12 July 2018

Red and blue teaming are well established concepts in information security, but recent years have given rise to a new, collaborative approach – purple teaming.

 

To defend against rapidly evolving cyber threats, businesses need to continually adapt and innovate. This means that red and blue teams must work together on an ongoing basis to maximise their individual and collective effectiveness.

 

Red vs blue teams – what’s the difference?

 

A red team is a group of offensive security professionals tasked with using real-life adversarial techniques to help organisations identify and address vulnerabilities across infrastructure, systems and applications, as well as weaknesses in processes and human behaviour.

In contrast, a blue team, typically based in a Cyber Security Operations Centre (CSOC), is a group of analysts and engineers responsible for defending organisations from cyber-attacks through a combination of threat prevention, deception, detection and response.

 

Implementing a joint approach

 

Regardless of size, industry or resources, all organisations need red and blue team expertise to effectively combat cyber threats.

Red team activities, from vulnerability assessments and penetration testing to full scale cyber-attack simulations, are specifically designed to identify security exposures by challenging blue teams and assessing detection techniques and processes.

Red team assessments can be used to test organisations against the latest tools, tactics and procedures used by criminal adversaries, and provide vital feedback to improve threat hunting, monitoring and incident response.

The reality for many organisations, however, is that red and blue teams are often completely separate and disconnected entities. In some small organisations, for instance, in-house IT staff are often tasked with monitoring, detection and response, while ethical hackers are commissioned from external providers to perform occasional vulnerability scanning and penetration testing services.

In such circumstances, there are often no continuous feedback channels between red and blue teams. Rather than collaborating and continuously enhancing security controls, many organisations are adopting a short-term view to security and failing to leverage red and blue team insight to inform and evaluate long-term security goals and strategy.

 

What is purple teaming?

 

Purple teaming is a security methodology whereby red and blue teams work closely together to maximise cyber capabilities through continuous feedback and knowledge transfer.

Purple teaming can help security teams to improve the effectiveness of vulnerability detection, threat hunting and network monitoring by accurately simulating common threat scenarios and facilitating the creation of new techniques designed to prevent and detect new types of threats.

Some organisations perform purple teaming as one-off focused engagements, whereby security goals, timelines and key deliverables are clearly defined, and there is a formal process for evaluating lessons learned over the course of an operation. This includes recognising offensive and defensive shortcomings and outlining future training and technological requirements.

An alternative approach gaining traction in the security market is to view purple teaming as a conceptual framework that runs throughout an organisation, establishing permanent communication channels and fostering a collaborative and transparent culture that promotes continuous cyber security improvement.

 

How Redscan can help

 

Redscan is an award-winning provider of managed cyber security services. By utilising our deep knowledge of offensive security alongside the latest security tools and intelligence, we help organisations to identify, hunt for and eliminate threats and vulnerabilities across their networks and endpoints.

The purple team mentality is crucial to Redscan’s approach to cyber security. Redscan Labs, our threat research and analytics division, provides actionable insight to help our red and blue team hackers, analysts and engineers to continually improve the quality and effectiveness of our services.

Whether you are looking to assess your organisation’s defences or bolster them with an outsourced service, you can be confident that Redscan will provide the deep insight and clear advice you need to significantly improve its cyber security posture.

Discover our full range of services

 

Read more:

Redscan announces availability on G-Cloud 10

EPP vs EDR – what’s the difference?

Cryptojacking: how it works and how to protect your business

 

back to all posts