Adversarial Detection & Countermeasures, also known as Purple Team, engagements are designed to evaluate the effectiveness of the Information Security program, with a focus on detection, deflection, and deterrence.
TrustedSec utilizes both Red Team (penetration testers) and Blue Team (defenders) consultants. The Red Team follows the Penetration Testing Execution Standard (PTES) to circumvent security controls and gain unauthorized access to systems. The Blue Team will then work with an organization’s defensive team to determine their ability to either detect the attack, deflect the attack, and/or deter the attacker.
With TrustedSec, you can:
- Improve your team’s organizational readiness
- Inspect current performance levels
- Improve training for defenders
- Increase end-user information security awareness
- Evaluate the effectiveness of your IT security defenses and controls
- Gain objective insights into vulnerabilities that may exist across your environment
Detection: Defined as the ability to recognize and identify an attack through multiple phases of a compromise, detection is the foundational element of reducing the damage inflicted during a breach. Detection systems include security information and event management (SIEM), NAC rogue device detection, account change monitoring, suspicious command usage, user behavior analytics (UBA), and more. Where detection controls cannot be implemented, enhancements in deflection and deterrence controls are necessary.
Deflection: Also referred to as protection, deflection is the ability to build proactive measures that directly defend the network through protection. This would include anti-virus, intrusion detection/prevention systems, network access controls, and more. Where deflection controls cannot be implemented, enhancements to detection and deterrence controls are necessary.
Deterrence: The third piece of an organization’s defensive team is deterrence, which is the implementation of patch management procedures and the enforcement of complex password policies. This also includes creating paths of least resistance to bait an attacker to use a specific system or set of credentials in order to detect their activity, which is often achieved with Honeypots, Honeytokens, and Honeycreds. Where deterrence controls cannot be implemented, enhancements in detection and deflection controls are necessary.
Talk with an Expert
Author: David Kennedy
Security expert, keynote speaker, avid gamer and the go-to for protecting companies from threats.