Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building Effective Threat Intelligence Sharing

Avatar for Scott J. Roberts Scott J. Roberts
July 23, 2017
Technology
1
120

Building Effective Threat Intelligence Sharing

A SANS Webex I did... awhile ago?
Avatar for Scott J. Roberts

Scott J. Roberts

July 23, 2017
Tweet

More Decks by Scott J. Roberts

See All by Scott J. Roberts
LLM SATs FTW
Avatar for Scott J. Roberts sroberts
0
460
STRAT - A System-Centric Approach to Cyber Resilience
Avatar for Scott J. Roberts sroberts
0
23
Tortured Responders Dept - Scott & Rebekah's Edition
Avatar for Scott J. Roberts sroberts
0
120
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
Avatar for Scott J. Roberts sroberts
0
110
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
Avatar for Scott J. Roberts sroberts
0
73
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
Avatar for Scott J. Roberts sroberts
0
51
Homemade Ramen & Threat Intelligence
Avatar for Scott J. Roberts sroberts
2
550
Introduction to Open Source Security Tools
Avatar for Scott J. Roberts sroberts
3
4.9k
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
Avatar for Scott J. Roberts sroberts
0
120

Other Decks in Technology

See All in Technology
Model Mondays S2E04: AI Developer Experiences
Avatar for Nitya Narasimhan, PhD nitya
0
190
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
Avatar for soudai sone soudai
PRO
54
20k
United airlines®️ USA Contact Numbers: Complete 2025 Support Guide
Avatar for heron31238 unitedflyhelp
0
330
B2C&B2B&社内向けサービスを抱える開発組織におけるサービス価値を最大化するイニシアチブ管理
Avatar for Belong inc. belongadmin
2
7.3k
VS CodeとGitHub Copilotで爆速開発!アップデートの波に乗るおさらい会 / Rapid Development with VS Code and GitHub Copilot: Catch the Latest Wave
Avatar for Yusuke Yamada yamachu
2
160
面倒な作業はAIにおまかせ。Flutter開発をスマートに効率化
Avatar for Rui ruideengineer
0
270
DatabricksにOLTPデータベース『Lakebase』がやってきた!
Avatar for Takeru Ino inoutk
0
120
「クラウドコスト絶対削減」を支える技術—FinOpsを超えた徹底的なクラウドコスト削減の実践論
Avatar for 株式会社DELTA delta_tech
4
170
ABEMAの本番環境負荷試験への挑戦
Avatar for Miyazaki Taiga mk2taiga
3
150
How Do I Contact HP Printer Support? [Full 2025 Guide for U.S. Businesses]
Avatar for jackkkk harrry1211
0
120
MUITにおける開発プロセスモダナイズの取り組みと開発生産性可視化の取り組みについて / Modernize the Development Process and Visualize Development Productivity at MUIT
Avatar for 三菱UFJインフォメーションテクノロジー株式会社 muit
2
17k
ゼロからはじめる採用広報
Avatar for Yuta Horii yutadayo
3
970

Featured

See All Featured
Building a Scalable Design System with Sketch
Avatar for Laura Van Doore lauravandoore
462
33k
How to Ace a Technical Interview
Avatar for Jacob Kaplan-Moss jacobian
278
23k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
Avatar for Vitaly Friedman smashingmag
251
21k
Imperfection Machines: The Place of Print at Facebook
Avatar for Scott Boms scottboms
267
13k
Bash Introduction
Avatar for André Augusto Costa Santos 62gerente
613
210k
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
50
5.5k
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
357
30k
Scaling GitHub
Avatar for Zach Holman holman
460
140k
Music & Morning Musume
Avatar for Bryan Veloso bryan
46
6.6k
[RailsConf 2023 Opening Keynote] The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
29
9.6k
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
49
14k
A Modern Web Designer's Workflow
Avatar for Chris Coyier chriscoyier
695
190k

Transcript

  1. Building Effective CTI Sharing

  2. Scott J Roberts

  3. Comments? Use #ctisharing and/or @sroberts

  4. Table Stakes

  5. Talk to Legal

  6. TLP https://www.us-cert.gov/tlp

  7. • WWWWH&W • Example: My Story • What To Do

    Next?

  8. Why?

  9. Your Security Will Improve

  10. You Will Improve Others Security

  11. Share More Get More

  12. A rising tide raises all boats

  13. When?

  14. Ingestion vs. Production

  15. When You’re Ready to Act

  16. When You’re Ready to Reciprocate

  17. When You Can Be Confident

  18. Who?

  19. Formal Groups

  20. Open Source Groups

  21. Informal Groups

  22. BONUS: Orgs With Similar Technology...

  23. BONUS: Competitors

  24. What?

  25. Indicators of Compromise

  26. Tactics, Techniques, & Procedures

  27. Reports

  28. Techniques, Methods, & Capabilities

  29. (Legally Required) Pyramid of Pain https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html

  30. Sharing Hierarchy of Value* * The Author acknowledges this is

    a rip off

  31. How?

  32. Don’t Ask to Join

  33. Be Trusting

  34. Be Trustworthy

  35. Be Action Oriented

  36. BONUS: The Best Groups Have A Written Set of Expectations

    & Procedures

  37. Where?

  38. Mailing Lists

  39. Chat

  40. Semi Structured

  41. Threat Intelligence Platform

  42. Hybrid

  43. Example: My Story

  44. This is Kyle @kylemaxwell

  45. Kyle & I started a Slack

  46. We Invited Folks We Knew Shared Tools & Techniques We

    Invited More Folks

  47. Kyle Invited Mark @markpars0ns

  48. Mark Invited Me to Another Slack

  49. Met New Folks Shared Intelligence Collaborated On Investigations Demonstrated Value

    to My Boss

  50. So I Invited My Coworker John @swannysec

  51. What To Do Next?

  52. What To Do Next • • • • • •

  53. Go Make Friends & Share Intelligence

  54. Join Me @ SANS Rocky Mountain 2017 for FOR578