691 Stickley Oak Way, Woodstock, GA 30189
SOC/Purple Team Testing
What Is Purple Team Testing?
The concept of Red and Blue teaming in Information Security is well-established and widely adopted but recent years have given rise to a more collaborative approach - Purple Teaming. To adequately defend against evolving cyber threats, businesses need to continually adapt and innovate a collective impact of securing and assessing their security posture.
The reality for many organizations, however, is that red and blue teams are often completely separate and disconnected entities. In some small organizations, for example, in-house IT staff are often tasked with monitoring, detection and response, while ethical hackers are commissioned by external providers to perform occasional vulnerability scanning and penetration testing services.
​
Purple teaming is a security methodology in which red and blue teams work closely together to maximize cyber capabilities through continuous feedback and knowledge transfer. Purple teaming can help blue security teams to improve the effectiveness of vulnerability detection, threat hunting and network monitoring by accurately simulating common threat scenarios and facilitating the creation of new techniques designed to prevent and detect new types of threats.
​
The Benefits Of Purple Team Testing
​
-
Enhance security knowledge:
-
Being able to observe and participate in attacks gives the blue team a better understanding of how attackers operate, enabling them to more effectively employ technologies to deceive actual attackers and study their tactics, techniques and procedures (TTPs).
-
-
Boost performance without increasing budget:
-
Combining defence and offence through purple team exercises allows organizations to improve security monitoring function faster and at less cost.
-
-
Streamline security improvements:
-
An alternative approach within the security industry is to view purple teaming as a conceptual framework that runs throughout an organization. This can nurture a collaborative culture that promotes continuous cyber security improvement.
-
​
- Gain critical insight:
- Purple teaming gives your internal security team a critical understanding of gaps in your security posture and helps to identify areas for capability enhancement.
​
​
​
​
Our Methodology
Bastion-Fort Security has extensive experience with complex architecture designs gained through years of experience working with clients of all sizes, industries and structures. As we are stay updated with hreat activity on a daily basis, we are constantly learning about the latest attack techniques, exploits and security flaws.
Our methodology covers:
-
Reconnaissance – Our team of security consultants will perform information gathering before any simulated attacks are executed.
-
Vulnerability Detection – Bastion-Fort Security will perform vulnerability detection to discover flaws in systems, networks and applications which can then be leveraged by the consultant.
-
Exploitation – Bastion-Fort Security will try to actively exploit security weaknesses identified in the vulnerability detection phase. To achieve this Pure Security may use publicly available, in-house developed or commercially available exploit kits.
-
Privilege Escalation – After a target has been successfully compromised, Bastion-Fort Security will try to gain a further foothold within the organization, this may involve gaining higher privileges in the system or potentially gaining access to other systems on the internal network. The end goal is to gain complete control of the network.
-
Data Exfiltration – Based on the scope of the project, Bastion-Fort Security may be required to perform data extraction. To achieve this, our security consultant will use a set of tools and techniques in order to extract specific data from the organization’s network.
-
Reporting and Delivery – Bastion-Fort Security will document, in priority order, the issues identified, along with recommendations for every issue identified. These are presented in a clear and meaningful way for both a technical and a business audience.