Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Building Effective Threat Intelligence Sharing
Search
Scott J. Roberts
July 23, 2017
Technology
1
120
Building Effective Threat Intelligence Sharing
A SANS Webex I did... awhile ago?
Scott J. Roberts
July 23, 2017
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
LLM SATs FTW
sroberts
0
360
STRAT - A System-Centric Approach to Cyber Resilience
sroberts
0
15
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
110
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
97
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
66
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
39
Homemade Ramen & Threat Intelligence
sroberts
2
530
Introduction to Open Source Security Tools
sroberts
3
4.9k
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
120
Other Decks in Technology
See All in Technology
CloudBruteによる外部からのS3バケットの探索・公開の発見について / 20250605 Kumiko Hennmi
shift_evolve
3
240
大事なのは、AIの精度だけじゃない!〜1円のズレも許されない経理領域とAI〜
jun_nemoto
11
5.2k
うちの会社の評判は?SNSの投稿分析にAIを使ってみた
doumae
0
410
Introduction to Sansan for Engineers / エンジニア向け会社紹介
sansan33
PRO
5
38k
TechBull Membersの開発進捗どうですか!?
rvirus0817
0
250
DevOpsDays Taipei 2025 -- Creating Awesome Change in SmartNews!
martin_lover
0
170
LT:組込み屋さんのオシロが壊れた!
windy_pon
0
530
NW運用の工夫と発明
recuraki
1
800
libsyncrpcってなに?
uhyo
0
160
Babylon.jsでゲームを作ってみよう
limes2018
0
100
実践Kafka Streams 〜イベント駆動型アーキテクチャを添えて〜
joker1007
1
650
GoogleのAI Agent
shukob
0
150
Featured
See All Featured
Music & Morning Musume
bryan
47
6.6k
Scaling GitHub
holman
459
140k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
10
850
Site-Speed That Sticks
csswizardry
7
590
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
123
52k
Designing for Performance
lara
608
69k
Writing Fast Ruby
sferik
628
61k
How to Think Like a Performance Engineer
csswizardry
23
1.6k
Building an army of robots
kneath
306
45k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
50k
A designer walks into a library…
pauljervisheath
205
24k
Docker and Python
trallard
44
3.4k
Transcript
Building Effective CTI Sharing
Scott J Roberts
Comments? Use #ctisharing and/or @sroberts
Table Stakes
Talk to Legal
TLP https://www.us-cert.gov/tlp
• WWWWH&W • Example: My Story • What To Do
Next?
Why?
Your Security Will Improve
You Will Improve Others Security
Share More Get More
A rising tide raises all boats
When?
Ingestion vs. Production
When You’re Ready to Act
When You’re Ready to Reciprocate
When You Can Be Confident
Who?
Formal Groups
Open Source Groups
Informal Groups
BONUS: Orgs With Similar Technology...
BONUS: Competitors
What?
Indicators of Compromise
Tactics, Techniques, & Procedures
Reports
Techniques, Methods, & Capabilities
(Legally Required) Pyramid of Pain https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
Sharing Hierarchy of Value* * The Author acknowledges this is
a rip off
How?
Don’t Ask to Join
Be Trusting
Be Trustworthy
Be Action Oriented
BONUS: The Best Groups Have A Written Set of Expectations
& Procedures
Where?
Mailing Lists
Chat
Semi Structured
Threat Intelligence Platform
Hybrid
Example: My Story
This is Kyle @kylemaxwell
Kyle & I started a Slack
We Invited Folks We Knew Shared Tools & Techniques We
Invited More Folks
Kyle Invited Mark @markpars0ns
Mark Invited Me to Another Slack
Met New Folks Shared Intelligence Collaborated On Investigations Demonstrated Value
to My Boss
So I Invited My Coworker John @swannysec
What To Do Next?
What To Do Next • • • • • •
Go Make Friends & Share Intelligence
Join Me @ SANS Rocky Mountain 2017 for FOR578
sroberts
shift_evolve
jun_nemoto
doumae
sansan33
rvirus0817
martin_lover
windy_pon
recuraki
uhyo
limes2018
joker1007
shukob
bryan
holman
tammyeverts
csswizardry
aki_iinuma
lara
sferik
kneath
chrisshort
pauljervisheath
trallard
