What is Purple Teaming?

I like things simple so I break cybersecurity down into two broad categories: offense and defense.  Offense is a planned attack or evaluation of a company’s defense to uncover issues like risks, vulnerabilities, and deficiencies. Offensive personnel think like a hacker, “how can I break into this area, pivot and get to the crown jewels.“  Full scope pen testing is an example of offense and is often referred to as “red teaming.”  Defense is the opposite, a focus on detecting issues and protecting the network. Good outcomes mean you effectively detect and disrupt attacks.  Defensive personnel think in terms of lists, “am I protected against X, Y, and Z?” Defense is often referred to as “blue teaming.”

Great things happen when there’s synergy, like when offense and defense work together.  “Purple Teaming” means red and blue collaborate to maximize cybersecurity capabilities through continuous feedback and knowledge transfer.  In typical pen testing, the goal is for the pen testers to avoid detection. Purple teaming is the opposite.  The goal is for red to work with blue in a controlled environment thereby observing attack activity, how the attack was conducted, and if the defensive systems have effective visibility. Companies can benefit greatly from purple teaming to:

• Improve overall security
• Identify and eliminate blind spots in your detection capabilities
• Improve the effectiveness of threat hunting, and network monitoring
• Understand the effectiveness of your SIEM or managed detection provider
• Understand how attacks unfold
• Gain insight into the complexity, detectability, sophistication, et al., of various threats and attacks

Purple teaming can be performed as a project with clearly defined timelines and deliverables or as a continuous service.  NetWorks Group provides a full array of “Purple”, “Red”, and “Blue” services.  Please reach out to me if you want to learn more, have questions or comments.

Scot Armstrong

330-414-0229

sarmstrong@networksgroup.com