Broadcasts.com - "When Red Teams Break Down" (Defense in Depth)

Technology
SEE MORE
- classical
- general
- talk
- News
- Family
- Bürgerfunk
- pop
- Islam
- soul
- jazz
- Comedy
- humor
- wissenschaft
- opera
- baroque
- gesellschaft
- theater
- Local
- alternative
- electro
- rock
- rap
- lifestyle
- Music
- como
- RNE
- ballads
- greek
- Buddhism
- deportes
- christian
- piano
- djs
- Dance
- dutch
- flamenco
- social
- hope
- christian rock
- academia
- afrique
- Business
- musique
- ελληνική-μουσική
- religion
- World radio
- Zarzuela
- travel
- World
- NFL
- media
- Art
- public
- Sports
- Gospel
- st.
- baptist
- Leisure
- Kids & Family
- musical
- club
- Culture
- Health & Fitness
- True Crime
- Fiction
- children
- Society & Culture
- TV & Film
- gold
- kunst
- música
- gay
- Natural
- a
- francais
- bach
- economics
- kultur
- evangelical
- tech
- Opinion
- Government
- gaming
- College
- technik
- History
- Jesus
- Health
- movies
- radio
- services
- Church
- podcast
- Education
- international
- Transportation
- Other
- kids
- podcasts
- philadelphia
- Noticias
- love
- sport
- Salud
- film
- and
- 4chan
- Disco
- Stories
- fashion
- Arts
- interviews
- hardstyle
- entertainment
- humour
- medieval
- literature
- alma
- Cultura
- video
- TV
- Science
- en

When Red Teams Break Down

Published: Sept. 3, 2020, 10 a.m.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-when-red-teams-break-down/)

What happens when red team engagements go sideways? The idea of real world testing of your defenses sounds great, but how do you close the loop and what happens if it's not closed?

Check out\xa0this post\xa0for the basis for our conversation on this week\u2019s episode which features me,\xa0David Spark\xa0(@dspark), producer of CISO Series, co-host\xa0Allan Alford\xa0(@allanalfordintx), and our sponsored guest, Dan DeCloss, founder and CEO, PlexTrac.

Thanks to this week\u2019s podcast sponsor, PlexTrac.

PlexTrac\xa0is a revolutionary, yet simple, cybersecurity platform that centralizes all security assessments, penetration test reports, audit findings, and vulnerabilities into a single location. PlexTrac vastly improves the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize important analytics, and collaborate on remediation in real-time.

On this episode of\xa0Defense in Depth, you\u2019ll learn:

Don't make the mistake of red teaming too early. If you don't have your fundamental security program in place, you'll be testing out non-existing defenses.
If you're just starting to build up your security program, conduct a vulnerability scan and do some basic patch management.
A red team exercise exists to discover risks you didn't even know about and couldn't have predicted in your threat model exercises.
Have a plan of what you're going to do after the red team exercise. Just discovering you've got problems with no plan to remediate them will not only be a waste of money, but will also breed discontent.
Don't red team just to fill out an audit report. You can do a vulnerability scan for that.
Consider moving the red team to purple to actually help the blue team remediate the findings.
If you don't have a plan for remediation you'll find yourself running the same red team and filling out the same report.
Prioritize! The red (now purple) team can greatly help along with those who've assessed business risks.
First to remediate are the ones that are high impact and easy to execute. The rest is determined by an analysis of likelihood and impact.