Purple teaming — can anyone recommend best practices for getting your org started?
Sort By:
Oldest
Director of Network Transformationa year ago
New term for me. Interested in everyone's comments. Let's discuss! Director of Cybersecurity Data and App Protection in Healthcare and Biotecha year ago
I managed our purple team here for about 2 years. The first step is understanding the threat actors and their tactics, techniques, and procedures (TTPs). We then started to apply our red team members to build out some tests that measured our ability to detect and prevent those attacks with a partnership from the blue team. When the red team was successful, we developed action plans to improve our defenses and then re-tested things. The overall outcome you want is to continuously improve your defensive posture by enhancing your people, processes, and technologies.Deputy CISOa year ago
Here's my takeIn the spectrum of color based identification for cyber teams, the blue is on the defensive/monitoring/respond side, While red (a universal indicator of danger or harm) is on the attack/penetrate/exploit side. Both are for organizational benefit, and are working towards the purpose of enhancing the maturity of the security program
Somewhere in the middle is the purple (try mixing red and blue pastel/oil colors at home ). What this means is that the cyber team works as a team to be better prepared from each other's perspective. Here transparency and willingness to proactively share- being symbiotic is KEY.
A defender needs to do better at gaining understanding of the "attackers mind", the technique and tricks used and those nuances that attackers may be using that the defender may not be aware. Likewise an attacker is usually focused more and more on "attacking", some of the defenses or its weakness may not be fully aware. A crucial piece of info s/he can leverage for crafting more intuitive attacks.
So together they foster a mechanism of continual loop of feedback and improvements, helping the team and the company's objective
for me here are the next steps:
> if the capability, like that of Red team doesn't exist get a strong partner under NDA
> ensure the team understands what blue/red/purple mean and why we wish to go for the purple mode
> use team alignment models to clarify goals/share responsibilities and drive to goals
(like in defensive forces, irrespective of the discipline of army, navy or airforce, the mission objective is under a unified objective and sometimes a command. (hierarchy is not important)
> make the team and objective formal and well aligned. i see the purple team as an added benefit for
_ cyber talent rotation/upskilling/cross skilling
_ possibility for future state - all-hands-on-deck situation
_ expanding on the perspectives may uncover additional security controls to be implemented
Chief Information Security Officer in Healthcare and Biotecha year ago
plz have look the doc. May help youhttps://www.ecb.europa.eu/pub/pdf/other/ecb.tiber_eu_purple_best_practices.20220809~0b677a75c7.en.pdf