make a good business better

Blog Information Security

Print Divider Print Divider Branding
 

What You Should Know About Purple-Teaming and Attack Simulations

07/09/2018  |  By: Bill Dean, CCE, GCIH, GCFA, GPEN, Senior Manager

Share

Social Logo Social Logo Social Logo Social Logo

You might not know this, but penetration testing is no longer the gold standard for improving your defenses against cyberattacks.

Why?

It’s only half of the picture. Penetration testing identifies vulnerabilities and demonstrates risks through exploitation, but it doesn’t go further than that. 

Purple-teaming does.

If that’s an unfamiliar term, here’s what you should know:

What is Purple-Teaming?

Purple-teaming is a coordinated effort between a red team (penetration testing) and a blue team (network defense) with the common goal of ensuring a company’s controls are working effectively and as expected. Too often, the efforts of red and blue teams are segregated. The red team works hard to get into the network, and the blue team implements controls to secure it. But, without purple-teaming, the two groups rarely work collaboratively. Individually, the teams are doing their jobs, but they’re each working toward different goals. The blue team has the goal of protecting the network, and the red team has the goal of compromising it.

What Does a Purple-Teaming Engagement Look Like?

In short—purple-teaming is not entirely different from what you might already be doing. But, instead of each team working separately, the two work together in a chess match of sorts. An important distinction between purple-teaming and standard red-teaming is that the methods of attack and defense are predetermined. This is because the goal of the red team is no longer solely to exploit the network, it’s to improve the network’s security by putting the organization’s controls (and the blue team capabilities) to the test.

By adopting a common goal, the teams are no longer just identifying vulnerabilities and working based on assumptions, they’re testing controls in real-time and simulating the type of attack scenario likely to occur if a network is attacked. Another major difference between purple-teaming and red-teaming is that standard penetration testing and the implementation of controls are passive processes, whereas purple-teaming is active.

By simulating an actual attack environment, the blue team is able to test its technical controls, as well as the people responsible for implementing them, in a simulated attack. No matter how strong your controls are, they’re useless if personnel do not know how to properly identify and respond to threats in real-time.

How Can LBMC Information Security Help?

So, how can a trusted security partner like LBMC Information help you conduct a purple-teaming exercise? The idea of a simulated attack can be concerning for management. We can partner with your organization to ensure that purple-teaming efforts are conducted in a safe, thorough manner and do not expose your organization to any unnecessary risks.

Additionally, we can help identify control gaps you may not notice otherwise. Since we have experience in this type of testing, we can identify areas that organizations may overlook when running a completely internal purple-teaming exercise.

If you want to stop passively assuming your controls work and start putting them to the test, we can help. Just click here contact us and learn more about our purple-teaming services.

Posted in: Security Consulting