Purple teaming
The ultimate collaboration
What is Purple Teaming?
Purple Teaming is an exercise in which the red team works together with the blue team to increase detection.
Improvement on the fly
Go through the different TTPs together and immediately write your detection rules
Intensive collaboration
Direct collaboration between the red and blue team
PURPLE TEAMING: THE ULTIMATE COLLABORATION
Your organization has already reached a certain degree of maturity when it comes to security. You have processes in order and your security team is ready for threats. But the security landscape is changing fast, very fast. Malicious people are getting smarter and coming up with new technologies. Laws and regulations are also becoming increasingly stricter. How do you ensure that the organization is ready for the latest cyber threats? And how do you ensure that the most business-critical business units are protected, the crown jewels? Purple Teaming is a test where the Red Team (attack) and the Blue Team (defense) actively work together. The attack and the defense are carried out jointly.
The exchange of information that takes place here results in specific action points to achieve better security.
THE TEAM: NOT “US AGAINST THEM” BUT TOGETHER
A Purple Team test involves teamwork between the Red Team of Securify and the Blue team of you as a client. We are therefore not opposed to each other, but work together on the predetermined scope.
By doing a Purple team exercise, you increase the internal knowledge about the security of the organization with the attack power of Securify. Gain insight into where you still need to invest to scale up your security and learn what you are already strong at. The benefits are getting real-time results and being able to re-run attacks faster to speed up the learning process.
Our joint team
Our multidisciplinary team of seasoned and highly motivated professionals will stretch you to your limits to detect and mitigate the incoming attack.
Our typical team looks like this:
- Red team lead
- Sociaal engineering expert
- Windows and Active Directory guru
- Monitoring specialist
- Malware-expert
These experts form a team with the blue team of your organization.
Our approach
Our Purple Teaming approach is based on the Unified Kill Chain (UKC), a science-driven real-world attack model that extends beyond the initial foothold phase and also takes into account network propagation and action on objectives.
By combining UKC metrics with the Mitre ATT&CK framework, we can generate a powerful numbers-driven overview of how your organization performed during the Red Teaming exercise.
Het Purple Teaming proces
A Purple Team Test always proceeds according to a preconceived plan. The scope, duration and purpose of the test are determined in consultation with the client.
The exploration
This is followed by the reconnaissance phase, in which the red team collects as much information as possible about the organization, the systems present and the target of the attack. The scenario is created in this phase. The choice of scenario depends on the maturity of the organization's IT security. And whether an organization wants to know whether they can withstand a certain threat, so they will re-enact the path of a certain threat.
The Purple Teaming Test
The attack and defense take place in teams, with the Red Team carrying out the attack and the Blue Team defending in real time. During this process, points for improvement immediately emerge. The test is then repeated to immediately apply the insights gained.
After the Purple Teaming Test
After the test, the client will be presented in a findings meeting with what has been done during the Purple Teaming test and what findings have emerged from this. An extensive report also contains recommendations and advice for improving security. If desired, an advisory process can be started. Our security specialists help to resolve the identified issues in an advisory process.