Purple teaming — can anyone recommend best practices for getting your org started?

Question

Answer

New term for me. Interested in everyone's comments. Let's discuss!

Answer

I managed our purple team here for about 2 years. The first step is understanding the threat actors and their tactics, techniques, and procedures (TTPs). We then started to apply our red team members to build out some tests that measured our ability to detect and prevent those attacks with a partnership from the blue team. When the red team was successful, we developed action plans to improve our defenses and then re-tested things. The overall outcome you want is to continuously improve your defensive posture by enhancing your people, processes, and technologies.

Answer

Here's my take
In the spectrum of color based identification for cyber teams, the blue is on the defensive/monitoring/respond side, While red (a universal indicator of danger or harm) is on the attack/penetrate/exploit side. Both are for organizational benefit, and are working towards the purpose of enhancing the maturity of the security program

Somewhere in the middle is the purple (try mixing red and blue pastel/oil colors at home ). What this means is that the cyber team works as a team to be better prepared from each other's perspective. Here transparency and willingness to proactively share- being symbiotic is KEY.

A defender needs to do better at gaining understanding of the "attackers mind", the technique and tricks used and those nuances that attackers may be using that the defender may not be aware. Likewise an attacker is usually focused more and more on "attacking", some of the defenses or its weakness may not be fully aware. A crucial piece of info s/he can leverage for crafting more intuitive attacks.

So together they foster a mechanism of continual loop of feedback and improvements, helping the team and the company's objective

for me here are the next steps:
> if the capability, like that of Red team doesn't exist get a strong partner under NDA
> ensure the team understands what blue/red/purple mean and why we wish to go for the purple mode

> use team alignment models to clarify goals/share responsibilities and drive to goals
(like in defensive forces, irrespective of the discipline of army, navy or airforce, the mission objective is under a unified objective and sometimes a command. (hierarchy is not important)
> make the team and objective formal and well aligned. i see the purple team as an added benefit for
_ cyber talent rotation/upskilling/cross skilling
_ possibility for future state - all-hands-on-deck situation
_ expanding on the perspectives may uncover additional security controls to be implemented

Answer

plz have look the doc. May help you https://www.ecb.europa.eu/pub/pdf/other/ecb.tiber_eu_purple_best_practices.20220809~0b677a75c7.en.pdf

Purple teaming — can anyone recommend best practices for getting your org started?

Content you might like

So far this year, $210 Million worth of ransomware payments have been tracked by analytics firm Chainalsyis. How much will have been spent in ransomware transactions by the end of the year?

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

What's your initial reaction to Cisco acquiring Splunk?