Sep 3, 2020
All links and images for this episode can be found on CISO
Series (https://cisoseries.com/defense-in-depth-when-red-teams-break-down/)
What happens when red team engagements go sideways? The idea of
real world testing of your defenses sounds great, but how do you
close the loop and what happens if it's not closed?
Check out this
post for the basis for our conversation on this week’s
episode which features me, David
Spark (@dspark),
producer of CISO Series, co-host Allan
Alford (@allanalfordintx), and our
sponsored guest, Dan DeCloss, founder
and CEO, PlexTrac.
Thanks to this week’s podcast sponsor,
PlexTrac.
PlexTrac is a revolutionary, yet simple, cybersecurity
platform that centralizes all security assessments, penetration
test reports, audit findings, and vulnerabilities into a single
location. PlexTrac vastly improves the risk management lifecycle,
allowing security professionals to generate better reports faster,
aggregate and visualize important analytics, and collaborate on
remediation in real-time.
On this episode of Defense in Depth, you’ll
learn:
- Don't make the mistake of red teaming too early. If you don't
have your fundamental security program in place, you'll be testing
out non-existing defenses.
- If you're just starting to build up your security program,
conduct a vulnerability scan and do some basic patch
management.
- A red team exercise exists to discover risks you didn't even
know about and couldn't have predicted in your threat model
exercises.
- Have a plan of what you're going to do after the red team
exercise. Just discovering you've got problems with no plan to
remediate them will not only be a waste of money, but will also
breed discontent.
- Don't red team just to fill out an audit report. You can do a
vulnerability scan for that.
- Consider moving the red team to purple to actually help the
blue team remediate the findings.
- If you don't have a plan for remediation you'll find yourself
running the same red team and filling out the same report.
- Prioritize! The red (now purple) team can greatly help along
with those who've assessed business risks.
- First to remediate are the ones that are high impact and easy
to execute. The rest is determined by an analysis of likelihood and
impact.