Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building Effective Threat Intelligence Sharing

Avatar for Scott J. Roberts Scott J. Roberts
July 23, 2017
Technology
150
1

Building Effective Threat Intelligence Sharing

A SANS Webex I did... awhile ago?

Avatar for Scott J. Roberts

Scott J. Roberts

July 23, 2017

More Decks by Scott J. Roberts

See All by Scott J. Roberts
LLM SATs FTW
Avatar for Scott J. Roberts sroberts
0
1.4k
STRAT - A System-Centric Approach to Cyber Resilience
Avatar for Scott J. Roberts sroberts
0
85
Tortured Responders Dept - Scott & Rebekah's Edition
Avatar for Scott J. Roberts sroberts
0
170
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
Avatar for Scott J. Roberts sroberts
0
190
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
Avatar for Scott J. Roberts sroberts
0
130
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
Avatar for Scott J. Roberts sroberts
0
120
Homemade Ramen & Threat Intelligence
Avatar for Scott J. Roberts sroberts
2
630
Introduction to Open Source Security Tools
Avatar for Scott J. Roberts sroberts
3
5.1k
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
Avatar for Scott J. Roberts sroberts
0
160

Other Decks in Technology

See All in Technology
Oracle AI Database@Azure:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
6
1.9k
Chart.js が簡単に使えるようになっていたので OGP 画像生成に使った話
Avatar for すずとも kamekyame
0
170
Agentic Web
Avatar for dynamis dynamis
1
180
Oracle Cloud Infrastructure IaaS 新機能アップデート 2026/3 - 2026/5
Avatar for oracle4engineer oracle4engineer
PRO
1
220
トークン数だけでは測れない — Claude Code 組織展開の効果検証から学んだこと
Avatar for Masaki Kubota makikub
0
140
Diagnosing performance problems without the guesswork
Avatar for Elena Tanasoiu elenatanasoiu
0
170
Djangoユーザが知っ得なPostgreSQL機能 - 設計の選択肢を増やす / Djang-use-PostgreSQL
Avatar for soudai sone soudai
PRO
0
210
DevOps Agentで始めるAWS運用 〜フロンティアエージェントが変える運用の現場〜
Avatar for nyankotaro nyankotaro
1
320
もりもり新機能を一挙紹介! AgentCoreに入門して、AWS上にAIエージェントを構築しよう
Avatar for みのるん minorun365
PRO
6
850
Rancherの紹介&Update情報(RancherJP Online Meetup #09)
Avatar for Yoshiyuki Kono yoshiyuki_kono
0
130
データ基盤をDataformで整えた話 〜 開発環境を添えて 〜
Avatar for Takanobu Nozawa takapy
0
130
Claude Code×Terraform IaC テンプレート駆動開発
Avatar for Itou Hideki itouhi
1
440

Featured

See All Featured
The AI Search Optimization Roadmap by Aleyda Solis
Avatar for Aleyda Solis aleyda
1
5.9k
Leveraging Curiosity to Care for An Aging Population
Avatar for Cassini Nazir cassininazir
1
270
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
72
12k
Building an army of robots
Avatar for Kyle Neath kneath
306
46k
Joys of Absence: A Defence of Solitary Play
Avatar for Sebastian Deterding codingconduct
1
390
SEOcharity - Dark patterns in SEO and UX: How to avoid them and build a more ethical web
Avatar for Sara Fernández Carmona sarafernandez
0
200
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
Avatar for Takuto Wada twada
PRO
118
120k
How to audit for AI Accessibility on your Front & Back End
Avatar for davetheseo davetheseo
0
400
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
234
17k
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
Avatar for Beat Signer signer
PRO
0
3.6k
Pawsitive SEO: Lessons from My Dog (and Many Mistakes) on Thriving as a Consultant in the Age of AI
Avatar for David Carrasco davidcarrasco
0
160
B2B Lead Gen: Tactics, Traps & Triumph
Avatar for Sophie Logan marketingsoph
0
140

Transcript

  1. Building Effective CTI Sharing

  2. Scott J Roberts

  3. Comments? Use #ctisharing and/or @sroberts

  4. Table Stakes

  5. Talk to Legal

  6. TLP https://www.us-cert.gov/tlp

  7. • WWWWH&W • Example: My Story • What To Do

    Next?

  8. Why?

  9. Your Security Will Improve

  10. You Will Improve Others Security

  11. Share More Get More

  12. A rising tide raises all boats

  13. When?

  14. Ingestion vs. Production

  15. When You’re Ready to Act

  16. When You’re Ready to Reciprocate

  17. When You Can Be Confident

  18. Who?

  19. Formal Groups

  20. Open Source Groups

  21. Informal Groups

  22. BONUS: Orgs With Similar Technology...

  23. BONUS: Competitors

  24. What?

  25. Indicators of Compromise

  26. Tactics, Techniques, & Procedures

  27. Reports

  28. Techniques, Methods, & Capabilities

  29. (Legally Required) Pyramid of Pain https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html

  30. Sharing Hierarchy of Value* * The Author acknowledges this is

    a rip off

  31. How?

  32. Don’t Ask to Join

  33. Be Trusting

  34. Be Trustworthy

  35. Be Action Oriented

  36. BONUS: The Best Groups Have A Written Set of Expectations

    & Procedures

  37. Where?

  38. Mailing Lists

  39. Chat

  40. Semi Structured

  41. Threat Intelligence Platform

  42. Hybrid

  43. Example: My Story

  44. This is Kyle @kylemaxwell

  45. Kyle & I started a Slack

  46. We Invited Folks We Knew Shared Tools & Techniques We

    Invited More Folks

  47. Kyle Invited Mark @markpars0ns

  48. Mark Invited Me to Another Slack

  49. Met New Folks Shared Intelligence Collaborated On Investigations Demonstrated Value

    to My Boss

  50. So I Invited My Coworker John @swannysec

  51. What To Do Next?

  52. What To Do Next • • • • • •

  53. Go Make Friends & Share Intelligence

  54. Join Me @ SANS Rocky Mountain 2017 for FOR578