Why purple teaming is so effective
Even within the realm of adversarial simulation (i.e red teaming, purple teaming, attack path management), JUMPSEC considers purple teaming to be an outlier in how effective it can be in rapidly improving organisation’s security standards.
Each adversarial simulation engagement is valuable in the right context. If you’ve recently released a new website that is an entirely new code base, then you would be best to pursue a penetration test. On the other hand, if you have been consistently improving your security posture for a sustained period and want to assess the true exploitability of your estate, then a covert red team would best answer that question.
But if you want to see real-world improvement in your security posture, a purple team engagement is uniquely positioned to apply an adversarial (or ‘red team’) mindset to each of your critical assets, taking a collaborative approach to simultaneously strengthen your defensive ‘blue team’ capability. This provides you insight and assurance that simply is not possible with a penetration test or red team exercise.
Typical offensive services struggle to make a lasting impact because they provide an exhaustive, and often overwhelming, list of fixes to be implemented. Only in a collaborative purple team engagement can you make iterative improvements to security controls, whilst having them validated in real-time, reducing time and costs required to achieve a security posture capable of withstanding a real-world attack.
What can purple teaming identify?
On a typical 4-6 week engagement, JUMPSEC will on average:
Internal security teams do not wait for our technical report to address our findings. Several security gaps can be fixed as they emerge in tandem, without disrupting the flow of a typical adversarial simulation.
Your security team respond to a sustained attack from a persistent and sophisticated live threat, whilst gaining the insight required to remediate and validate risks on the spot. This means your defensive team to play an integral part in the success of the engagement. That knowledge transfer between red and blue teams can significantly uplift the technical expertise of your security operations, which is essential for long-term organisational resilience.
How a purple team works
JUMPSEC typically conduct purple team engagements over five phases:
Threat Model Workshop
JUMPSEC facilitates an in-person workshop in which we map out your entire estate, your business-critical assets, greatest risks and defensive controls. This allows us to gain an intimate understanding of your environment and begin to plan likely attack paths to the crown jewels of your organisation.
JUMPSEC profiles the types of threat groups targeting organisations like yours. From this, specific TTPs related to those threat groups can be carried into the subsequent stages. In this phase we also create a list of the very latest CVEs, 0-days and vulnerabilities facing your organisation for testing during the engagement.
Test Case Creation
With the above information we can create a curated list of test cases that address all of your biggest concerns. Depending on the size of the estate this could be a list of over 100 custom test cases, tailored specifically to your environment and built around your greatest concerns.
JUMPSEC systematically progresses through your security estate and works collaboratively with your security teams/vendors to meticulously record the outcome of each test case. Typically, many new vulnerabilities are discovered during the engagement window, as well as the validation across every component of your security posture.
Reporting, Debrief and Workshops
Reports are created and workshops organised to deliver the results of the execution phase, detailing the ability to detect, prevent and alert on each of the test cases. JUMPSEC also includes the purple team database containing the low-level results and evidence for each test case, for review at your own pace.
What are the Key Project Outcomes with Purple Teaming
What our clients say...
“Recently we engaged a comprehensive purple team exercise. Working collaboratively with JUMPSEC Blue and Red Teams we were able to make real time improvements to our security posture. This included implementing technical solutions, tweaking detections and finding innovative ways to compromise a system. The advantages working in this collaborative manner through a purple team engagement, far outweigh approaches taken in a traditional PenTest."
Groupe Atlantic, UK
The Under Appreciated Value of Purple Teaming
Having recently finished an extensive and eye-opening purple team engagement, I took some time to reflect on the sheer amount of ground that we had covered in just 6 short weeks…
Butting Heads With a Threat Actor on an Engagement
At the time of writing I am enjoying some non-billable time in the wake of a demanding engagement spanning across several months. As such, I thought it would be a good time to write…
What is Purple Teaming?
Purple teaming gets its name from the combined effort of both the blue (defensive) and red (offensive) teams.