| Abstract: | These days, with washing machines on the network, incident response is different than it was 10 years ago. We used to block machines, users, or switch ports, then send an e-mail to whomever we hoped was the right person and wait. Now, with 802.1x, dynamic VLANs, and everyone wanting self-service everything, incident response has evolved. The presentation will review tools and automation that have improved incident response at IU in three specific ways: decreasing detect-to-block times, improving the ability to track down users and computers, and allowing end-user self-service remediation.
|
