Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building Effective Threat Intelligence Sharing

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for Scott J. Roberts Scott J. Roberts
July 23, 2017
Technology
1
130

Building Effective Threat Intelligence Sharing

A SANS Webex I did... awhile ago?

Avatar for Scott J. Roberts

Scott J. Roberts

July 23, 2017
Tweet

More Decks by Scott J. Roberts

See All by Scott J. Roberts
LLM SATs FTW
Avatar for Scott J. Roberts sroberts
0
970
STRAT - A System-Centric Approach to Cyber Resilience
Avatar for Scott J. Roberts sroberts
0
56
Tortured Responders Dept - Scott & Rebekah's Edition
Avatar for Scott J. Roberts sroberts
0
140
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
Avatar for Scott J. Roberts sroberts
0
160
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
Avatar for Scott J. Roberts sroberts
0
98
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
Avatar for Scott J. Roberts sroberts
0
94
Homemade Ramen & Threat Intelligence
Avatar for Scott J. Roberts sroberts
2
580
Introduction to Open Source Security Tools
Avatar for Scott J. Roberts sroberts
3
5k
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
Avatar for Scott J. Roberts sroberts
0
140

Other Decks in Technology

See All in Technology
2人で作ったAIダッシュボードが、開発組織の次の一手を照らした話― Cursor × SpecKit × 可視化の実践 ― Qiita AI Summit
Avatar for NOBORU ITOU noalisaai
1
370
What happened to RubyGems and what can we learn?
Avatar for Mike McQuaid mikemcquaid
0
240
AIと新時代を切り拓く。これからのSREとメルカリIBISの挑戦
Avatar for ktykogm 0gm
0
750
セキュリティ はじめの一歩
Avatar for nikinusu nikinusu
0
1.5k
名刺メーカーDevグループ 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
1k
SREのプラクティスを用いた3領域同時 マネジメントへの挑戦 〜SRE・情シス・セキュリティを統合した チーム運営術〜
Avatar for coconala_engineer coconala_engineer
2
590
Digitization部 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
6.8k
茨城の思い出を振り返る ~CDKのセキュリティを添えて~ / 20260201 Mitsutoshi Matsuo
Avatar for SHIFT EVOLVE shift_evolve
PRO
1
180
Sansan Engineering Unit 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
3.8k
会社紹介資料 / Sansan Company Profile
Avatar for Sansan, Inc. sansan33
PRO
15
400k
日本語テキストと音楽の対照学習の技術とその応用
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
1
420
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
Avatar for Sansan, Inc. sansan33
PRO
0
3k

Featured

See All Featured
Deep Space Network (abreviated)
Avatar for Tony Rice tonyrice
0
45
Context Engineering - Making Every Token Count
Avatar for Addy Osmani addyosmani
9
650
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
34
2.6k
Paper Plane (Part 1)
Avatar for Katie Cordina Lindsey katiecoart
PRO
0
4k
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
Avatar for r-kagaya rkaga
60
42k
How Software Deployment tools have changed in the past 20 years
Avatar for Geshan Manandhar geshan
0
32k
Odyssey Design
Avatar for Ryan Kendrick rkendrick25
PRO
1
490
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
Avatar for panda_program panda_program
122
21k
Designing Experiences People Love
Avatar for Jonathan Moore moore
144
24k
Jess Joyce - The Pitfalls of Following Frameworks
Avatar for Tech SEO Connect techseoconnect
PRO
1
63
B2B Lead Gen: Tactics, Traps & Triumph
Avatar for Sophie Logan marketingsoph
0
52
Git: the NoSQL Database
Avatar for Brandon Keepers bkeepers
PRO
432
66k

Transcript

  1. Building Effective CTI Sharing

  2. Scott J Roberts

  3. Comments? Use #ctisharing and/or @sroberts

  4. Table Stakes

  5. Talk to Legal

  6. TLP https://www.us-cert.gov/tlp

  7. • WWWWH&W • Example: My Story • What To Do

    Next?

  8. Why?

  9. Your Security Will Improve

  10. You Will Improve Others Security

  11. Share More Get More

  12. A rising tide raises all boats

  13. When?

  14. Ingestion vs. Production

  15. When You’re Ready to Act

  16. When You’re Ready to Reciprocate

  17. When You Can Be Confident

  18. Who?

  19. Formal Groups

  20. Open Source Groups

  21. Informal Groups

  22. BONUS: Orgs With Similar Technology...

  23. BONUS: Competitors

  24. What?

  25. Indicators of Compromise

  26. Tactics, Techniques, & Procedures

  27. Reports

  28. Techniques, Methods, & Capabilities

  29. (Legally Required) Pyramid of Pain https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html

  30. Sharing Hierarchy of Value* * The Author acknowledges this is

    a rip off

  31. How?

  32. Don’t Ask to Join

  33. Be Trusting

  34. Be Trustworthy

  35. Be Action Oriented

  36. BONUS: The Best Groups Have A Written Set of Expectations

    & Procedures

  37. Where?

  38. Mailing Lists

  39. Chat

  40. Semi Structured

  41. Threat Intelligence Platform

  42. Hybrid

  43. Example: My Story

  44. This is Kyle @kylemaxwell

  45. Kyle & I started a Slack

  46. We Invited Folks We Knew Shared Tools & Techniques We

    Invited More Folks

  47. Kyle Invited Mark @markpars0ns

  48. Mark Invited Me to Another Slack

  49. Met New Folks Shared Intelligence Collaborated On Investigations Demonstrated Value

    to My Boss

  50. So I Invited My Coworker John @swannysec

  51. What To Do Next?

  52. What To Do Next • • • • • •

  53. Go Make Friends & Share Intelligence

  54. Join Me @ SANS Rocky Mountain 2017 for FOR578