Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Building Effective Threat Intelligence Sharing
Search
Scott J. Roberts
July 23, 2017
Technology
1
120
Building Effective Threat Intelligence Sharing
A SANS Webex I did... awhile ago?
Scott J. Roberts
July 23, 2017
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
95
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
69
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
35
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
23
Homemade Ramen & Threat Intelligence
sroberts
2
500
Introduction to Open Source Security Tools
sroberts
3
4.8k
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
110
Crisis Communication for Incident Response
sroberts
1
330
Hipster DFIR on OSX - BSidesCincy
sroberts
3
3.2k
Other Decks in Technology
See All in Technology
podman_update_2024-12
orimanabu
1
280
どちらを使う?GitHub or Azure DevOps Ver. 24H2
kkamegawa
0
940
alecthomas/kong はいいぞ / kamakura.go#7
fujiwara3
1
300
社内イベント管理システムを1週間でAKSからACAに移行した話し
shingo_kawahara
0
190
権威ドキュメントで振り返る2024 #年忘れセキュリティ2024
hirotomotaguchi
2
760
コンテナセキュリティのためのLandlock入門
nullpo_head
2
320
事業貢献を考えるための技術改善の目標設計と改善実績 / Targeted design of technical improvements to consider business contribution and improvement performance
oomatomo
0
100
Storage Browser for Amazon S3
miu_crescent
1
260
マイクロサービスにおける容易なトランザクション管理に向けて
scalar
0
140
非機能品質を作り込むための実践アーキテクチャ
knih
5
1.5k
日本版とグローバル版のモバイルアプリ統合の開発の裏側と今後の展望
miichan
1
140
DUSt3R, MASt3R, MASt3R-SfM にみる3D基盤モデル
spatial_ai_network
2
190
Featured
See All Featured
[RailsConf 2023] Rails as a piece of cake
palkan
53
5k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.9k
Making the Leap to Tech Lead
cromwellryan
133
9k
Rails Girls Zürich Keynote
gr2m
94
13k
Intergalactic Javascript Robots from Outer Space
tanoku
270
27k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
5
450
Code Reviewing Like a Champion
maltzj
520
39k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
2k
RailsConf 2023
tenderlove
29
940
Reflections from 52 weeks, 52 projects
jeffersonlam
347
20k
Git: the NoSQL Database
bkeepers
PRO
427
64k
GraphQLとの向き合い方2022年版
quramy
44
13k
Transcript
Building Effective CTI Sharing
Scott J Roberts
Comments? Use #ctisharing and/or @sroberts
Table Stakes
Talk to Legal
TLP https://www.us-cert.gov/tlp
• WWWWH&W • Example: My Story • What To Do
Next?
Why?
Your Security Will Improve
You Will Improve Others Security
Share More Get More
A rising tide raises all boats
When?
Ingestion vs. Production
When You’re Ready to Act
When You’re Ready to Reciprocate
When You Can Be Confident
Who?
Formal Groups
Open Source Groups
Informal Groups
BONUS: Orgs With Similar Technology...
BONUS: Competitors
What?
Indicators of Compromise
Tactics, Techniques, & Procedures
Reports
Techniques, Methods, & Capabilities
(Legally Required) Pyramid of Pain https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
Sharing Hierarchy of Value* * The Author acknowledges this is
a rip off
How?
Don’t Ask to Join
Be Trusting
Be Trustworthy
Be Action Oriented
BONUS: The Best Groups Have A Written Set of Expectations
& Procedures
Where?
Mailing Lists
Chat
Semi Structured
Threat Intelligence Platform
Hybrid
Example: My Story
This is Kyle @kylemaxwell
Kyle & I started a Slack
We Invited Folks We Knew Shared Tools & Techniques We
Invited More Folks
Kyle Invited Mark @markpars0ns
Mark Invited Me to Another Slack
Met New Folks Shared Intelligence Collaborated On Investigations Demonstrated Value
to My Boss
So I Invited My Coworker John @swannysec
What To Do Next?
What To Do Next • • • • • •
Go Make Friends & Share Intelligence
Join Me @ SANS Rocky Mountain 2017 for FOR578