Purple teaming — can anyone recommend best practices for getting your org started?

3k viewscircle icon4 Comments
Sort by:
Chief Information Security Officer in Healthcare and Biotech2 years ago

plz have look the doc. May help you

https://www.ecb.europa.eu/pub/pdf/other/ecb.tiber_eu_purple_best_practices.20220809~0b677a75c7.en.pdf

Deputy CISO2 years ago

Here's my take
In the spectrum of color based identification for cyber teams, the blue is on the defensive/monitoring/respond side, While red (a universal indicator of danger or harm) is on the attack/penetrate/exploit side. Both are for organizational benefit, and are working towards the purpose of enhancing the maturity of the security program

Somewhere in the middle is the purple (try mixing red and blue pastel/oil  colors at home ). What this means is that the cyber team works as a team to be better prepared from each other's perspective. Here transparency and willingness to proactively share- being symbiotic is KEY.

A defender needs to do better at gaining understanding of the "attackers mind", the technique and tricks used and those nuances that attackers may be using that the defender may not be aware. Likewise an attacker is usually focused more and more on "attacking", some of the defenses or its weakness may not be fully aware. A crucial piece of info s/he can leverage for crafting more intuitive attacks. 

So together they foster a mechanism of continual loop of feedback and improvements, helping the team and the company's objective

for me here are the next steps:
> if the capability, like that of Red team doesn't exist get a strong partner under NDA
> ensure the team understands what blue/red/purple mean and why we wish to go for the purple mode

> use team alignment models to clarify goals/share responsibilities and drive to goals
(like in defensive forces, irrespective of the discipline of army, navy or airforce, the mission objective is under a unified objective and sometimes a command. (hierarchy is not important)
> make the team and objective formal and well aligned. i see the purple team as an added benefit for 
_ cyber talent rotation/upskilling/cross skilling
_ possibility for future state - all-hands-on-deck situation
_ expanding on the perspectives may uncover additional security controls to be implemented

Lightbulb on1
Director of Cybersecurity Data and App Protection in Healthcare and Biotech2 years ago

I managed our purple team here for about 2 years. The first step is understanding the threat actors and their tactics, techniques, and procedures (TTPs). We then started to apply our red team members to build out some tests that measured our ability to detect and prevent those attacks with a partnership from the blue team. When the red team was successful, we developed action plans to improve our defenses and then re-tested things. The overall outcome you want is to continuously improve your defensive posture by enhancing your people, processes, and technologies.

Lightbulb on1
Director of Network Transformation2 years ago

New term for me.  Interested in everyone's comments.  Let's discuss!  

Content you might like

Targeted emails46%

Org-wide newsletters61%

Lunch & learn sessions53%

Posters, desktop screen-savers/wallpapers33%

Security champions across all lines of business17%

Other (please specify)1%

View Results

Yes53%

Not yet – we’re working on it38%

No7%

I don’t know…1%

View Results