Going Purple: Measurably improving your security posture with Purple Team engagements

Date: August 21, 2019

Recorded August 21, 2019 at 1 P.M. EST

Adversaries continue to morph tactics and identify new ways of attacking organizations. Whether emulating a perimeter breach or the more popular phishing attack on the user population, it has never been more important to attack patterns and categorize behavior to defend against them.

What’s the process and why is it better than just a combined Red and Blue Team engagement?

The idea of a Purple Team engagement (or Adversarial Detection and Countermeasures) is fairly simple in that it combines elements of Blue Team (defense) and the Red Team (offense). By pairing these two groups together during every phase of the assessment, an understanding and knowledge transfer occurs in order to ensure that each phase can be appropriately tested. While the idea is simple, there are various methods for addressing the three D’s of security – Detect, Deflect, and Deter an attack.

Not all Purple Team engagements are created equal.

As the Information Security industry has matured, the attack surface has become so great that finding and fixing every vulnerability simply isn’t possible. The goal for the organization is to gain early indicators of compromise. The process can take on many forms and methods, not all of which deliver on the expectations for the additional resources required.

How can you get the most value out of Purple Team engagements?

TrustedSec will review such questions as:

• How mature do you have to be for a Purple Team engagement?
• How should your organization prepare for a Purple Team engagement?
• What are some examples around detecting obscure methods of attack?
• What kind of metrics are being used and can you benchmark against them?
• How do you know if you’ve tested “enough?”