビュー
abenben
1
110
試作とデモンストレーション / Prototyping and Demonstrations
ks91
PRO
0
110
Google Cloud Next 2025 Recap アプリケーション開発を加速する機能アップデート / Application development-related features of Google Cloud
ryokotmng
0
160
Why Platform Engineering? - マルチプロダクト・少人数 SRE の壁を越える挑戦 -
nulabinc
PRO
4
410
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
7
63k
Terraform にコントリビュートしていたら Azure のコストをやらかした話 / How I Messed Up Azure Costs While Contributing to Terraform
nnstt1
1
480
Featured
See All Featured
Unsuck your backbone
ammeep
671
58k
Building Adaptive Systems
keathley
41
2.5k
Scaling GitHub
holman
459
140k
Agile that works and the tools we love
rasmusluckow
329
21k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.7k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.4k
Code Reviewing Like a Champion
maltzj
523
40k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
24
2.7k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
The Language of Interfaces
destraynor
158
25k
4 Signs Your Business is Dying
shpigford
183
22k
Transcript
Building Effective CTI Sharing
Scott J Roberts
Comments? Use #ctisharing and/or @sroberts
Table Stakes
Talk to Legal
TLP https://www.us-cert.gov/tlp
• WWWWH&W • Example: My Story • What To Do
Next?
Why?
Your Security Will Improve
You Will Improve Others Security
Share More Get More
A rising tide raises all boats
When?
Ingestion vs. Production
When You’re Ready to Act
When You’re Ready to Reciprocate
When You Can Be Confident
Who?
Formal Groups
Open Source Groups
Informal Groups
BONUS: Orgs With Similar Technology...
BONUS: Competitors
What?
Indicators of Compromise
Tactics, Techniques, & Procedures
Reports
Techniques, Methods, & Capabilities
(Legally Required) Pyramid of Pain https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
Sharing Hierarchy of Value* * The Author acknowledges this is
a rip off
How?
Don’t Ask to Join
Be Trusting
Be Trustworthy
Be Action Oriented
BONUS: The Best Groups Have A Written Set of Expectations
& Procedures
Where?
Mailing Lists
Chat
Semi Structured
Threat Intelligence Platform
Hybrid
Example: My Story
This is Kyle @kylemaxwell
Kyle & I started a Slack
We Invited Folks We Knew Shared Tools & Techniques We
Invited More Folks
Kyle Invited Mark @markpars0ns
Mark Invited Me to Another Slack
Met New Folks Shared Intelligence Collaborated On Investigations Demonstrated Value
to My Boss
So I Invited My Coworker John @swannysec
What To Do Next?
What To Do Next • • • • • •
Go Make Friends & Share Intelligence
Join Me @ SANS Rocky Mountain 2017 for FOR578