Sharing Different Perspectives
What if I told you how I’m attacking you right now?
Now we play face up cards
The Red Team and Blue Team are in constant conflict with the goal of making the company’s defenses more robust and reactive. While the Red Team aims to attack by showing the risks and threats to which one is exposed, the Blue Team has a perimeter to defend and monitor, checking the impact that damage can have on the company’s business.
In the real world, defenders never know who, when, and from where an attack will come, and they are not certain if the detection and reaction times are adequate.
Sharing different perspectives
The Purple Team is born from the idea that continuous dialogue between the two teams can increase the effectiveness of defense tools and processes through a common cultural path.
By simulating an attack, the Red Team shares in real-time with the Blue Team the “when and how” of the offensive action.
This allows the Blue Team to measure “if and when” it is able to identify the attack.
The Purple Team integrates the Red Team’s offensive tactics with the Blue Team’s defense strategies into a single narrative that maximizes the effectiveness of the results.
Sharing information between the two teams allows for an exchange of perspectives that promotes continuous improvement.
Creating continuous dialogue and effective communication between attackers and defenders is the best way to constantly test and adjust tools, processes, and cultural attitudes for defense.
In this context, the experiences gained during Red Team attack activities are compared with the defense techniques expressed by the customer’s technical team or their security provider, identified as the Blue Team.
The Purple Team is a service that connects:
- The attacker: Red Teamer, who carries out the attack, i.e., us at IMQ Intuity
- The defender: Blue Teamer, who handles security in the company or an external provider (e.g., SOC)
Benefits for your Company
The goal is to learn from the critical issues identified (on physical infrastructure, IT, processes, and people) during Red Team attack simulation activities and share them with the Blue Team, turning them into awareness and shared culture at the same time.
In particular, the Red Team will explain the dynamics of the techniques used and describe to the Blue Team the corrective approach to what was found.