Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Building Effective Threat Intelligence Sharing
Search
Scott J. Roberts
July 23, 2017
Technology
1
120
Building Effective Threat Intelligence Sharing
A SANS Webex I did... awhile ago?
Scott J. Roberts
July 23, 2017
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
STRAT - A System-Centric Approach to Cyber Resilience
sroberts
0
7
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
100
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
85
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
53
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
31
Homemade Ramen & Threat Intelligence
sroberts
2
520
Introduction to Open Source Security Tools
sroberts
3
4.9k
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
120
Crisis Communication for Incident Response
sroberts
1
350
Other Decks in Technology
See All in Technology
3/26 クラウド食堂LT #2 GenU案件を通して学んだ教訓 登壇資料
ymae
1
240
LINEギフトのLINEミニアプリアクセシビリティ改善事例
lycorptech_jp
PRO
0
320
マルチアカウント管理で必須!AWS Organizationsの機能とユースケース解説
nrinetcom
PRO
1
120
AIエージェントキャッチアップと論文リサーチ
os1ma
6
1.3k
生成AI時代のセキュアCI/CDとソース管理
yuriemori
0
100
Zabbixチョットデキルとは!?
kujiraitakahiro
0
120
入社後SREチームのミッションや課題の整理をした話
morix1500
1
200
こんなデータマートは嫌だ。どんな? / waiwai-data-meetup-202504
shuntak
2
450
20250325_Logic Apps / Power Automate の SharePoint コネクタの裏側を知る 〜Graph APIで直接操作してみよう〜
yutakaosada
0
110
Amazon Q Developer 他⽣成AIと⽐較してみた
takano0131
1
140
Vision Language Modelを活用した メルカリの類似画像レコメンドの性能改善
yadayuki
9
1.3k
Beyond {shiny}: The Future of Mobile Apps with R
colinfay
0
160
Featured
See All Featured
Rebuilding a faster, lazier Slack
samanthasiow
80
8.9k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Unsuck your backbone
ammeep
670
57k
[RailsConf 2023] Rails as a piece of cake
palkan
53
5.4k
Scaling GitHub
holman
459
140k
We Have a Design System, Now What?
morganepeng
51
7.5k
Into the Great Unknown - MozCon
thekraken
36
1.7k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
135
33k
Adopting Sorbet at Scale
ufuk
75
9.3k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
YesSQL, Process and Tooling at Scale
rocio
172
14k
How to Ace a Technical Interview
jacobian
276
23k
Transcript
Building Effective CTI Sharing
Scott J Roberts
Comments? Use #ctisharing and/or @sroberts
Table Stakes
Talk to Legal
TLP https://www.us-cert.gov/tlp
• WWWWH&W • Example: My Story • What To Do
Next?
Why?
Your Security Will Improve
You Will Improve Others Security
Share More Get More
A rising tide raises all boats
When?
Ingestion vs. Production
When You’re Ready to Act
When You’re Ready to Reciprocate
When You Can Be Confident
Who?
Formal Groups
Open Source Groups
Informal Groups
BONUS: Orgs With Similar Technology...
BONUS: Competitors
What?
Indicators of Compromise
Tactics, Techniques, & Procedures
Reports
Techniques, Methods, & Capabilities
(Legally Required) Pyramid of Pain https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
Sharing Hierarchy of Value* * The Author acknowledges this is
a rip off
How?
Don’t Ask to Join
Be Trusting
Be Trustworthy
Be Action Oriented
BONUS: The Best Groups Have A Written Set of Expectations
& Procedures
Where?
Mailing Lists
Chat
Semi Structured
Threat Intelligence Platform
Hybrid
Example: My Story
This is Kyle @kylemaxwell
Kyle & I started a Slack
We Invited Folks We Knew Shared Tools & Techniques We
Invited More Folks
Kyle Invited Mark @markpars0ns
Mark Invited Me to Another Slack
Met New Folks Shared Intelligence Collaborated On Investigations Demonstrated Value
to My Boss
So I Invited My Coworker John @swannysec
What To Do Next?
What To Do Next • • • • • •
Go Make Friends & Share Intelligence
Join Me @ SANS Rocky Mountain 2017 for FOR578