Andreas Sfakianakis, profile picture
Uploaded byAndreas Sfakianakis
PDF, PPTX5,890 views

Spin Your CTI Process Round - FIRST CTI Conference 2023

The document details the first CTI Symposium held on November 8, 2023, with a presentation by Andreas Sfakianakis that focuses on the challenges and strategies for Cyber Threat Intelligence (CTI) in financial, energy, and technology sectors. Key themes include the importance of workflow, case management, and various metrics for effective CTI processes. Recommendations for operationalizing CTI and managing intelligence requirements are also discussed.

Embed presentation

Download as PDF, PPTX
FIRST CTI Symposium 2023 8 November 2023 Andreas Sfakianakis CTI Professional
#ctijourney
Problem Statement
ยง CTI in Financial, Energy, and Technology sectors ยง SANS, ENISA, FIRST.org, European Commission ยง Twitter: @asfakian Mastodon: @asfakian@infosec.exchange ยง Websites: www.threatintel.eu
Setting the scene Workflow & Case Management Basic Ingredients References used within this presentation: https://bit.ly/firstcti23
Image from gatewaytotheclassics.com
Brian Warehime
Image from bestofspain.es
Workflow, Coordination, and Collaboration Knowledge Management Metrics
ยง Tagging ยง Custom fields ยง Easy searching and filtering ยง Source rating ยง Access control
ยง Threats per criticality/impact level ยง Time spent per PIR ยง CTI assessments per threat type/threat actor ยง CTI assessments (or time spent) supporting IR ยง Quantitative feedback received per PIR ยง Time spent on RFIs per stakeholder ยง #hunts / #incidents from CTI assessments
ยง Sources mostly used per PIR ยง CTI deliverables per PIR ยง CTI deliverables per stakeholder ยง Average time spent per CTI deliverable ยง CTI analystsโ€™ workload ยง Average time spent in each phase of the workflow ยง Time spent on CTI projects
Image from heritage-history.com
Remember ยง Data into buckets ยง Consistency is key ยง Spend time to save time
*SANS CTI Summit 2021
Some TIPs Recommendation is to live off the land (at least at the start of your CTI journey)
ยง Who you are / Contact Info ยง Teamโ€™s Scope ยง Intelligence Requirements ยง CTI Report Library / CTI Blog ยง Request For Information (RFI)
Image from elladocomicodedonquijote.wordpress.com
ยงOperationalizing the CTI process is a common challenge ยงThe importance of workflow and case management ยงThe basic ingredients
https://bit.ly/firstcti23
Planning Collection Processing Analysis Dissemination Feedback Your CTI Process
Andreas Sfakianakis @asfakian threatintel.eu

More Related Content

PPTX
Threat Hunting with Splunk Hands-on
bySplunk
ย 
PDF
CTI Training on Intelligence Requirements - ENISA CTI Summer School 2019
byAndreas Sfakianakis
ย 
PPTX
Detection Rules Coverage
bySunny Neo
ย 
PDF
Hunting for Privilege Escalation in Windows Environment
byTeymur Kheirkhabarov
ย 
PDF
How to Hunt for Lateral Movement on Your Network
bySqrrl
ย 
PDF
Super Easy Memory Forensics
byIIJ
ย 
PDF
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
byMITRE ATT&CK
ย 
PDF
Detection and Response Roles
byFlorian Roth
ย 
Threat Hunting with Splunk Hands-on
bySplunk
ย 
CTI Training on Intelligence Requirements - ENISA CTI Summer School 2019
byAndreas Sfakianakis
ย 
Detection Rules Coverage
bySunny Neo
ย 
Hunting for Privilege Escalation in Windows Environment
byTeymur Kheirkhabarov
ย 
How to Hunt for Lateral Movement on Your Network
bySqrrl
ย 
Super Easy Memory Forensics
byIIJ
ย 
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
byMITRE ATT&CK
ย 
Detection and Response Roles
byFlorian Roth
ย 

