Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Building Effective Threat Intelligence Sharing
Search
Scott J. Roberts
July 23, 2017
Technology
1
120
Building Effective Threat Intelligence Sharing
A SANS Webex I did... awhile ago?
Scott J. Roberts
July 23, 2017
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
LLM SATs FTW
sroberts
0
520
STRAT - A System-Centric Approach to Cyber Resilience
sroberts
0
25
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
120
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
120
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
74
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
54
Homemade Ramen & Threat Intelligence
sroberts
2
550
Introduction to Open Source Security Tools
sroberts
3
4.9k
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
120
Other Decks in Technology
See All in Technology
生成AI時代におけるAI・機械学習技術を用いたプロダクト開発の深化と進化 #BetAIDay
layerx
PRO
0
320
OpenTelemetry の Log を使いこなそう
biwashi
5
1.2k
AI によるドキュメント処理を加速するためのOCR 結果の永続化と再利用戦略
tomoaki25
0
240
AI人生苦節10年で会得したAIがやること_人間がやること.pdf
shibuiwilliam
1
230
Unson OS|48時間で「売れるか」を判定する AI 市場検証プラットフォーム
unson
0
150
LLMでAI-OCR、実際どうなの? / llm_ai_ocr_layerx_bet_ai_day_lt
sbrf248
0
380
[TechNight #91] Oracle Database 最新パフォーマンス分析手法
oracle4engineer
PRO
4
300
Rubyの国のPerlMonger
anatofuz
1
430
ファインディにおける Dataform ブランチ戦略
hiracky16
0
240
TypeScript 上達の道
ysknsid25
23
5k
Vision Language Modelと自動運転AIの最前線_20250730
yuyamaguchi
2
900
VLMサービスを用いた請求書データ化検証 / SaaSxML_Session_1
sansan_randd
0
150
Featured
See All Featured
Scaling GitHub
holman
461
140k
Why You Should Never Use an ORM
jnunemaker
PRO
58
9.5k
GitHub's CSS Performance
jonrohan
1031
460k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
Mobile First: as difficult as doing things right
swwweet
223
9.7k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.8k
Designing Experiences People Love
moore
142
24k
Making Projects Easy
brettharned
117
6.3k
The World Runs on Bad Software
bkeepers
PRO
70
11k
Optimising Largest Contentful Paint
csswizardry
37
3.4k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
139
34k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Transcript
Building Effective CTI Sharing
Scott J Roberts
Comments? Use #ctisharing and/or @sroberts
Table Stakes
Talk to Legal
TLP https://www.us-cert.gov/tlp
• WWWWH&W • Example: My Story • What To Do
Next?
Why?
Your Security Will Improve
You Will Improve Others Security
Share More Get More
A rising tide raises all boats
When?
Ingestion vs. Production
When You’re Ready to Act
When You’re Ready to Reciprocate
When You Can Be Confident
Who?
Formal Groups
Open Source Groups
Informal Groups
BONUS: Orgs With Similar Technology...
BONUS: Competitors
What?
Indicators of Compromise
Tactics, Techniques, & Procedures
Reports
Techniques, Methods, & Capabilities
(Legally Required) Pyramid of Pain https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
Sharing Hierarchy of Value* * The Author acknowledges this is
a rip off
How?
Don’t Ask to Join
Be Trusting
Be Trustworthy
Be Action Oriented
BONUS: The Best Groups Have A Written Set of Expectations
& Procedures
Where?
Mailing Lists
Chat
Semi Structured
Threat Intelligence Platform
Hybrid
Example: My Story
This is Kyle @kylemaxwell
Kyle & I started a Slack
We Invited Folks We Knew Shared Tools & Techniques We
Invited More Folks
Kyle Invited Mark @markpars0ns
Mark Invited Me to Another Slack
Met New Folks Shared Intelligence Collaborated On Investigations Demonstrated Value
to My Boss
So I Invited My Coworker John @swannysec
What To Do Next?
What To Do Next • • • • • •
Go Make Friends & Share Intelligence
Join Me @ SANS Rocky Mountain 2017 for FOR578