{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Signed","title":"The EDR Was Running. The Ransomware Still Won.","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/5a9cc705\"></iframe>","width":"100%","height":180,"duration":6033,"description":"Dave Chronister has been doing penetration testing and incident response since 2007 — back when Fortune 500 CIOs called it a novel concept.In the years since, he's walked into breached environments where the EDR was running, the MDR was installed, the SOC 2 audit had passed, and none of it mattered.This conversation covers the gap between what companies think they bought and what they actually have why tools become the program by default, why compliance audits and security programs are two different things, what AI is actually doing to enterprise risk profiles right now, and what the organizations that survived a ransomware encryption event had that the ones who didn't were missing.If you're responsible for a security decision, this is the conversation to have before the next one.Is your security program real, or is it just theater? The gap between a real security program and a collection of tools doesn't show up in an audit. It shows up during an incident — when it's too late to fix cheaply.These eight questions come straight out of this conversation with Dave Chronister, founder of Parameter Security. Each one maps to something he's actually walked into. Answer them against what you know to be true right now — not what your vendor told you at signing.1. Do you know which findings from your last security assessment are still open? Dave has had a Fortune 100 client for four straight years. He pulled the year-one report and the year-four report side by side. Almost identical findings. Tools were bought, renewed, and re-certified the whole time — and the actual exposure never moved. If your remediation list looks the same as it did a few cycles ago, the program isn't the problem. The follow-through is.2. When did your EDR last fire — and who responded? Not whether it's installed. Whether it's being acted on. In recent insurance data, more than 60% of ransomware encryption events happened at organizations running a leading EDR. Detection without response doesn't...","thumbnail_url":"https://img.transistorcdn.com/d8NGarPLhvklmJcOQEYdHcKCmSM85HfY2AEspyWoL-M/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS82NzJl/MzE1NTFmNzgzMjVk/NTdhOTc4ZGU2YWYx/Zjc5Ny5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}