What's hot

PPTX
Bsides 2019 - Intelligent Threat Hunting
byDhruv Majumdar
ย 
PPTX
CyberChefใฎไฝฟใ„ๆ–น๏ผˆHamaCTF2019 WriteUp็ทจ๏ผ‰
byShota Shinogi
ย 
PDF
Use After Free ่„†ๅผฑๆ€งๆ”ปๆ’ƒใ‚’่ฉฆใ™
bymonochrojazz
ย 
PDF
Derbycon - The Unintended Risks of Trusting Active Directory
byWill Schroeder
ย 
PDF
Amazon GameLift FlexMatch
byAmazon Web Services Japan
ย 
PDF
PHDays 2018 Threat Hunting Hands-On Lab
byTeymur Kheirkhabarov
ย 
PDF
Hunting Lateral Movement in Windows Infrastructure
bySergey Soldatov
ย 
PDF
Splunk Threat Hunting Workshop
bySplunk
ย 
PPTX
Threat hunting - Every day is hunting season
byBen Boyd
ย 
PDF
Threat Hunting with Splunk
bySplunk
ย 
PPTX
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
byJared Greenhill
ย 
PDF
ATT&CKing the Red/Blue Divide
byMITRE ATT&CK
ย 
PDF
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
byMITRE - ATT&CKcon
ย 
PPTX
ใƒใƒฃใƒƒใƒˆใ‚ณใƒŸใƒฅใƒ‹ใ‚ฑใƒผใ‚ทใƒงใƒณใฎๅ•้กŒใจๅฟƒ็†็š„ๅฎ‰ๅ…จๆ€งใฎ่ชฒ้กŒ #EOF2019
byTokoroten Nakayama
ย 
PPTX
7 Steps to Build a SOC with Limited Resources
byLogRhythm
ย 
PDF
[NDC18] ์•ผ์ƒ์˜ ๋•… ๋“€๋ž‘๊ณ ์˜ ๋ฐ์ดํ„ฐ ์—”์ง€๋‹ˆ์–ด๋ง ์ด์•ผ๊ธฐ: ๋กœ๊ทธ ์‹œ์Šคํ…œ ๊ตฌ์ถ• ๊ฒฝํ—˜ ๊ณต์œ 
byHyojun Jeon
ย 
PDF
State of the ATT&CK
byMITRE ATT&CK
ย 
PPTX
Cyber Threat Hunting: Identify and Hunt Down Intruders
byInfosec
ย 
PPTX
Introduction to path traversal attack
byPrashant Hegde
ย 
PDF
Cyber Threat Intelligence
byseadeloitte
ย 
Bsides 2019 - Intelligent Threat Hunting
byDhruv Majumdar
ย 
CyberChefใฎไฝฟใ„ๆ–น๏ผˆHamaCTF2019 WriteUp็ทจ๏ผ‰
byShota Shinogi
ย 
Use After Free ่„†ๅผฑๆ€งๆ”ปๆ’ƒใ‚’่ฉฆใ™
bymonochrojazz
ย 
Derbycon - The Unintended Risks of Trusting Active Directory
byWill Schroeder
ย 
Amazon GameLift FlexMatch
byAmazon Web Services Japan
ย 
PHDays 2018 Threat Hunting Hands-On Lab
byTeymur Kheirkhabarov
ย 
Hunting Lateral Movement in Windows Infrastructure
bySergey Soldatov
ย 
Splunk Threat Hunting Workshop
bySplunk
ย 
Threat hunting - Every day is hunting season
byBen Boyd
ย 
Threat Hunting with Splunk
bySplunk
ย 
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
byJared Greenhill
ย 
ATT&CKing the Red/Blue Divide
byMITRE ATT&CK
ย 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
byMITRE - ATT&CKcon
ย 
ใƒใƒฃใƒƒใƒˆใ‚ณใƒŸใƒฅใƒ‹ใ‚ฑใƒผใ‚ทใƒงใƒณใฎๅ•้กŒใจๅฟƒ็†็š„ๅฎ‰ๅ…จๆ€งใฎ่ชฒ้กŒ #EOF2019
byTokoroten Nakayama
ย 
7 Steps to Build a SOC with Limited Resources
byLogRhythm
ย 
[NDC18] ์•ผ์ƒ์˜ ๋•… ๋“€๋ž‘๊ณ ์˜ ๋ฐ์ดํ„ฐ ์—”์ง€๋‹ˆ์–ด๋ง ์ด์•ผ๊ธฐ: ๋กœ๊ทธ ์‹œ์Šคํ…œ ๊ตฌ์ถ• ๊ฒฝํ—˜ ๊ณต์œ 
byHyojun Jeon
ย 
State of the ATT&CK
byMITRE ATT&CK
ย 
Cyber Threat Hunting: Identify and Hunt Down Intruders
byInfosec
ย 
Introduction to path traversal attack
byPrashant Hegde
ย 
Cyber Threat Intelligence
byseadeloitte
ย 

