Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Building Effective Threat Intelligence Sharing
Search
Scott J. Roberts
July 23, 2017
Technology
1
120
Building Effective Threat Intelligence Sharing
A SANS Webex I did... awhile ago?
Scott J. Roberts
July 23, 2017
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
LLM SATs FTW
sroberts
0
580
STRAT - A System-Centric Approach to Cyber Resilience
sroberts
0
27
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
120
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
120
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
76
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
55
Homemade Ramen & Threat Intelligence
sroberts
2
560
Introduction to Open Source Security Tools
sroberts
3
4.9k
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
120
Other Decks in Technology
See All in Technology
結局QUICで通信は速くなるの?
kota_yata
9
7.5k
人を動かすことについて考える
ichimichi
2
300
20250818_KGX・One Hokkaidoコラボイベント
tohgeyukihiro
0
130
Yahoo!ニュースにおけるソフトウェア開発
lycorptech_jp
PRO
0
210
Rethinking Incident Response: Context-Aware AI in Practice - Incident Buddy Edition -
rrreeeyyy
0
130
S3のライフサイクル設計でハマったポイント
mkumada
0
100
Goでマークダウンの独自記法を実装する
lag129
0
200
サイボウズフロントエンドの横断活動から考える AI時代にできること
mugi_uno
4
1.4k
AIドリブンのソフトウェア開発 - うまいやり方とまずいやり方
okdt
PRO
9
510
認知戦の理解と、市民としての対抗策
hogehuga
0
250
[kickflow]20250319_少人数チームでのAutify活用
otouhujej
0
200
R-SCoRe: Revisiting Scene Coordinate Regression for Robust Large-Scale Visual Localization
takmin
0
390
Featured
See All Featured
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
183
54k
Java REST API Framework Comparison - PWX 2021
mraible
33
8.8k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
131
19k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.8k
Why Our Code Smells
bkeepers
PRO
338
57k
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
110
20k
[RailsConf 2023] Rails as a piece of cake
palkan
56
5.8k
Producing Creativity
orderedlist
PRO
347
40k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
50k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.5k
Transcript
Building Effective CTI Sharing
Scott J Roberts
Comments? Use #ctisharing and/or @sroberts
Table Stakes
Talk to Legal
TLP https://www.us-cert.gov/tlp
• WWWWH&W • Example: My Story • What To Do
Next?
Why?
Your Security Will Improve
You Will Improve Others Security
Share More Get More
A rising tide raises all boats
When?
Ingestion vs. Production
When You’re Ready to Act
When You’re Ready to Reciprocate
When You Can Be Confident
Who?
Formal Groups
Open Source Groups
Informal Groups
BONUS: Orgs With Similar Technology...
BONUS: Competitors
What?
Indicators of Compromise
Tactics, Techniques, & Procedures
Reports
Techniques, Methods, & Capabilities
(Legally Required) Pyramid of Pain https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
Sharing Hierarchy of Value* * The Author acknowledges this is
a rip off
How?
Don’t Ask to Join
Be Trusting
Be Trustworthy
Be Action Oriented
BONUS: The Best Groups Have A Written Set of Expectations
& Procedures
Where?
Mailing Lists
Chat
Semi Structured
Threat Intelligence Platform
Hybrid
Example: My Story
This is Kyle @kylemaxwell
Kyle & I started a Slack
We Invited Folks We Knew Shared Tools & Techniques We
Invited More Folks
Kyle Invited Mark @markpars0ns
Mark Invited Me to Another Slack
Met New Folks Shared Intelligence Collaborated On Investigations Demonstrated Value
to My Boss
So I Invited My Coworker John @swannysec
What To Do Next?
What To Do Next • • • • • •
Go Make Friends & Share Intelligence
Join Me @ SANS Rocky Mountain 2017 for FOR578