Defense in Depth

Do Breaches Happen Because the Tool Fails, or the Tool Was Poorly Configured?

Apr 13, 2023

Guests: David Spark, producer of CISO Series, and Geoff Belknap, CISO, LinkedIn. The podcast explores who is at fault when breaches occur, the tool or the administrators who configure it. It discusses the relationship between complexity and security breaches, the value of specialization in building point solutions, the impact of misconfiguration in data breaches, misaligned expectations in cybersecurity products, reasons for breaches, and the importance of implementing security measures.

32:27

Creator website

Episode guests

Geoff Belknap

David Spark

AI Summary

Highlights

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Breaches occur due to a combination of ineffective security tools and misconfigured or ignored controls.

Proper configuration and ongoing maintenance of security controls are essential to prevent breaches.

Deep dives

Security tools can fail due to ineffectiveness or misconfiguration

The podcast episode discusses the common reasons behind security breaches and who is at fault when security controls fail. The question is raised whether breaches occur due to the ineffectiveness of security tools or because they were misconfigured or ignored by administrators. The discussion explores different perspectives and experiences regarding this issue. The consensus is that it is often a combination of both factors. Security controls may not be fully effective, but they can also be misconfigured or not properly implemented, leading to breaches. It is emphasized that security is a complex and multidisciplinary field, requiring collaboration and communication between multiple stakeholders. Additionally, it is suggested that clear communication, training, and a focus on specific objectives are key to successful security implementations.

The Role of Complexity in Security

01:29

Misaligned expectations in understanding how tools meet control objectives

00:46

Introduction

2min

The Relationship Between Complexity and Security Breaches

12min

Building Point Solutions and the Value of Specialization

2min

Misconfiguration and Control Objectives in Data Breaches

5min

Misaligned Expectations in Cybersecurity Products

9min

Reasons for breaches and the importance of implementing security measures

3min

All links and images for this episode can be found on CISO Series.

Security tools are supposed to do a job. Either they need to alert you, protect you, or remediate an issue. But they don't always work and that's why we have breaches. Who's at fault, the tool or the administrators who configured the tool?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Kenneth Foster (@Kennethrfoster1), vp of IT governance, risk and compliance at FLEETCOR.

Thanks to our podcast sponsor, AppOmni

Do you know which 3rd party apps are connected to your SaaS platforms? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. Get visibility to all 3rd party apps — and their level of data access — with AppOmni. Visit AppOmni.com to request a free risk assessment.

In this episode:

Why do security tools fail?
Who's at fault, the tool or the administrators who configured the tool?
Is it usually because the control is ineffective or was the control misconfigured / ignored?
Do InfoSec produts have an efficacy issue or an implementation issue?

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Defense in Depth

Do Breaches Happen Because the Tool Fails, or the Tool Was Poorly Configured?

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Security tools can fail due to ineffectiveness or misconfiguration

Misconfigured controls and lack of maintenance contribute to breaches

Balancing simplicity and efficacy in security products

Importance of clear communication and understanding control objectives

The Role of Complexity in Security

Misaligned expectations in understanding how tools meet control objectives

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Defense in Depth

Do Breaches Happen Because the Tool Fails, or the Tool Was Poorly Configured?

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Security tools can fail due to ineffectiveness or misconfiguration

Misconfigured controls and lack of maintenance contribute to breaches

Balancing simplicity and efficacy in security products

Importance of clear communication and understanding control objectives

The Role of Complexity in Security

Misaligned expectations in understanding how tools meet control objectives

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights