Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Building Effective Threat Intelligence Sharing
Search
Scott J. Roberts
July 23, 2017
Technology
1
120
Building Effective Threat Intelligence Sharing
A SANS Webex I did... awhile ago?
Scott J. Roberts
July 23, 2017
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
LLM SATs FTW
sroberts
0
710
STRAT - A System-Centric Approach to Cyber Resilience
sroberts
0
36
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
120
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
130
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
81
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
73
Homemade Ramen & Threat Intelligence
sroberts
2
560
Introduction to Open Source Security Tools
sroberts
3
5k
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
120
Other Decks in Technology
See All in Technology
アウトプットから始めるOSSコントリビューション 〜eslint-plugin-vueの場合〜 #vuefes
bengo4com
3
630
ローカルLLMとLINE Botの組み合わせ その2(EVO-X2でgpt-oss-120bを利用) / LINE DC Generative AI Meetup #7
you
PRO
0
150
AI AgentをLangflowでサクッと作って、1日働かせてみた!
yano13
1
140
「最速」で Gemini CLI を使いこなそう! 〜Cloud Shell/Cloud Run の活用〜 / The Fastest Way to Master the Gemini CLI — with Cloud Shell and Cloud Run
aoto
PRO
1
160
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
12
81k
ソースを読む時の思考プロセスの例-MkDocs
sat
PRO
1
120
RDS の負荷が高い場合に AWS で取りうる具体策 N 連発/a-series-of-specific-countermeasures-available-on-aws-when-rds-is-under-high-load
emiki
7
4.6k
Dify on AWS 環境構築手順
yosse95ai
0
110
Sansan Engineering Unit 紹介資料
sansan33
PRO
1
3k
What's new in OpenShift 4.20
redhatlivestreaming
0
100
クラウドとリアルの融合により、製造業はどう変わるのか?〜クラスメソッドの製造業への取組と共に〜
hamadakoji
0
370
From Natural Language to K8s Operations: The MCP Architecture and Practice of kubectl-ai
appleboy
0
140
Featured
See All Featured
Code Reviewing Like a Champion
maltzj
526
40k
Navigating Team Friction
lara
190
15k
Designing for Performance
lara
610
69k
Thoughts on Productivity
jonyablonski
70
4.9k
Gamification - CAS2011
davidbonilla
81
5.5k
A Modern Web Designer's Workflow
chriscoyier
697
190k
Building Applications with DynamoDB
mza
96
6.7k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Intergalactic Javascript Robots from Outer Space
tanoku
272
27k
The Invisible Side of Design
smashingmag
302
51k
Docker and Python
trallard
46
3.6k
GraphQLの誤解/rethinking-graphql
sonatard
73
11k
Transcript
Building Effective CTI Sharing
Scott J Roberts
Comments? Use #ctisharing and/or @sroberts
Table Stakes
Talk to Legal
TLP https://www.us-cert.gov/tlp
• WWWWH&W • Example: My Story • What To Do
Next?
Why?
Your Security Will Improve
You Will Improve Others Security
Share More Get More
A rising tide raises all boats
When?
Ingestion vs. Production
When You’re Ready to Act
When You’re Ready to Reciprocate
When You Can Be Confident
Who?
Formal Groups
Open Source Groups
Informal Groups
BONUS: Orgs With Similar Technology...
BONUS: Competitors
What?
Indicators of Compromise
Tactics, Techniques, & Procedures
Reports
Techniques, Methods, & Capabilities
(Legally Required) Pyramid of Pain https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
Sharing Hierarchy of Value* * The Author acknowledges this is
a rip off
How?
Don’t Ask to Join
Be Trusting
Be Trustworthy
Be Action Oriented
BONUS: The Best Groups Have A Written Set of Expectations
& Procedures
Where?
Mailing Lists
Chat
Semi Structured
Threat Intelligence Platform
Hybrid
Example: My Story
This is Kyle @kylemaxwell
Kyle & I started a Slack
We Invited Folks We Knew Shared Tools & Techniques We
Invited More Folks
Kyle Invited Mark @markpars0ns
Mark Invited Me to Another Slack
Met New Folks Shared Intelligence Collaborated On Investigations Demonstrated Value
to My Boss
So I Invited My Coworker John @swannysec
What To Do Next?
What To Do Next • • • • • •
Go Make Friends & Share Intelligence
Join Me @ SANS Rocky Mountain 2017 for FOR578