TechSpective Podcast Episode 070
How do you know where the weak spots are in your cybersecurity defenses? One of the best ways is to engage a third-party–an external set of eyes and skills–to conduct a penetration test and try to find them. John Sawyer, Director of Services, Red Team at IOActive, joins me on this episode of the TechSpective Podcast to talk about what red, blue, and purple team engagements are and why they’re invaluable for companies to help improve cybersecurity.
Just as it is sometimes challenging to edit your own writing because your brain reads what you meant to write rather than what is actually on the page, it is also difficult to analyze your own security posture. You tend to see the problems you saw in the first place, and believe the solutions you have in place are sufficient. But, you don’t know what you don’t know, and you are often not the best judge of figuring it out. That is where engaging a red or purple team exercise with someone like John makes sense.
One of the specific issues we address in the podcast is the epidemic of alert fatigue. IT and IT security teams are inundated with an overwhelming volume of alerts. It is stressful and leads to apathy and/or critical alerts falling through the cracks. A purple team exercise can help identify useless alerts and separate important or critical alerts–providing valuable insight that can be used to fine tune systems to focus on the alerts that matter.
Check out the full episode for more from John about penetration testing and red and purple team engagements. We also talk about some of the ways the COVID-19 pandemic has affected purple team engagements in the past year, and the lasting impact the “new normal” may have on how red and purple team exercises are conducted.
Please ask questions and share your thoughts on the topic in the comments below. Also, please subscribe to the TechSpective Podcast through your favorite podcast platform, and share the podcast with your peers and friends.
If you enjoy the podcast, I would also be grateful if you could take 2 minutes to rate and review the podcast on iTunes, or wherever you listen.
- Detecting Anomalies with ‘Project Caspian’ - February 19, 2024
- The Strategic Partnership Elevating API and Endpoint Security - February 15, 2024
- Simplifying Cybersecurity from Confusion to Clarity - February 12, 2024