Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building Effective Threat Intelligence Sharing

Avatar for Scott J. Roberts Scott J. Roberts
July 23, 2017
Technology
140
1

Building Effective Threat Intelligence Sharing

A SANS Webex I did... awhile ago?

Avatar for Scott J. Roberts

Scott J. Roberts

July 23, 2017

More Decks by Scott J. Roberts

See All by Scott J. Roberts
LLM SATs FTW
Avatar for Scott J. Roberts sroberts
0
1.2k
STRAT - A System-Centric Approach to Cyber Resilience
Avatar for Scott J. Roberts sroberts
0
68
Tortured Responders Dept - Scott & Rebekah's Edition
Avatar for Scott J. Roberts sroberts
0
150
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
Avatar for Scott J. Roberts sroberts
0
180
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
Avatar for Scott J. Roberts sroberts
0
110
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
Avatar for Scott J. Roberts sroberts
0
100
Homemade Ramen & Threat Intelligence
Avatar for Scott J. Roberts sroberts
2
600
Introduction to Open Source Security Tools
Avatar for Scott J. Roberts sroberts
3
5k
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
Avatar for Scott J. Roberts sroberts
0
150

Other Decks in Technology

See All in Technology
試されDATA SAPPORO [LT]Claude Codeで「ゆっくりデータ分析」
Avatar for Satoru Ishikawa ishikawa_satoru
0
180
Autonomous Database - Dedicated 技術詳細 / adb-d_technical_detail_jp
Avatar for oracle4engineer oracle4engineer
PRO
5
13k
GitHub Copilotを極める会 - 開発者のための活用術
Avatar for ファインディ株式会社(イベント資料アップ用) findy_eventslides
5
3.1k
15年メンテしてきたdotfilesから開発トレンドを振り返る 2011 - 2026
Avatar for giginet giginet
PRO
2
280
レガシーシステムをどう次世代に受け継ぐか
Avatar for 立入 tachiiri
0
290
AWSで2番目にリリースされたサービスについてお話しします(諸説あります)
Avatar for Yuuki Yamashita yama3133
0
120
スケーリングを封じられたEC2を救いたい
Avatar for いのうえ senseofunity129
0
140
2026年度新卒技術研修 サイバーエージェントのデータベース 活用事例とパフォーマンス調査入門
Avatar for CyberAgent cyberagentdevelopers
PRO
1
490
ふりかえりを 「あそび」にしたら、 学習が勝手に進んだ / Playful Retros Drive Learning
Avatar for katoaz katoaz
0
250
Babylon.js を使って試した色々な内容 / Various things I tried using Babylon.js / Babylon.js 勉強会 vol.5
Avatar for you(@youtoy) you
PRO
0
250
ブラックボックス化したMLシステムのVertex AI移行 / mlops_community_62
Avatar for Visional Engineering & Design visional_engineering_and_design
1
290
制約を設計する - 非決定性との境界線 / Designing constraints
Avatar for soudai sone soudai
PRO
6
2.1k

Featured

See All Featured
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
57
14k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
35
3.4k
End of SEO as We Know It (SMX Advanced Version)
Avatar for Michael King ipullrank
3
4.1k
Bioeconomy Workshop: Dr. Julius Ecuru, Opportunities for a Bioeconomy in West Africa
Avatar for AKADEMIYA2063 akademiya2063
PRO
1
86
The Illustrated Guide to Node.js - THAT Conference 2024
Avatar for David Neal reverentgeek
1
330
Facilitating Awesome Meetings
Avatar for Lara Hogan lara
57
6.8k
StorybookのUI Testing Handbookを読んだ
Avatar for Shingo Yamazaki zakiyama
31
6.7k
Building Flexible Design Systems
Avatar for Yesenia Perez-Cruz yeseniaperezcruz
330
40k
How GitHub (no longer) Works
Avatar for Zach Holman holman
316
150k
The #1 spot is gone: here's how to win anyway
Avatar for Tamara Novitovic tamaranovitovic
2
1k
Redefining SEO in the New Era of Traffic Generation
Avatar for Szymon Słowik szymonslowik
1
270
Jess Joyce - The Pitfalls of Following Frameworks
Avatar for Tech SEO Connect techseoconnect
PRO
1
120

Transcript

  1. Building Effective CTI Sharing

  2. Scott J Roberts

  3. Comments? Use #ctisharing and/or @sroberts

  4. Table Stakes

  5. Talk to Legal

  6. TLP https://www.us-cert.gov/tlp

  7. • WWWWH&W • Example: My Story • What To Do

    Next?

  8. Why?

  9. Your Security Will Improve

  10. You Will Improve Others Security

  11. Share More Get More

  12. A rising tide raises all boats

  13. When?

  14. Ingestion vs. Production

  15. When You’re Ready to Act

  16. When You’re Ready to Reciprocate

  17. When You Can Be Confident

  18. Who?

  19. Formal Groups

  20. Open Source Groups

  21. Informal Groups

  22. BONUS: Orgs With Similar Technology...

  23. BONUS: Competitors

  24. What?

  25. Indicators of Compromise

  26. Tactics, Techniques, & Procedures

  27. Reports

  28. Techniques, Methods, & Capabilities

  29. (Legally Required) Pyramid of Pain https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html

  30. Sharing Hierarchy of Value* * The Author acknowledges this is

    a rip off

  31. How?

  32. Don’t Ask to Join

  33. Be Trusting

  34. Be Trustworthy

  35. Be Action Oriented

  36. BONUS: The Best Groups Have A Written Set of Expectations

    & Procedures

  37. Where?

  38. Mailing Lists

  39. Chat

  40. Semi Structured

  41. Threat Intelligence Platform

  42. Hybrid

  43. Example: My Story

  44. This is Kyle @kylemaxwell

  45. Kyle & I started a Slack

  46. We Invited Folks We Knew Shared Tools & Techniques We

    Invited More Folks

  47. Kyle Invited Mark @markpars0ns

  48. Mark Invited Me to Another Slack

  49. Met New Folks Shared Intelligence Collaborated On Investigations Demonstrated Value

    to My Boss

  50. So I Invited My Coworker John @swannysec

  51. What To Do Next?

  52. What To Do Next • • • • • •

  53. Go Make Friends & Share Intelligence

  54. Join Me @ SANS Rocky Mountain 2017 for FOR578