Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up for free
Building Effective Threat Intelligence Sharing
Scott J. Roberts
July 23, 2017
Technology
1
80
Building Effective Threat Intelligence Sharing
A SANS Webex I did... awhile ago?
Scott J. Roberts
July 23, 2017
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
Homemade Ramen & Threat Intelligence
sroberts
2
330
Introduction to Open Source Security Tools
sroberts
3
4.4k
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
68
Crisis Communication for Incident Response
sroberts
1
230
Hipster DFIR on OSX - BSidesCincy
sroberts
3
2.9k
Community Intelligence & Open Source Tools
sroberts
5
970
Responding @ Scale: osquery for Mass Incident Response and Detection
sroberts
1
11k
Hipster DFIR on OSX
sroberts
2
850
Crisis Communication for Incident Response
sroberts
2
7.4k
Other Decks in Technology
See All in Technology
Amazon Comprehendで始める感情分析
46ta
0
160
hey BOOK
heyinc
26
290k
Simplify Cloud Native Security with Trivy
knqyf263
0
530
DeepDive into Modern Development with AWS
mokocm
1
330
ぼくらが選んだ次のMySQL 8.0 / MySQL80 Which We Choose
line_developers
PRO
7
2.8k
Istioを活用したセキュアなマイクロサービスの実現/Secure Microservices with Istio
ido_kara_deru
3
380
GCCP Creator @ COSCUP 2022
line_developers_tw
PRO
0
1.4k
ジョブ管理システムをAWS Step Functionsに移行する時の勘所
non97
0
480
大声で伝えたい!定時に帰る方法
sbtechnight
0
220
Djangoで組織とユーザーの権限管理をやってみよう #devio2022
seiichi1101
0
370
品質特性のすすめ
honamin09
0
160
疎ベクトル検索と密ベクトル検索: 第68回 Machine Learning 15minutes! Broadcast
keyakkie
1
240
Featured
See All Featured
How GitHub (no longer) Works
holman
297
140k
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
173
8.6k
A Philosophy of Restraint
colly
192
15k
Side Projects
sachag
450
37k
jQuery: Nuts, Bolts and Bling
dougneiner
56
6.4k
Mobile First: as difficult as doing things right
swwweet
213
7.6k
Making Projects Easy
brettharned
98
4.4k
Embracing the Ebb and Flow
colly
73
3.4k
WebSockets: Embracing the real-time Web
robhawkes
57
5.5k
The Invisible Customer
myddelton
110
11k
Fashionably flexible responsive web design (full day workshop)
malarkey
396
62k
Build The Right Thing And Hit Your Dates
maggiecrowley
19
1.2k
Transcript
Building Effective CTI Sharing
Scott J Roberts
Comments? Use #ctisharing and/or @sroberts
Table Stakes
Talk to Legal
TLP https://www.us-cert.gov/tlp
• WWWWH&W • Example: My Story • What To Do
Next?
Why?
Your Security Will Improve
You Will Improve Others Security
Share More Get More
A rising tide raises all boats
When?
Ingestion vs. Production
When You’re Ready to Act
When You’re Ready to Reciprocate
When You Can Be Confident
Who?
Formal Groups
Open Source Groups
Informal Groups
BONUS: Orgs With Similar Technology...
BONUS: Competitors
What?
Indicators of Compromise
Tactics, Techniques, & Procedures
Reports
Techniques, Methods, & Capabilities
(Legally Required) Pyramid of Pain https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
Sharing Hierarchy of Value* * The Author acknowledges this is
a rip off
How?
Don’t Ask to Join
Be Trusting
Be Trustworthy
Be Action Oriented
BONUS: The Best Groups Have A Written Set of Expectations
& Procedures
Where?
Mailing Lists
Chat
Semi Structured
Threat Intelligence Platform
Hybrid
Example: My Story
This is Kyle @kylemaxwell
Kyle & I started a Slack
We Invited Folks We Knew Shared Tools & Techniques We
Invited More Folks
Kyle Invited Mark @markpars0ns
Mark Invited Me to Another Slack
Met New Folks Shared Intelligence Collaborated On Investigations Demonstrated Value
to My Boss
So I Invited My Coworker John @swannysec
What To Do Next?
What To Do Next • • • • • •
Go Make Friends & Share Intelligence
Join Me @ SANS Rocky Mountain 2017 for FOR578