Start / Defense in Depth / When red teams break down

When Red Teams Break Down

25 min • 3 september 2020

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-when-red-teams-break-down/)

What happens when red team engagements go sideways? The idea of real world testing of your defenses sounds great, but how do you close the loop and what happens if it's not closed?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our sponsored guest, Dan DeCloss, founder and CEO, PlexTrac.

Thanks to this week’s podcast sponsor, PlexTrac.

PlexTrac is a revolutionary, yet simple, cybersecurity platform that centralizes all security assessments, penetration test reports, audit findings, and vulnerabilities into a single location. PlexTrac vastly improves the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize important analytics, and collaborate on remediation in real-time.

On this episode of Defense in Depth, you’ll learn:

Don't make the mistake of red teaming too early. If you don't have your fundamental security program in place, you'll be testing out non-existing defenses.
If you're just starting to build up your security program, conduct a vulnerability scan and do some basic patch management.
A red team exercise exists to discover risks you didn't even know about and couldn't have predicted in your threat model exercises.
Have a plan of what you're going to do after the red team exercise. Just discovering you've got problems with no plan to remediate them will not only be a waste of money, but will also breed discontent.
Don't red team just to fill out an audit report. You can do a vulnerability scan for that.
Consider moving the red team to purple to actually help the blue team remediate the findings.
If you don't have a plan for remediation you'll find yourself running the same red team and filling out the same report.
Prioritize! The red (now purple) team can greatly help along with those who've assessed business risks.
First to remediate are the ones that are high impact and easy to execute. The rest is determined by an analysis of likelihood and impact.

Senaste avsnitt

When Red Teams Break Down

Senaste avsnitt

How Can AI Provide Useful Guidance from Fragmented Security Data?

Why Salespeople's Knowledge of Cybersecurity Is Critical for the Ecosystem

What Are the Cybersecurity Trends We Need To Follow?

Is It Even Possible to Fast-Track Your Way Into Cybersecurity?

What's the Most Efficient Way to Rate Third Party Vendors?

Don't Ask "Can" We Secure It, But "How" Can We Secure It

Has the Shared Security Model for SaaS Shifted?

Improving the Efficiency of Your Threat Intelligence

Why Cybersecurity Professionals Lie on Their Resumes

What Should Be in a CISO Job Description?

The CISO's Job Is Impossible

Can You Have a Secure Software Environment Without Traditional Vulnerability Management?

How Much Should Salespeople Know About Their Product?

Why Are We Still Struggling to Fix Application Security?

What Can Someone with No Experience Do in Cybersecurity?

Are New Gartner-Created Categories/Acronyms Helping or Hurting the Cybersecurity Industry?

Can AI improve Third-Party Risk Management (TPRM)

Cybersecurity Is NOT an Entry-Level Position

Hey Vendors, What Problem Is Your Product Solving?

We've Been Fooled. There Is No Talent Shortage.

Is There an Increasing Consolidation of Vendors in the SOC?

Are CISOs Struggling to Get Respect?

Is Platformization Vs Best-of-Breed a False Dichotomy?

Protecting Your Backups from Ransomware

Can a Security Program Ever Reach Maintenance Mode?

The Hardest Problems in Security Aren't "Security Problems"

If and When Should a CISO Have a Long Term Security Plan?

Do We Want CISOs Dictating How Salespeople Should Engage?

Is AI Benefiting Attackers or Defenders?

CISOs DO Own the Risk

How Can We Fix Alert Fatigue?

Vulnerability Management ≠ Vulnerability Discovery

Are Security Awareness Training Platforms Effective?

The Argument For More Cybersecurity Startups

How Are New SEC Rules Impacting CISOs?

Managing the Risk of GenAI Tools

Defending Against What Criminals Know About You

Will We Ever Go Back From Work From Home?

The Lurking Dangers of Neglected Security Tools

When You Just Can't Take It Anymore in Cyber

Is It Possible to Inject Integrity Into AI?

Are Phishing Tests Helping or Hurting Our Security Program?

​​Who Is Responsible for Securing SaaS Tools?

Hiring Cyber Teenagers with Criminal Records

What's Working With Third-Party Risk Management?

What Triggers a CISO?

Information Security vs. Cybersecurity

Should Deny By Default Be the Cornerstone of Zero Trust?

What Is a Field CISO?

Cybersecurity Is a Communications Problem

Do Companies Undergoing a Merger or Acquisition Get Targeted for Attacks?

Telling Stories with Security Metrics

Securing Identities in the Cloud

How AI Is Making Data Security Possible

What Makes a Successful CISO?

We Want a Solution to Remediate, Not Just Detect Problems

Recruiting from the Help Desk

How Do We Build a Security Program to Thwart Deepfakes?

Where Are Secure Web Gateways Falling Short?

Understanding the Zero-Trust Landscape

Scaling Least Privilege for the Cloud

Should CISOs Be More Empathetic Towards Salespeople?

Managing Data Leaks Outside Your Perimeter

What Are the Risks of Being a CISO?

Onboarding Security Professionals

How to Improve Your Relationship With Your Boss

Improving the Responsiveness of Your SOC

The Demand for Affordable Blue Team Training

Why are CISOs Excluded from Executive Leadership?

What Is Your SOC's Single Search of Truth?

When Is Data an Asset and When Is It a Liability?

Tracking Anomalous Behaviors of Legitimate Identities

Why Do Cybersecurity Startups Fail?

Is "Compliance Doesn't Equal Security" a Pointless Argument?

CISOs Responsibilities Before and After an M&A

Use Red Teaming To Build, Not Validate, Your Security Program

The Do's and Don'ts of Approaching CISOs

Doing Third Party Risk Management Right

Who Is Responsible for Securing SaaS Tools?