What are the Pros and Cons of just Blocking suspect traffic? What are the Pros and Cons of just monitoring the network traffic during an incident?

PROGRAM OBJECTIVES

Objective

Part 1:

A coordinated effort is required for incident responders to fully understand the elements of an incident. The number of details involved in analyzing a security incident can be quite Arye.
When responders are required to collect spoffic incident related details from various diverse sources, it can add complexity in determining if a single indicator of compromise has been seen in a previous incident.

Guidelines & Expectations

Part 1:
• Research and explain how an organization can readily track incidents in a large organization.

• Research a current a current event within the last year that demonstrates how an organization can readily track incidents within a large organization.

• Remember to always provide your analysis of the information and how it relates to the topic & Ate your analysis.

NOTE: All current event selections most be different from your peers’. Check below in the discussion arena.

Part 2:
• What are the Pros and Cons of just Blocking suspect traffic?

• What are the Pros and Cons of just monitoring the network traffic during an incident?

• How can you best use a HoneyPot/HoneyNet type of setup to assist your incident response process?