UNC CAUSE 2016 has ended
Friday, October 7 • 9:00am - 9:20am
Making IR Grreat Again

Sign up or log in to save this to your schedule and see who's attending!

For decades higher education has been reactive about dealing with security incidents and intrusions. In private industry an inordinately high number of companies learn about being compromised via third-party notification. Why don't we know our systems and how to look for anomalies? For that matter, how many things get modified trying to do initial triage as a root or administrator user?

The InfoSec team at Appalachian has started investigating the use of Google's "grr" (Google Rapid Response), an incident-response and forensics agent. As of late July we have it installed on some of the highest-load servers on campus and are investigating its utility across the entire campus server range.

**Note well: This is a piece of software we are investigating, not running at scale, so this presentation is an introduction to grr, why we are looking at it and the problems we feel we need to solve.


Kevin Wilcox

Appalachain State University
I am an Information Security Specialist at Appalachian State University with a background in Unix and Linux administration, intrusion detection and network security monitoring. You can find my blog at http://opensecgeek.blogspot.com

Friday October 7, 2016 9:00am - 9:20am
North Main Hall F