On Mon, Jun 22, 2015 at 11:45 AM, Andrew Goble <goble@dixie.edu> wrote:

>From your point of view, what are the pervasively good, and pervasively bad things we've found across the institutions? (wifi evil twin, etc)

What could we be spending money or effort on as a system to help fix some of these issues (system-license of Duo, Cloudpath, etc

Things I think everyone is struggling to do or affording where USHE bulk purchasing may help.

IPS, IDS
Logging

Alerting, where logs do exist

Detecting out of norm behaviours. Softwares like Rapid7 UserInsight.

The Responder, broadcast stuff Jon has alerted us to and that we've massively exploited already and I can see is going to be trouble for everyone. This is a config and mentality change, not necessarily something to spend money on as a body.

Will also bring up the idea of increasing the time we have available to poke at stuff before we come on-site

I still like this idea, if we can devote any time to it, as APT is such an issue these days. It helps us give a sense of how an APT might play out, albeit on a shorter time period.