$30 off During Our Annual Pro Sale. View Details »

Building Effective Threat Intelligence Sharing

Scott J. Roberts
July 23, 2017
Technology
1
92

Building Effective Threat Intelligence Sharing

A SANS Webex I did... awhile ago?

Scott J. Roberts

July 23, 2017
Tweet

More Decks by Scott J. Roberts

See All by Scott J. Roberts
Homemade Ramen & Threat Intelligence
sroberts
2
410
Introduction to Open Source Security Tools
sroberts
3
4.7k
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
84
Crisis Communication for Incident Response
sroberts
1
260
Hipster DFIR on OSX - BSidesCincy
sroberts
3
3k
Community Intelligence & Open Source Tools
sroberts
5
1k
Responding @ Scale: osquery for Mass Incident Response and Detection
sroberts
1
12k
Hipster DFIR on OSX
sroberts
2
920
Crisis Communication for Incident Response
sroberts
2
7.5k

Other Decks in Technology

See All in Technology
継続的なコツコツ技術広報とブランディング磨き込みの過程と課題/engineering-brand
nishiuma
0
120
Azure OpenAI Serviceの採用と挑戦 - Azure AI Hub meetup #1
cimadai
1
320
JAWS-UG_YOKOHAMA_20231204
hiashisan
0
370
顧客に価値を届け続けられる プロダクトであるために ~B2B SaaSにおいてプロダクトビジョン・戦略を改めて 策定するまでの道のり~
satoshihirose
1
120
2023 Digital Accessibility Legal Update – Part One
3playmarketing
0
120
Bedrock & Amazon Q のアプデ、結局これって○○でいう××のこと?? 生成AIトレンドを俯瞰しながら解説!
minorun365
PRO
0
330
徹底解説!Power Platform 導入の成功事例から見る DX 推進のコツ / Tips for DX promotion from Power Platform case studies
karamem0
0
1.3k
AWSに関わる全ての エンジニアへの変革!
ysasago
2
150
「AWSによる独自データ活用の生成AIソリューション」というタイトルでCM re:Growth 2023に登壇しました #AWSreInvent #cmregrowth
takaakikakei
0
160
サービスの1等地ホーム画面改善と効果的なステークホルダーマネジメント / Improvement of Prime Location Home Screen for Services and Effective Stakeholder Management
rilmayer
0
220
ミチビク株式会社エンジニアカンパニーデック
knsg16
0
2.3k
AIをWebアプリに実装するための便利なPythonライブラリ
s2terminal
0
120

Featured

See All Featured
Thoughts on Productivity
jonyablonski
55
3.5k
Designing Experiences People Love
moore
133
23k
What's in a price? How to price your products and services
michaelherold
236
10k
Git: the NoSQL Database
bkeepers
PRO
420
62k
Optimizing for Happiness
mojombo
368
68k
Three Pipe Problems
jasonvnalue
89
9.3k
The Web Native Designer (August 2011)
paulrobertlloyd
78
2.7k
Facilitating Awesome Meetings
lara
37
5.2k
StorybookのUI Testing Handbookを読んだ
zakiyama
9
4.1k
The Pragmatic Product Professional
lauravandoore
23
5.4k
Infographics Made Easy
chrislema
236
17k
A Modern Web Designer's Workflow
chriscoyier
688
190k

Transcript

  1. Building Effective
    CTI Sharing

    View Slide

  2. Scott J Roberts

    View Slide

  3. Comments? Use
    #ctisharing
    and/or
    @sroberts

    View Slide

  4. Table Stakes

    View Slide

  5. Talk to Legal

    View Slide

  6. TLP
    https://www.us-cert.gov/tlp

    View Slide

  7. ● WWWWH&W
    ● Example: My Story
    ● What To Do Next?

    View Slide

  8. Why?

    View Slide

  9. Your Security
    Will Improve

    View Slide

  10. You Will Improve
    Others Security

    View Slide

  11. Share More
    Get More

    View Slide

  12. A rising tide
    raises all boats

    View Slide

  13. When?

    View Slide

  14. Ingestion vs.
    Production

    View Slide

  15. When You’re
    Ready to Act

    View Slide

  16. When You’re Ready
    to Reciprocate

    View Slide

  17. When You Can Be
    Confident

    View Slide

  18. Who?

    View Slide

  19. Formal Groups

    View Slide

  20. Open Source Groups

    View Slide

  21. Informal Groups

    View Slide

  22. BONUS: Orgs With
    Similar Technology...

    View Slide

  23. BONUS: Competitors

    View Slide

  24. What?

    View Slide

  25. Indicators of
    Compromise

    View Slide

  26. Tactics, Techniques,
    & Procedures

    View Slide

  27. Reports

    View Slide

  28. Techniques,
    Methods, &
    Capabilities

    View Slide

  29. (Legally Required) Pyramid of Pain
    https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html

    View Slide

  30. Sharing Hierarchy of Value*
    * The Author acknowledges this is a rip off

    View Slide

  31. How?

    View Slide

  32. Don’t Ask to Join

    View Slide

  33. Be Trusting

    View Slide

  34. Be Trustworthy

    View Slide

  35. Be Action Oriented

    View Slide

  36. BONUS: The Best
    Groups Have A Written
    Set of Expectations &
    Procedures

    View Slide

  37. Where?

    View Slide

  38. Mailing Lists

    View Slide

  39. Chat

    View Slide

  40. Semi Structured

    View Slide

  41. Threat Intelligence
    Platform

    View Slide

  42. Hybrid

    View Slide

  43. Example:
    My Story

    View Slide

  44. This is Kyle
    @kylemaxwell

    View Slide

  45. Kyle & I
    started a Slack

    View Slide

  46. We Invited Folks We Knew
    Shared Tools & Techniques
    We Invited More Folks

    View Slide

  47. Kyle Invited
    Mark
    @markpars0ns

    View Slide

  48. Mark Invited
    Me to Another
    Slack

    View Slide

  49. Met New Folks
    Shared Intelligence
    Collaborated On Investigations
    Demonstrated Value to My Boss

    View Slide

  50. So I Invited
    My Coworker
    John
    @swannysec

    View Slide

  51. What To
    Do Next?

    View Slide

  52. What To Do Next






    View Slide

  53. Go Make Friends &
    Share Intelligence

    View Slide

  54. Join Me @
    SANS Rocky
    Mountain 2017
    for FOR578

    View Slide