Purple Teams & Adversary Simulations

We define Purple Teams as an open-book-exam process that prioritizes and demonstrates quantifiable improvements in defenses over time. We facilitate Adversary Simulations through this approach.

Red & Blue, Intel and Hunt Team Collaboration

Purple Teams testing is the best way to bring focus to improving cyber defenses. Our approach prioritizes MITRE ATT&CK tactics & techniques and Adversary Simulations for your industry, and establishes a process with defined Defense Success Metrics.

SRA is an industry leader in purple team thought leadership and testing, with our contribution embodied by our VECTR™ platform and taught in several SANS classes (by independent instructors, not by SRA team members).

Ready to begin?

For more information and to request the Purple Team service, complete the contact form below. A representative will reach out to you promptly.

 

Our Purple Team Models

Purple Team "Essentials"

This entry-level purple team assessment can help set a foundation for your Purple Team Program and guide your security team through a collaborative testing process. Purple Team “Essentials” generates a prioritized list of quick wins and content development to strengthen your security posture and create quantified success metrics.

Industry Threat Index

Each Threat index is built on the “top 5” threat actors identified by industry-leading organizations in Finance, Healthcare and Life Sciences (respectively). SRA facilitates working groups with Threat Intel, Red and Blue teams in each Industry vertical to develop and agree to the format and contents of each test case. SRA also facilitates anonymized, voluntary benchmarking scores.

Cloud Purple Team

 We perform testing across the following areas of the control plane and endpoints:

  • Suspicious Account Activity and Persistence
  • Security Policy and Configuration Changes
  • Data Protection and Exfiltration
  • Cloud Service Discovery and Enumeration
  • Endpoint Security
  • Network Security

Enterprise Purple Team

A robust Purple Team exercise emulating threat actor techniques and covering a broad span of MITRE ATT&CK tactics to put your defenses to the test, and most importantly, develop a roadmap for world-class detection. Our most resource-intensive model, the Enterprise Purple Team will  will result in a thorough look at how your defenses hold up across the entire MITRE ATT&CK framework in their current state, and offer you a roadmap for future improvement.

Our Approach:

PREPARATION

SIMULATION

REVIEW & IMPROVEMENT

REPORTING & BENCHMARKING

Defense Success Metrics

Purple Teams can create quantifiable metrics about how well your defense capabilities are preventing and detecting attack patterns.

This is accomplished by intentionally bringing prioritized attack patterns into your Purple Teams scope (not ALL of MITRE ATT&CK at once) and testing against them. The Defense Success Metric can now be based on that denominator of attack patterns and is a foundation that can continue to grow.

Purple Teams are most effective with VECTR™

Track attacks and defensive success with VECTR™! This FREE tool provides a central platform for conducting assessments and reporting on your improvement over time.