A Conversation with Patrick Duffy from Material Security episode artwork

EPISODE · Apr 15, 2025 · 26 MIN

A Conversation with Patrick Duffy from Material Security

from Unsupervised Learning (Member Edition) · host Daniel Miessler

➡ Secure what your business is made of with Martial Security: https://material.security/ In this episode, I speak with Patrick Duffy from Material Security about modern approaches to email and cloud workspace security—especially how to prevent and contain attacks across platforms like Google Workspace and Microsoft 365. We talk about: • Proactive Security for Email and Cloud PlatformsHow Material goes beyond traditional detection by locking down high-risk documents and inboxes preemptively—using signals like time, access patterns, content sensitivity, and anomalous user behavior. • Real-World Threats and Lateral MovementWhat the team is seeing in the wild—from phishing and brute-force attacks to internal data oversharing—and how attackers are increasingly moving laterally through cloud ecosystems using a single set of compromised credentials. • Customizable, Context-Aware Response WorkflowsHow Material helps teams right-size their responses based on risk appetite, enabling fine-grained actions like MFA prompts, access revocation, or full session shutdowns—triggered by dynamic, multi-signal rule sets. Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler Chapters: 00:00 - Welcome & High-Level Overview of Material Security02:04 - Common Threats: Phishing and Lateral Movement in Cloud Office05:30 - Access Control in Collaborative Workspaces (2FA, Just-in-Time, Aging Content)08:43 - Connecting Signals: From Login to Exfiltration via Rule Automation12:25 - Real-World Scenario: Suspicious Login and Automated Response15:08 - Rules, Templates, and Customer Customization at Onboarding18:46 - Accidental Risk: Sensitive Document Sharing and Exposure21:04 - Security Misconfigurations and Internal Abuse Cases23:43 - Full Control Points: IP, Behavior, Classification, Sharing Patterns27:50 - Integrations, Notifications, and Real-Time Security Team Coordination31:13 - Lateral Movement: How Attacks Spread Across the Workspace34:25 - Use Cases Involving Google Gemini and AI Exposure Risks36:36 - Upcoming Features: Deeper Remediation and Contextual Integration39:30 - Closing Thoughts and Where to Learn MoreBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

NOW PLAYING

A Conversation with Patrick Duffy from Material Security

0:00 26:47

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Unsupervised Learning (Member Edition)?

This episode is 26 minutes long.

When was this Unsupervised Learning (Member Edition) episode published?

This episode was published on April 15, 2025.

What is this episode about?

➡ Secure what your business is made of with Martial Security: https://material.security/ In this episode, I speak with Patrick Duffy from Material Security about modern approaches to email and cloud workspace security—especially how to prevent and...

Is there a transcript available for this episode?

Yes, a full transcript is available for this episode. You can read the complete transcript on the episode page.

Can I download this Unsupervised Learning (Member Edition) episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!