Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building Effective Threat Intelligence Sharing

Avatar for Scott J. Roberts Scott J. Roberts
July 23, 2017
Technology
1
130

Building Effective Threat Intelligence Sharing

A SANS Webex I did... awhile ago?

Avatar for Scott J. Roberts

Scott J. Roberts

July 23, 2017
Tweet

More Decks by Scott J. Roberts

See All by Scott J. Roberts
LLM SATs FTW
Avatar for Scott J. Roberts sroberts
0
1k
STRAT - A System-Centric Approach to Cyber Resilience
Avatar for Scott J. Roberts sroberts
0
59
Tortured Responders Dept - Scott & Rebekah's Edition
Avatar for Scott J. Roberts sroberts
0
140
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
Avatar for Scott J. Roberts sroberts
0
170
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
Avatar for Scott J. Roberts sroberts
0
100
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
Avatar for Scott J. Roberts sroberts
0
94
Homemade Ramen & Threat Intelligence
Avatar for Scott J. Roberts sroberts
2
580
Introduction to Open Source Security Tools
Avatar for Scott J. Roberts sroberts
3
5k
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
Avatar for Scott J. Roberts sroberts
0
140

Other Decks in Technology

See All in Technology
「OSアップデート:年に一度の「大仕事」を乗り切るQA戦略」_Mobile Tech Flex 〜4社合同!私たちのモバイル開発自慢大会〜
Avatar for 山口茉莉江 gu3
0
220
Claude Codeで実践するスペック駆動開発入門 / sdd-with-claude_code
Avatar for 吉田真吾 yoshidashingo
3
4.5k
30分でわかるアーキテクチャモダナイゼーション
Avatar for nwiizo nwiizo
7
3.5k
バニラVisaギフトカードを棄てるのは結構大変
Avatar for meow meow_noisy
0
130
技術キャッチアップ効率化を実現する記事推薦システムの構築
Avatar for Yudai Hayashi yudai00
2
140
論文検索を日本語でできるアプリを作ってみた
Avatar for sai-lens sailen2
0
110
Snowflake Night #2 LT
Avatar for タロウ taromatsui_cccmkhd
0
110
あすけん_Developers_Summit_2026_-_Vibe_Coding起点での新機能開発で__あすけん_が乗り越えた壁.pdf
Avatar for iwahiro iwahiro
0
740
プロダクト開発の品質を守るAIコードレビュー:事例に見る導入ポイント
Avatar for Atsushi Nakatsugawa moongift
PRO
1
410
Goで実現する堅牢なアーキテクチャ:DDD、gRPC-connect、そしてAI協調開発の実践
Avatar for fujidomoe fujidomoe
3
740
Microsoft Fabric のワークスペースと容量の設計原則
Avatar for Ryoma Nagata ryomaru0825
2
140
AI駆動開発とRAGプロダクトへの挑戦の軌跡 - 弁護士ドットコムでの学びから -
Avatar for 弁護士ドットコム bengo4com
2
820

Featured

See All Featured
Side Projects
Avatar for Sacha Greif sachag
455
43k
Faster Mobile Websites
Avatar for Dean Hume deanohume
310
31k
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
Avatar for Kenny Baas-Schwegler baasie
0
240
Unsuck your backbone
Avatar for Amy Palamountain ammeep
671
58k
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
Avatar for Ines Montani inesmontani
PRO
3
3.1k
Sam Torres - BigQuery for SEOs
Avatar for Tech SEO Connect techseoconnect
PRO
0
200
Efficient Content Optimization with Google Search Console & Apps Script
Avatar for Katarina Dahlin katarinadahlin
PRO
1
350
So, you think you're a good person
Avatar for Per Axbom axbom
PRO
2
1.9k
Sharpening the Axe: The Primacy of Toolmaking
Avatar for Bryan Cantrill bcantrill
46
2.7k
Deep Space Network (abreviated)
Avatar for Tony Rice tonyrice
0
76
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
Avatar for Mine Cetinkaya-Rundel minecr
1
180
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
Avatar for Marc Duiker marcduiker
35
2.4k

Transcript

  1. Building Effective CTI Sharing

  2. Scott J Roberts

  3. Comments? Use #ctisharing and/or @sroberts

  4. Table Stakes

  5. Talk to Legal

  6. TLP https://www.us-cert.gov/tlp

  7. • WWWWH&W • Example: My Story • What To Do

    Next?

  8. Why?

  9. Your Security Will Improve

  10. You Will Improve Others Security

  11. Share More Get More

  12. A rising tide raises all boats

  13. When?

  14. Ingestion vs. Production

  15. When You’re Ready to Act

  16. When You’re Ready to Reciprocate

  17. When You Can Be Confident

  18. Who?

  19. Formal Groups

  20. Open Source Groups

  21. Informal Groups

  22. BONUS: Orgs With Similar Technology...

  23. BONUS: Competitors

  24. What?

  25. Indicators of Compromise

  26. Tactics, Techniques, & Procedures

  27. Reports

  28. Techniques, Methods, & Capabilities

  29. (Legally Required) Pyramid of Pain https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html

  30. Sharing Hierarchy of Value* * The Author acknowledges this is

    a rip off

  31. How?

  32. Don’t Ask to Join

  33. Be Trusting

  34. Be Trustworthy

  35. Be Action Oriented

  36. BONUS: The Best Groups Have A Written Set of Expectations

    & Procedures

  37. Where?

  38. Mailing Lists

  39. Chat

  40. Semi Structured

  41. Threat Intelligence Platform

  42. Hybrid

  43. Example: My Story

  44. This is Kyle @kylemaxwell

  45. Kyle & I started a Slack

  46. We Invited Folks We Knew Shared Tools & Techniques We

    Invited More Folks

  47. Kyle Invited Mark @markpars0ns

  48. Mark Invited Me to Another Slack

  49. Met New Folks Shared Intelligence Collaborated On Investigations Demonstrated Value

    to My Boss

  50. So I Invited My Coworker John @swannysec

  51. What To Do Next?

  52. What To Do Next • • • • • •

  53. Go Make Friends & Share Intelligence

  54. Join Me @ SANS Rocky Mountain 2017 for FOR578