Is your organisation getting the most out of your Red Teaming exercises?
Nowadays, most organisations leverage teams of simulated attackers (Red Team) and defenders (Blue Team) to test assumptions about the state of their IT security. Purple teaming effectively combines these two separate efforts into an integrated and cooperative approach that allows for rapid, iterative improvement of the security posture. Focusing mainly on cybersecurity, continual feedback between both groups will broaden the Blue Team’s knowledge and rapidly improve their defence capabilities. This function is commonly referred to as the Purple Team exercise (Red and Blue mixed together).
Combining the Red and Blue Teams’ efforts in an interactive setting by performing different real-world attack scenarios, while the Blue Team is actively watching which elements are and are not detected. Afterwards, both the Blue team and the Red team improve their approaches and retry.
Combining the Red and Blue team efforts in an interactive setting: by performing an attack while the blue team is actively watching which elements are and are not detected. Afterwards, both blue and red team improve their approaches and retry.
Our purple teaming approach is modelled in clearly defined sprints. As part of each sprint, scenarios are designed, corresponding SOC use cases identified, the simulation is executed, and improvements identified in a loop. Depending on client wishes and requests, we can report observations and recommendations in a memo, as well as aid in implementation of additional measures for prevention, detection and response to the tested scenarios.
Although the overall process for purple teaming will always follow a similar pattern, variations in the execution phase are possible. Options range from a fully paper-based approach to actual attack simulation. Apart from various execution methods, we can also change the scope from very broad, down to focused entirely on a single link of the kill chain. By performing a threat assessment workshop before we start, we ensure that any and all simulated attacks are in line with your organisation’s actual threat landscape.
Deloitte specialist assists your organisation with the high-level design making sure that every aspect is taking into account.