Similar to Spin Your CTI Process Round - FIRST CTI Conference 2023

PDF
Setting Your CTI Process In Motion - ENISA CTI-EU 2022
byAndreas Sfakianakis
ย 
PDF
Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...
byAndreas Sfakianakis
ย 
PDF
Decoding a Decade: 10 Years of Applied CTI Discipline
byAndreas Sfakianakis
ย 
PPT
6 itil v3 service operation v1.8
byKarthik Arumugham
ย 
PPTX
Incident Response Management - Metrics, Data, Visualize & Apply
byAline Tran
ย 
PPTX
Incident Response Management - Metrics, Data, Visualize & Apply
byAline Tran
ย 
PDF
IOCs Are Deadโ€”Long Live IOCs!
byPriyanka Aash
ย 
PPTX
CTI_introduction_recording final.pptx
byipalmer489
ย 
PDF
Sans cyber-threat-intelligence-survey-2015
byRoy Ramkrishna
ย 
PPTX
Cyber Threat Intelligence, CTI Lifecycle and CTI Framework
bykundansaraf1
ย 
PPTX
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
byAnton Chuvakin
ย 
PDF
Ctia course outline
byShivamSharma909
ย 
PPTX
Lean Continual Service Improvement โ€“ Driving Change Enablement
byLean IT Association
ย 
PPT
Feb2007 Kelly Services Hdi Chapter Meeting 020807 Public Domain
byIT Service and Support
ย 
PPTX
Basic Service now KT for students and working professionals.pptx
bysrinubvb1
ย 
PPTX
ITIL(v3): A Beginers Guide
byMd. Rezaul Islam
ย 
PDF
Threat Intelligence in the daily life of a SOC Analyst
bypriyanshamadhwal2
ย 
PDF
SOC Analyst a Practical Walkthrough.pdf
byinfosec train
ย 
PDF
Overview to itil
byWalid Wdmuka
ย 
PPTX
Putting the Human Back in the Loop for Analysis
byAndy Piazza
ย 
Setting Your CTI Process In Motion - ENISA CTI-EU 2022
byAndreas Sfakianakis
ย 
Stop Tilting at Windmills: 3 Key Lessons that CTI Teams Should Learn from the...
byAndreas Sfakianakis
ย 
Decoding a Decade: 10 Years of Applied CTI Discipline
byAndreas Sfakianakis
ย 
6 itil v3 service operation v1.8
byKarthik Arumugham
ย 
Incident Response Management - Metrics, Data, Visualize & Apply
byAline Tran
ย 
Incident Response Management - Metrics, Data, Visualize & Apply
byAline Tran
ย 
IOCs Are Deadโ€”Long Live IOCs!
byPriyanka Aash
ย 
CTI_introduction_recording final.pptx
byipalmer489
ย 
Sans cyber-threat-intelligence-survey-2015
byRoy Ramkrishna
ย 
Cyber Threat Intelligence, CTI Lifecycle and CTI Framework
bykundansaraf1
ย 
Zero Day Response: Strategies for the Security Innovation in Corporate Defens...
byAnton Chuvakin
ย 
Ctia course outline
byShivamSharma909
ย 
Lean Continual Service Improvement โ€“ Driving Change Enablement
byLean IT Association
ย 
Feb2007 Kelly Services Hdi Chapter Meeting 020807 Public Domain
byIT Service and Support
ย 
Basic Service now KT for students and working professionals.pptx
bysrinubvb1
ย 
ITIL(v3): A Beginers Guide
byMd. Rezaul Islam
ย 
Threat Intelligence in the daily life of a SOC Analyst
bypriyanshamadhwal2
ย 
SOC Analyst a Practical Walkthrough.pdf
byinfosec train
ย 
Overview to itil
byWalid Wdmuka
ย 
Putting the Human Back in the Loop for Analysis
byAndy Piazza
ย 

Recently uploaded

PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
ย 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
ย 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
ย 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
ย 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
ย 
PPTX
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
ย 
PPTX
apidays Paris 2025 | Building Agentic Workflows
byapidays
ย 
PPTX
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
ย 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa KuฤŸu
ย 
PPTX
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
ย 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
ย 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
ย 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
ย 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
ย 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
ย 
PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
ย 
PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
ย 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
ย 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
ย 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
ย 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
ย 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
ย 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
ย 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
ย 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
ย 
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
ย 
apidays Paris 2025 | Building Agentic Workflows
byapidays
ย 
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
ย 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa KuฤŸu
ย 
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
ย 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
ย 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
ย 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
ย 
Workflow and decision Automation with Flowable
bychakib ch
ย 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
ย 
Celonis Optimizing your future with process
bydevjeremyappleyard
ย 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
ย 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
ย 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
ย 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
ย 

Spin Your CTI Process Round - FIRST CTI Conference 2023