You might not know this, but penetration testing is no longer the gold standard for improving your defenses against cyberattacks.

Why?

It’s only half of the picture. Penetration testing identifies vulnerabilities and demonstrates risks through exploitation, but it doesn’t go further than that.

Purple-teaming does.

If that’s an unfamiliar term, here’s what you should know:

What is Purple-Teaming?

Purple-teaming is a coordinated effort between a red team (penetration testing) and a blue team (network defense) with the common goal of ensuring a company’s controls are working effectively and as expected. Too often, the efforts of red and blue teams are segregated. The red team works hard to get into the network, and the blue team implements controls to secure it. But, without purple-teaming, the two groups rarely work collaboratively. Individually, the teams are doing their jobs, but they’re each working toward different goals. The blue team has the goal of protecting the network, and the red team has the goal of compromising it.

What Does a Purple-Teaming Engagement Look Like?

In short—purple-teaming is not entirely different from what you might already be doing. But, instead of each team working separately, the two work together in a chess match of sorts. An important distinction between purple-teaming and standard red-teaming is that the methods of attack and defense are predetermined. This is because the goal of the red team is no longer solely to exploit the network, it’s to improve the network’s security by putting the organization’s controls (and the blue team capabilities) to the test.

By adopting a common goal, the teams are no longer just identifying vulnerabilities and working based on assumptions, they’re testing controls in real-time and simulating the type of attack scenario likely to occur if a network is attacked. Another major difference between purple-teaming and red-teaming is that standard penetration testing and the implementation of controls are passive processes, whereas purple-teaming is active.

By simulating an actual attack environment, the blue team is able to test its technical controls, as well as the people responsible for implementing them, in a simulated attack. No matter how strong your controls are, they’re useless if personnel do not know how to properly identify and respond to threats in real-time.

Webinar: Purple-Teaming and Attack Simulation

Purple-teaming has now become somewhat of a buzzword. However, the effort behind it has great merit and value. The methodology of attack simulation is the assumption that the network or a system will become compromised and the current controls will not prevent the infection. With purple-teaming, everyone knows what controls are being tested and when. The attack simulation is a bit different, as the focus is the emulation of a specific attacker group and their methods of obtaining sensitive data.

Purple-Teaming and Attack Simulation Guide includes:

  • Brief descriptions of purple-teaming and attack simulation
  • How purple-teaming can be beneficial to both penetration testers and defenders
  • Why your penetration tests are not the same as the collaboration involved with purple-teaming
  • Key differences between purple-teaming and attack simulation
  • Reasons why attack/adversary simulation is the best way for you to see how you would measure up against a nation-state attacker group

LBMC Information Security’s Bill Dean outlines purple-teaming, some of the benefits involved with the practice, as well as attack simulation, or what some people label adversary simulation.

PODCAST: Attack Simulation

What is the difference between attack simulation and conventional penetration tests? The methodology of attack simulation is the assumption that the network or a system will become compromised and the current controls will not prevent the infection.

So, how does attack simulation differ from purple-teaming? With purple-teaming, everyone know what controls are being tested and when. The attack simulation is a bit different, as the focus is the emulation of a specific attacker group and their methods of obtaining sensitive data. In this podcast, Bill Dean discusses attack simulation, or what some people label adversary simulation.

Listen to Podcast

Listen, and discover these key takeaways:

  • A brief description of attack simulation
  • Key differences between purple-teaming and attack simulation
  • Reasons why not all attacker groups target all organizations.
  • Why organizations should focus on defending against specific adversary groups that would target them
  • Reasons why attack/adversary simulation is the best way for you to see how you would measure up against a nation state attacker group

Subscribe to the Cybersecurity Sense Podcast on iTunes.

How Can LBMC Information Security Help?

So, how can a trusted security partner like LBMC Information help you conduct a purple-teaming exercise? The idea of a simulated attack can be concerning for management. We can partner with your organization to ensure that purple-teaming efforts are conducted in a safe, thorough manner and do not expose your organization to any unnecessary risks.

Additionally, we can help identify control gaps you may not notice otherwise. Since we have experience in this type of testing, we can identify areas that organizations may overlook when running a completely internal purple-teaming exercise.

If you want to stop passively assuming your controls work and start putting them to the test, we can help. Just click here contact us and learn more about our purple-teaming services.