Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Building Effective Threat Intelligence Sharing
Search
Scott J. Roberts
July 23, 2017
Technology
1
100
Building Effective Threat Intelligence Sharing
A SANS Webex I did... awhile ago?
Scott J. Roberts
July 23, 2017
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
Homemade Ramen & Threat Intelligence
sroberts
2
430
Introduction to Open Source Security Tools
sroberts
3
4.7k
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
95
Crisis Communication for Incident Response
sroberts
1
290
Hipster DFIR on OSX - BSidesCincy
sroberts
3
3.1k
Community Intelligence & Open Source Tools
sroberts
5
1.1k
Responding @ Scale: osquery for Mass Incident Response and Detection
sroberts
1
12k
Hipster DFIR on OSX
sroberts
2
950
Crisis Communication for Incident Response
sroberts
2
7.6k
Other Decks in Technology
See All in Technology
SPI原点回帰論:事業課題とFour Keysの結節点を見出す実践的ソフトウェアプロセス改善 / DevOpsDays Tokyo 2024
visional_engineering_and_design
4
1.4k
NgRx Signal Store
rainerhahnekamp
0
110
「共通基盤」を超えよ! 今、Platform Engineeringに取り組むべき理由
jacopen
25
5.7k
Terraformあれやこれ/terraform-this-and-that
emiki
2
100
Next'24 事例セッションの紹介とクラウド資格を活用したキャリア形成について語りMuscle
yasumuusan
0
290
Apple Vision Pro trial session
akkeylab
0
120
Databricks におけるデータエンジニアリング
databricksjapan
0
370
[2024年3月版] Databricksのシステムアーキテクチャ
databricksjapan
7
1.9k
〜小さく始めて大きく育てる〜データ分析基盤の開発から活用まで
kniino
0
2k
レガシーをぶっ壊せ。AEONで始めるDevRelの話 / Qiita Night 2024-2-22
aeonpeople
3
130
Algyan イベント振り返り
linyixian
0
180
Tebiki株式会社 エンジニア採用資料
tebiki
0
4.1k
Featured
See All Featured
Thoughts on Productivity
jonyablonski
57
3.8k
The World Runs on Bad Software
bkeepers
PRO
61
6.7k
Raft: Consensus for Rubyists
vanstee
131
6.2k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
15
1.4k
What's in a price? How to price your products and services
michaelherold
237
11k
Testing 201, or: Great Expectations
jmmastey
27
6.3k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
355
22k
Optimizing for Happiness
mojombo
369
69k
Being A Developer After 40
akosma
56
580k
10 Git Anti Patterns You Should be Aware of
lemiorhan
645
57k
Creatively Recalculating Your Daily Design Routine
revolveconf
209
11k
The Language of Interfaces
destraynor
151
23k
Transcript
Building Effective CTI Sharing
Scott J Roberts
Comments? Use #ctisharing and/or @sroberts
Table Stakes
Talk to Legal
TLP https://www.us-cert.gov/tlp
• WWWWH&W • Example: My Story • What To Do
Next?
Why?
Your Security Will Improve
You Will Improve Others Security
Share More Get More
A rising tide raises all boats
When?
Ingestion vs. Production
When You’re Ready to Act
When You’re Ready to Reciprocate
When You Can Be Confident
Who?
Formal Groups
Open Source Groups
Informal Groups
BONUS: Orgs With Similar Technology...
BONUS: Competitors
What?
Indicators of Compromise
Tactics, Techniques, & Procedures
Reports
Techniques, Methods, & Capabilities
(Legally Required) Pyramid of Pain https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
Sharing Hierarchy of Value* * The Author acknowledges this is
a rip off
How?
Don’t Ask to Join
Be Trusting
Be Trustworthy
Be Action Oriented
BONUS: The Best Groups Have A Written Set of Expectations
& Procedures
Where?
Mailing Lists
Chat
Semi Structured
Threat Intelligence Platform
Hybrid
Example: My Story
This is Kyle @kylemaxwell
Kyle & I started a Slack
We Invited Folks We Knew Shared Tools & Techniques We
Invited More Folks
Kyle Invited Mark @markpars0ns
Mark Invited Me to Another Slack
Met New Folks Shared Intelligence Collaborated On Investigations Demonstrated Value
to My Boss
So I Invited My Coworker John @swannysec
What To Do Next?
What To Do Next • • • • • •
Go Make Friends & Share Intelligence
Join Me @ SANS Rocky Mountain 2017 for FOR578