Home

Awesome

SANS CTI Summit 2021

This repository includes the references used for the presentation titled "Still thinking about your Ex(cel)? Here are some TIPs" (alternative title is The past, present and future of Threat Intelligence Platforms). The presentation took place during SANS CTI Summit 2021 on 22 January 2021.

SANS CTI Summit 2021 Presentation

The brief history of TIPs

  1. SANS CTI Summit 2020 - Andreas Sfakianakis - Stop Tilting at Windmills: Three Key Lessons that CTI Teams Should Learn from the Past - https://www.youtube.com/watch?v=kGqnCR6XOhQ
  2. Gartner - Technology Overview for Threat Intelligence Platforms - https://www.gartner.com/doc/2941522/technology-overview-threat-intelligence-platforms
  3. Lockheed Martin - Practical Steps To Securing Process Control Networks - https://docplayer.net/9025143-Practical-steps-to-securing-process-control-networks.html
  4. SANS - CTI Survey 2020 - https://www.sans.org/reading-room/whitepapers/analyst/2020-cyber-threat-intelligence-cti-survey-39395
  5. SANS - CTI Survey 2019 - https://www.sans.org/reading-room/whitepapers/analyst/evolution-cyber-threat-intelligence-cti-2019-cti-survey-38790
  6. SEI Carnegie Mellon University - Cyber Intelligence Tradecraft Report - https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=546686
  7. ENISA Threat Landscape 2020 - Cyber Threat Intelligence Overview - https://www.enisa.europa.eu/publications/cyberthreat-intelligence-overview
  8. SANS CTI Summit 2016 - Rick Holland - Threat Intelligence Awakens - https://speakerdeck.com/rick_holland/threat-intelligence-awakens
  9. RSA 2015 - Rick Holland - Threat Intelligence Is Like Three Day Potty Training - https://www.slideshare.net/cisoplatform7/cxo-t08rthreatintelligenceislikethreedaypottytraining
  10. FireEye - Excelerating Analysis – Tips and Tricks to Analyze Data with Microsoft Excel - https://www.fireeye.com/blog/threat-research/2019/12/tips-and-tricks-to-analyze-data-with-microsoft-excel.html
  11. FireEye - Excelerating Analysis, Part 2 — X[LOOKUP] Gon’ Pivot To Ya - https://www.fireeye.com/blog/threat-research/2020/04/excelerating-analysis-lookup-pivot.html
  12. SANS CTI Summit 2016 - Scott J Roberts - Community Intelligence & Open Source Tools: Building an Actionable Pipeline - https://speakerdeck.com/sroberts/community-intelligence-and-open-source-tools

Current state of TIPs

  1. ENISA - Andreas Sfakianakis, Razvan Gavrila - Exploring the opportunities and limitations of current Threat Intelligence Platforms https://www.enisa.europa.eu/publications/exploring-the-opportunities-and-limitations-of-current-threat-intelligence-platforms
  2. Intel471 - Mark Arena - Cyber threat intelligence: maturity and metrics - https://www.slideshare.net/MarkArena/cyber-threat-intelligence-maturity-and-metrics
  3. threatintel.eu - Exceling at Threat Intelligence Platform (TIP) requirements - https://threatintel.eu/2021/01/22/exceling-at-threat-intelligence-platform-tip-requirements/
  4. Andy Piazza - https://medium.com/@andy.c.piazza/an-analysts-need-for-a-threat-intelligence-platform-43f9258ac22d
  5. threatintel.eu - Andreas Sfakianakis - A Study on Threat Intelligence Platforms (TIPs) - https://threatintel.eu/2018/04/04/a-study-on-threat-intelligence-platforms/
  6. WI 2017 - C. Sauerwein, C. Sillaber, A. Mussmann and R. Breu- Threat Intelligence Sharing Platforms: An Exploratory Study of Software Vendors and Research Perspectives - https://wi2017.ch/images/wi2017-0188.pdf
  7. WISCS 14 - O. Serrano, L. Dandurand and S. Brown - On the design of a cyber security data sharing system - https://dl.acm.org/doi/10.1145/2663876.2663882
  8. WISCS 15 - S. Brown, J. Gommers and O. Serrano, - From Cyber Security Information Sharing to Threat Management - https://dl.acm.org/doi/abs/10.1145/2808128.2808133
  9. WISCS 16 - C. Sillaber, C. Sauerwein, A. Mussmann and R. Breu, - Data Quality Challenges and Future Research Directions in Threat Intelligence Sharing Practice - https://dl.acm.org/doi/10.1145/2994539.2994546
  10. Adam Zibak and Andrew Simpson - Cyber Threat Information Sharing: Perceived Benefits and Barriers - https://www.researchgate.net/publication/335084010_Cyber_Threat_Information_Sharing_Perceived_Benefits_and_Barriers
  11. Alessandra de Melo e Silva, João José Costa Gondim, Robson de Oliveira Albuquerque and Luis Javier García Villalba - A Methodology to Evaluate Standards and Platforms within Cyber Threat Intelligence - https://www.mdpi.com/1999-5903/12/6/108/pdf
  12. Sara Bauer, Daniel Fischer, Clemens Sauerwein, Simon Latzel, Dirk Stelzer, Ruth Breu - Towards an Evaluation Framework for Threat Intelligence Sharing Platform - https://scholarspace.manoa.hawaii.edu/bitstream/10125/63978/1/0193.pdf
  13. threatintel.eu - Andreas Sfakianakis - TIPs: An Exploratory Study of Software Vendors and Research Perspectives - https://threatintel.eu/2017/02/27/tips-an-exploratory-study-of-software-vendors-and-research-perspectives/

