Purple Team
What is Purple Teaming?
Purple teaming primarily focuses on uplifting the detection and response capabilities of your network defenders through a simulated real-time attack simulation exercise. This could be a single technique and/or tactic or, a range of them replicating a threat-actor relevant to your organisation or industry.
How does a Purple Team work?
With a focus on ensuring that your network defenders (blue team) can identify the Indicators of Compromise (IoCs) generated by Sekuro Offensive Security consultants (Red Team), we walk-through a custom attack simulation so that you can improve detection capabilities by uplifting skills of your staff, tweaking internal tools, and updating incident response processes and procedures.
The typical engagement lifecycle of a Purple Team assessment would include:
- Understanding your existing detection tools, processes and policies;
- Discuss and walkthrough Techniques, Tactics and Procedures (TTPs) relevant to you and an approach on testing them;
- Once agreed, we establish a Rules of Engagement (RoE) and prepare assets and stakeholders for the assessment;
- Collaboratively between Sekuro’s Offensive Security consultants and your network defenders, we step-through testcases so that you can investigate IoCs and we evaluate detection outcomes;
- Throughout testing, all activities and outcomes are documented;
- At the end of the assessment, we provide a risk-based report covering all testcases, the actions performed, detection status and recommendations to improve defences.
How do I get started?
Get in touch with us and one of our lead Offensive Security consultants can take you through the process to develop an assessment that meets your requirements.