Summary
A purple team project simulates attacks (the red team) and works with the organizations defenders (the blue team) to determine if they can be found by current controls and then decides how best to rectify any issues.
Benefits
- Identify where your controls work and do not work in a collaborative setting, with immediate feedback between attackers and defenders.
- Seeks to improve relationships between internal parties who are used to external assessment teams coming it to play ‘gotcha’.
- If you are using the ATT&Ck framework elsewhere, this can provide a useful measure of progress in your security program.
Process
Purple teaming is a collaborative exercise and usually takes one of two forms:
- Our team works with the client to simulate attacks using a variety of methods, based on our experience and the client’s knowledge of what works and what doesn’t.
- Testing utilizes the Mitre ATT&CK framework to provide the structure of the test. Systems are deployed which replicate a range of areas from the framework. This is used as the measure (and basis for reporting) of the project.
In both cases, we work with the client to identify areas of concern, expected control responses and develop a testing scheduling. Testing is then executed, results analyzed and recommendations provided.
RELATED RESOURCES
RELATED RESOURCES
- Jan 06,2021
1 min read
On this episode, Mike is joined by longtime friend and cloud security/forensic expert, Josh, along with OccamSec's very own cloud guru, Jason.
- Nov 30,2020
5 min read
By Mike Krupka, formerly a goalkeeper, now a project manager with a CISSP and a wealth of experience Goalkeeper: The player whose special job it is to stop the ball from entering the goal. CISO: The senior-level whose special job is to help the organization achieve its objectives in a secure way
- Oct 09,2020
1 min read
On October 8, 2020, OccamSec participated in a joint OWASP London and OWASP Suffolk meeting.