PURPLE TEAM
ETS, Inc. security experts provide realistic assurance to the organization being tested with our "Purple Teaming" services which are fully collaborative, allowing blue teams to sit alongside our red team and correlate attacks and techniques with alerts.
As a training-focused company with expert services in both attack and defense/incident response we are well placed to help internal blue teams.
Purple teaming does not replace red or blue teaming.
Why?
How?
Purple Teaming can be added to any of our Red Team Packages
Purple team in security has one or more of the following goals:
Identifying the gaps in organization’s defenses and measuring its coverage
Boosts security of organizations without increasing their security budget
Enhances the security knowledge of the members of the team
Brings collaborative culture that promotes continuous security improvements
What is Purple Teaming?
Purple Teaming is the coming together of offensive and defensive security teams with the common goal of identifying, addressing, and reducing risk of your business.
There are three primary components of purple teaming:
Simulation: During this initial phase, the red team will attack the network using numerous angles with one goal in mind: don’t get caught. The scope—or objective—of this engagement is set before the attack; whether it’s stealing sensitive PII or customer data, the red team will have a predetermined objective in mind throughout the engagement to meet your enterprise’s goals and needs.
By attempting to gain reconnaissance through virtual and physical access to confidential data within your organization, preliminary gaps can be identified.
Secrecy: Unlike many other offensive security engagements assessments that can be performed on your network, this purple team engagement is meant to be kept under wraps from the majority of your employees. The red team will attempt to stay covert in order to complete the overall objective, thoroughly testing your security defenses and blue teams; only a handful of executives and the blue team will be aware of the ongoing assessment.
Detection Testing: If the blue team identifies attack activity, they’ll contact the red team to verify it’s not a real attack. Once verified, the red team will continue the attack while the blue team will notate how they were detected and keep monitoring to see what other activity they detect.
Since attackers don’t stop hacking companies, even when they’re discovered, neither does the red team. This will give the blue team an important opportunity to monitor and observe attacker behavior while devising new strategies to detect and block that activity, while also knowing this is a simulation. It’s the best of both worlds.