Looking ahead

  1. BSidesNOVA - Jason Wonn - TIP of the Spear: A Threat Intelligence Platform Acquisition https://www.youtube.com/watch?v=ynm90wZLjNY&feature=emb_logo
  2. FIRST CTI 2019 - Pasquale Stirparo - Your requirements are not my requirements - https://www.first.org/resources/papers/london2019/1430-1500-Your-Requirements-are-Not-My-Requirements-Speaker-Pasquale-Stirparo.pdf
  3. Frost & Sullivan - Assessment of the Global Threat Intelligence Platforms Market, Forecast to 2022 - https://www.reportlinker.com/p05974250/Assessment-of-the-Global-Threat-Intelligence-Platforms-Market-Forecast-to.html?utm_source=GNW

Threat Intelligence Platforms

<table> <tr> <td> <a href="https://crits.github.io/" target="_blank">Collaborative Research Into Threats (CRITs)</a> </td> <td> <a>Open Source</a> </td> </tr> <tr> <td> <a href="https://csirtgadgets.com/collective-intelligence-framework" target="_blank">Collective Intelligence Framework (CIF)</a> </td> <td> <a>Open Source</a> </td> </tr> <tr> <td> <a href="https://www.misp-project.org/" target="_blank">Malware Information Sharing Platform (MISP)</a> </td> <td> <a>Open Source</a> </td> </tr> <tr> <td> <a href="https://yeti-platform.github.io/" target="_blank">Yeti</a> </td> <td> <a>Open Source</a> </td> </tr> <tr> <td> <a href="https://www.opencti.io/en/" target="_blank">OpenCTI</a> </td> <td> <a>Open Source</a> </td> </tr> <tr> <td> <a href="https://threatnote.io/" target="_blank">threatnote.io</a> </td> <td> <a>Open Source</a> </td> </tr> <tr> <td> <a href="https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/minemeld" target="_blank">MineMeld</a> </td> <td> <a>Open Source</a> </td> </tr> <tr> <td> <a href="https://threatconnect.com/" target="_blank">ThreatConnect</a> </td> <td> <a>Commercial</a> </td> </tr> <tr> <td> <a href="https://www.anomali.com/products/threatstream" target="_blank">Anomali's ThreatStream</a> </td> <td> <a>Commercial</a> </td> </tr> <tr> <td> <a href="https://www.eclecticiq.com/platform" target="_blank">EclecticIQ Platform</a> </td> <td> <a>Commercial</a> </td> </tr> <tr> <td> <a href="https://www.threatq.com/threat-intelligence-platform/" target="_blank">ThreatQuotient</a> </td> <td> <a>Commercial</a> </td> </tr> <tr> <td> <a href="https://www.trustar.co/product/platform" target="_blank">TruSTAR</a> </td> <td> <a>Commercial</a> </td> </tr> <tr> <td> <a href="https://cyware.com/" target="_blank">Cyware</a> </td> <td> <a>Commercial</a> </td> </tr> <tr> <td> <a href="https://www.celerium.com/" target="_blank">Celerium</a> </td> <td> <a>Commercial</a> </td> </tr> <tr> <td> <a href="https://analyst1.com/" target="_blank">Analyst1</a> </td> <td> <a>Commercial</a> </td> </tr> <tr> <td> <a href="https://www.lookingglasscyber.com/" target="_blank">LookingGlass</a> </td> <td> <a>Commercial</a> </td> </tr> <tr> <td> <a href="https://kingandunion.com/" target="_blank">King & Union</a> </td> <td> <a>Commercial</a> </td> </tr> <tr> <td> <a href="https://quolab.com/" target="_blank">QuoLab</a> </td> <td> <a>Commercial</a> </td> </tr> <tr> <td> <a href="https://reqfast.com/" target="_blank">Reqfast</a> </td> <td> <a>Commercial</a> </td> </tr> <tr> <td> <a href="https://otx.alienvault.com/" target="_blank">AlienVault Open Threat Exchange (OTX)</a> </td> <td> <a>Community Threat Exchange Platform</a> </td> </tr> <tr> <td> <a href="https://exchange.xforce.ibmcloud.com/" target="_blank">IBM X-Force Exchange</a> </td> <td> <a>Community Threat Exchange Platform</a> </td> </tr> <tr> <td> <a href="https://www.misp-project.org/communities/" target="_blank">MISP Communities</a> </td> <td> <a>Community Threat Exchange Platform</a> </td> </tr> </table>