Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building Effective Threat Intelligence Sharing

Avatar for Scott J. Roberts Scott J. Roberts
July 23, 2017
Technology
1
120

Building Effective Threat Intelligence Sharing

A SANS Webex I did... awhile ago?
Avatar for Scott J. Roberts

Scott J. Roberts

July 23, 2017
Tweet

More Decks by Scott J. Roberts

See All by Scott J. Roberts
LLM SATs FTW
Avatar for Scott J. Roberts sroberts
0
410
STRAT - A System-Centric Approach to Cyber Resilience
Avatar for Scott J. Roberts sroberts
0
17
Tortured Responders Dept - Scott & Rebekah's Edition
Avatar for Scott J. Roberts sroberts
0
110
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
Avatar for Scott J. Roberts sroberts
0
100
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
Avatar for Scott J. Roberts sroberts
0
69
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
Avatar for Scott J. Roberts sroberts
0
47
Homemade Ramen & Threat Intelligence
Avatar for Scott J. Roberts sroberts
2
540
Introduction to Open Source Security Tools
Avatar for Scott J. Roberts sroberts
3
4.9k
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
Avatar for Scott J. Roberts sroberts
0
120

Other Decks in Technology

See All in Technology
白金鉱業Meetup_Vol.19_PoCはデモで語れ!顧客の本音とインサイトを引き出すソリューション構築​
Avatar for BrainPad brainpadpr
2
310
TODAY 看世界(?) 是我們在看扣啦!
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
160
Eight Engineering Unit 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
3.4k
Tensix Core アーキテクチャ解説
Avatar for Tenstorrent Japan tenstorrent_japan
0
360
JSX - 歴史を振り返り、⾯⽩がって、エモくなろう
Avatar for 晴れ井戸 pal4de
2
110
Data Hubグループ 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
1.8k
DB 醬,嗨!哪泥嘎斯基?
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
150
“プロダクトを好きになれるか“も QAエンジニア転職の大事な判断基準だと思ったの
Avatar for yuden tomodakengo
0
130
菸酒生在 LINE Taiwan 的後端雙刀流
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
140
AI技術トレンド勉強会 #1 MCPの基礎と実務での応用
Avatar for Nisei Kimura nisei_k
1
190
Rubyで作る論理回路シミュレータの設計の話 - Kashiwa.rb #12
Avatar for Koji NAKAMURA kozy4324
1
260
Devin(Deep) Wiki/Searchの活用で変わる開発の世界観/devin-wiki-search-impact
Avatar for tomoki10 tomoki10
0
310

Featured

See All Featured
Music & Morning Musume
Avatar for Bryan Veloso bryan
46
6.6k
Raft: Consensus for Rubyists
Avatar for Patrick Van Stee vanstee
139
7k
Practical Orchestrator
Avatar for Shlomi Noach shlominoach
188
11k
Code Reviewing Like a Champion
Avatar for maltzj maltzj
524
40k
Embracing the Ebb and Flow
Avatar for Simon Collison colly
86
4.7k
Product Roadmaps are Hard
Avatar for C. Todd Lombardo iamctodd
PRO
53
11k
[RailsConf 2023 Opening Keynote] The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
29
9.5k
Faster Mobile Websites
Avatar for Dean Hume deanohume
307
31k
How GitHub (no longer) Works
Avatar for Zach Holman holman
314
140k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
32
2.3k
Sharpening the Axe: The Primacy of Toolmaking
Avatar for Bryan Cantrill bcantrill
43
2.4k
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
331
22k

Transcript

  1. Building Effective CTI Sharing

  2. Scott J Roberts

  3. Comments? Use #ctisharing and/or @sroberts

  4. Table Stakes

  5. Talk to Legal

  6. TLP https://www.us-cert.gov/tlp

  7. • WWWWH&W • Example: My Story • What To Do

    Next?

  8. Why?

  9. Your Security Will Improve

  10. You Will Improve Others Security

  11. Share More Get More

  12. A rising tide raises all boats

  13. When?

  14. Ingestion vs. Production

  15. When You’re Ready to Act

  16. When You’re Ready to Reciprocate

  17. When You Can Be Confident

  18. Who?

  19. Formal Groups

  20. Open Source Groups

  21. Informal Groups

  22. BONUS: Orgs With Similar Technology...

  23. BONUS: Competitors

  24. What?

  25. Indicators of Compromise

  26. Tactics, Techniques, & Procedures

  27. Reports

  28. Techniques, Methods, & Capabilities

  29. (Legally Required) Pyramid of Pain https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html

  30. Sharing Hierarchy of Value* * The Author acknowledges this is

    a rip off

  31. How?

  32. Don’t Ask to Join

  33. Be Trusting

  34. Be Trustworthy

  35. Be Action Oriented

  36. BONUS: The Best Groups Have A Written Set of Expectations

    & Procedures

  37. Where?

  38. Mailing Lists

  39. Chat

  40. Semi Structured

  41. Threat Intelligence Platform

  42. Hybrid

  43. Example: My Story

  44. This is Kyle @kylemaxwell

  45. Kyle & I started a Slack

  46. We Invited Folks We Knew Shared Tools & Techniques We

    Invited More Folks

  47. Kyle Invited Mark @markpars0ns

  48. Mark Invited Me to Another Slack

  49. Met New Folks Shared Intelligence Collaborated On Investigations Demonstrated Value

    to My Boss

  50. So I Invited My Coworker John @swannysec

  51. What To Do Next?

  52. What To Do Next • • • • • •

  53. Go Make Friends & Share Intelligence

  54. Join Me @ SANS Rocky Mountain 2017 for FOR578