Purple Teams & Adversary Simulations

We define Purple Teams as an open-book-exam process that prioritizes and demonstrates quantifiable improvements in defenses over time. We facilitate Adversary Simulations through this approach.

Red & Blue, Intel and Hunt Team Collaboration

Purple Teams testing is the best way to bring focus to improving cyber defenses. Our approach prioritizes MITRE ATT&CK tactics & techniques and Adversary Simulations for your industry, and establishes a process with defined Defense Success Metrics.

SRA is an industry leader in purple team thought leadership and testing, with our contribution embodied by our VECTR™ platform and taught in several SANS classes (by independent instructors, not by SRA team members).

Our Approach:

VALIDATE

 expected Prevent/Detect controls

j

DOCUMENT

 test procedures for repeatability

BUILD

 a worklist to develop content gaps

GENERATE

 quantitative defense success metrics

REPORT

 on improvement over time

Defense Success Metrics

Purple Teams can create quantifiable metrics about how well your defense capabilities are preventing and detecting attack patterns.

This is accomplished by intentionally bringing prioritized attack patterns into your Purple Teams scope (not ALL of MITRE ATT&CK at once) and testing against them. The Defense Success Metric can now be based on that denominator of attack patterns and is a foundation that can continue to grow.

What Does This Process Look Like?
1

We start with a workshop to understand the scope of defenses (Protect and Detect controls), and previous efforts to align to the MITRE ATT&CK Framework. We discuss your toolsets, integrated log sources, and known visibility gaps.

2
We populate your defensive tool sets into a new instance of the free VECTR™ platform and configure our recommended Purple Teams Campaigns. Campaigns include a series of red team operations/test cases which are mapped to the MITRE ATT&CK Framework.
3

We facilitate expert Purple Teams testing working alongside your team. We document outcomes, help you prioritize gaps in real time, and share detection content known to be successful.

Our Purple Team Models

Purple Teams Essentials

Overview: Starter assessment with 40-50 fundamental test cases used widely by threat actors. Incremental changes in test cases each quarter to determine broad defensive capabilities and areas for improvement.

Enterprise Purple Teams

Overview: A robust exercise including end-to-end threat actor simulation and broadly covering MITRE ATT&CK tactics to put your defenses to the test, and most importantly, develop a roadmap for world-class detection.

Purple Teams are most effective with VECTR™

Track attacks and defensive success with VECTR™! This FREE tool provides a central platform for conducting assessments and reporting on your improvement over time.