Purple Team
Services
Add some of the most talented hackers in the world to your team.
Maximise the value of our adversarial attack simulations through open collaboration between Red and Blue teams focused on learning and improvement.
What is Purple Teaming
and why it matters?
One might argue that an attack simulation will never be exactly the same as the real thing.
And we might reply "of course, a simulation can be much better".
Imagine that, in the middle of a cyberattack your security team could stop time, question the attackers how exactly they are operating, and even ask for a rematch if they could not stop them first try.
That is precisely the chance only a Purple Team can offer, attackers and defenders working closely together in an open discussion about each attack technique and defence expectation to improve real-time people, process, and technology controls.
Ideal outcomes of Purple Teaming
Real-time monitoring
Leveraging the organisation's response and capabilities against a wide range of attacks, identifying gaps in monitoring, detection, and prevention of malicious activity.
Blue Team training
The focal point of this assessment is to provide a practical learning experience while getting a deeper understanding of how the attackers think and operate.
Enhanced detection
Improve detection rules wherever possible.
Defence assessment
Opportunity to gain assurance that newly deployed defences are working as expected (e.g. EDR) or identify existing gaps in configuration for remediation.
Who can benefit from
Purple Teaming?
Purple Teaming is specially designed for organisations feeling prepared to put their security controls to the test against a wide range of attacks (as opposed to Red Teaming, where we conduct as few attacks as possible).
Purple Team exercises are Cyber Threat Intelligence-led, which means your organisation will be facing and learning from Tactics, Techniques, and Procedures (TTPs) leveraged by known malicious threat actors targeting organisations such as yours.
The SECFORCE way
Our CREST-accredited team and extensive experience with TIBER and CBEST engagements make Purple Teaming one of our flagship services getting high praise from our clients.
The use of in-house and commercial tools and our technical expertise allow us to simulate a wide range of attacks such as ransomware, phishing, network filtering, exfiltration…
But the truly defining factors for Purple Teaming success are communication and iteration. We will repeat activities as many times as necessary and discuss with the Blue Team to ensure that the exercise is driving improvement to the key areas identified.
Purple Teaming Services
Purple Team Exercise
A comprehensive adaptation of a Purple Team engagement, where the Red Team simulates a range of TTPs across all/multiple phases of the cyber kill chain and interacts with relevant defensive teams in real time to test the existing controls, as well as drive improvements in monitoring, detection, and prevention capabilities.
Ransomware Simulation Exercise
An exercise that mimics the behaviour of ransomware attacks to evaluate an organization's preparedness, including its ability to detect, contain, and recover from a ransomware threat.
Malware Resilience Testing
An exercise that assesses the resilience of organisation systems against the deployment, transfer, and execution of malware.
EDR Testing
This Purple Team variant focuses exclusively on thoroughly assessing an organization's EDR solution by simulating a wide range of relevant TTPs with various levels of sophistication.
Phising
An exercise that targets employees within an organisation using carefully crafted emails or messages designed to assess their susceptibility to phishing attacks and gauge overall security awareness. By collecting interaction metrics, the exercise provides valuable insights that can help tailor and improve future security awareness training.
