Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Building Effective Threat Intelligence Sharing
Search
Scott J. Roberts
July 23, 2017
Technology
1
120
Building Effective Threat Intelligence Sharing
A SANS Webex I did... awhile ago?
Scott J. Roberts
July 23, 2017
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
LLM SATs FTW
sroberts
0
460
STRAT - A System-Centric Approach to Cyber Resilience
sroberts
0
23
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
120
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
110
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
73
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
51
Homemade Ramen & Threat Intelligence
sroberts
2
550
Introduction to Open Source Security Tools
sroberts
3
4.9k
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
120
Other Decks in Technology
See All in Technology
Model Mondays S2E04: AI Developer Experiences
nitya
0
190
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
soudai
PRO
54
20k
United airlines®️ USA Contact Numbers: Complete 2025 Support Guide
unitedflyhelp
0
330
B2C&B2B&社内向けサービスを抱える開発組織におけるサービス価値を最大化するイニシアチブ管理
belongadmin
2
7.3k
VS CodeとGitHub Copilotで爆速開発!アップデートの波に乗るおさらい会 / Rapid Development with VS Code and GitHub Copilot: Catch the Latest Wave
yamachu
2
160
面倒な作業はAIにおまかせ。Flutter開発をスマートに効率化
ruideengineer
0
270
DatabricksにOLTPデータベース『Lakebase』がやってきた!
inoutk
0
120
「クラウドコスト絶対削減」を支える技術—FinOpsを超えた徹底的なクラウドコスト削減の実践論
delta_tech
4
170
ABEMAの本番環境負荷試験への挑戦
mk2taiga
3
150
How Do I Contact HP Printer Support? [Full 2025 Guide for U.S. Businesses]
harrry1211
0
120
MUITにおける開発プロセスモダナイズの取り組みと開発生産性可視化の取り組みについて / Modernize the Development Process and Visualize Development Productivity at MUIT
muit
2
17k
ゼロからはじめる採用広報
yutadayo
3
970
Featured
See All Featured
Building a Scalable Design System with Sketch
lauravandoore
462
33k
How to Ace a Technical Interview
jacobian
278
23k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
Bash Introduction
62gerente
613
210k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
50
5.5k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
357
30k
Scaling GitHub
holman
460
140k
Music & Morning Musume
bryan
46
6.6k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.6k
GraphQLとの向き合い方2022年版
quramy
49
14k
A Modern Web Designer's Workflow
chriscoyier
695
190k
Transcript
Building Effective CTI Sharing
Scott J Roberts
Comments? Use #ctisharing and/or @sroberts
Table Stakes
Talk to Legal
TLP https://www.us-cert.gov/tlp
• WWWWH&W • Example: My Story • What To Do
Next?
Why?
Your Security Will Improve
You Will Improve Others Security
Share More Get More
A rising tide raises all boats
When?
Ingestion vs. Production
When You’re Ready to Act
When You’re Ready to Reciprocate
When You Can Be Confident
Who?
Formal Groups
Open Source Groups
Informal Groups
BONUS: Orgs With Similar Technology...
BONUS: Competitors
What?
Indicators of Compromise
Tactics, Techniques, & Procedures
Reports
Techniques, Methods, & Capabilities
(Legally Required) Pyramid of Pain https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
Sharing Hierarchy of Value* * The Author acknowledges this is
a rip off
How?
Don’t Ask to Join
Be Trusting
Be Trustworthy
Be Action Oriented
BONUS: The Best Groups Have A Written Set of Expectations
& Procedures
Where?
Mailing Lists
Chat
Semi Structured
Threat Intelligence Platform
Hybrid
Example: My Story
This is Kyle @kylemaxwell
Kyle & I started a Slack
We Invited Folks We Knew Shared Tools & Techniques We
Invited More Folks
Kyle Invited Mark @markpars0ns
Mark Invited Me to Another Slack
Met New Folks Shared Intelligence Collaborated On Investigations Demonstrated Value
to My Boss
So I Invited My Coworker John @swannysec
What To Do Next?
What To Do Next • • • • • •
Go Make Friends & Share Intelligence
Join Me @ SANS Rocky Mountain 2017 for FOR578