Webinar Series: Purple Teaming - Validating Detection & Response Capabilities
How do you validate your cyber incident response "playbook" or the capabilities of your Blue Team?
Certainly, you've hired skilled and knowledgeable staff. You've sent them to SANS courses and Black Hat conferences. Your team has even built up experience handling day-to-day issues, like the occasional malware, phishing attempt, or account lockout. Heck, you even convinced the CFO to sign a three-year service agreement for remote monitoring and detection.
But the question still remains: how certain are you that your team will respond to an active cyber incident -- happening in real-time -- as outlined in your playbook?
The ONLY way to know, unequivocally, is to do it.
In real-life.
Really!
Imagine, it's 9:00 AM on a Monday morning and you receive an email stating:
EXERCISE EXERCISE EXERCISE
Good morning,
We just received a dozen phone calls from staff who are all locked out of their accounts. I don't know what's up but it's unusual.
Just wanted to give you a heads-up.
Tom
Help Desk
EXERCISE EXERCISE EXERCISE
Over the next five days, until Friday at 3:00 PM, your team has to identify, triage, respond to, contain, and remove real-life hackers on your network -- just like you said you would in your playbook. The hackers will move through your network, demonstrating real adversarial activities such as lateral movement and pivoting, unauthorized data access, remote code execution, privilege escalation, persistence, and even artificial ransomware.
By the end of the full-scale exercise, you will know for sure whether your existing cyber incident response plan is valid or if it needs additional work. Either way, you have just seen your Blue Team in action against real-life hackers in the most true-to-life scenario possible.
If you think your team is ready to go toe-to-toe against real cyber adversaries, even with home-turf advantage, reach out today and schedule a call with us!
###
Published By: Chris Neuwirth, Senior Penetration Tester, NetWorks Group
Publish Date: December 1, 2022
Security news, tips, webinars, and more straight to your inbox.