What happens when red team engagements go sideways? The idea of real world testing of your defenses sounds great, but how do you close the loop and what happens if it’s not closed?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our sponsored guest, Dan DeCloss, founder and CEO, PlexTrac.
Thanks to this week’s podcast sponsor, PlexTrac
Got feedback? Join the conversation on LinkedIn.
On this episode of Defense in Depth, you’ll learn:
- Don’t make the mistake of red teaming too early. If you don’t have your fundamental security program in place, you’ll be testing out non-existing defenses.
- If you’re just starting to build up your security program, conduct a vulnerability scan and do some basic patch management.
- A red team exercise exists to discover risks you didn’t even know about and couldn’t have predicted in your threat model exercises.
- Have a plan of what you’re going to do after the red team exercise. Just discovering you’ve got problems with no plan to remediate them will not only be a waste of money, but will also breed discontent.
- Don’t red team just to fill out an audit report. You can do a vulnerability scan for that.
- Consider moving the red team to purple to actually help the blue team remediate the findings.
- If you don’t have a plan for remediation you’ll find yourself running the same red team and filling out the same report.
- Prioritize! The red (now purple) team can greatly help along with those who’ve assessed business risks.
- First to remediate are the ones that are high impact and easy to execute. The rest is determined by an analysis of likelihood and impact.