Purple team methodology is a rare chance for both the blue and red teams to work together. The red team will attack the network using numerous angles with one goal in mind: don’t get caught. The scope (or objective) of this engagement is set before the attack. Whether it’s stealing sensitive PII or customer data, the red team will have that predetermined objective in mind throughout the engagement to meet your goals and needs. As the working adversary, our team of experts attempts to gain reconnaissance through virtual and physical access to confidential data within your organization.
Unlike many other offensive security engagements assessments that can be performed on your network, this engagement is meant to be kept under wraps from most of the employees. The red team will attempt to stay covert in order to complete the overall objective, thoroughly testing your security defenses and blue teams. Only a handful of executives and the blue team will be aware of the ongoing assessment.
If the blue team identifies attack activity, they will contact the red team to verify it’s not a real attack. Once verified, the red team will continue the attack while the blue team will notate how they were detected and keep monitoring to see what other activity they detect. As attackers do not stop “hacking” companies even when they are discovered, neither will our red team. This will give the blue team a rare opportunity to monitor and observe attacker behavior while devising new strategies to detect and block that activity, while also knowing this is a simulation.
Once the engagement is complete, our team will break down our findings on how the adversary was able to access the infrastructure, exploit vulnerabilities found along the way, and how they accomplished their objectives. With this knowledge, you can better understand the security posture of your environment and identify ways to improve it. From there, we can help your organization develop a plan to help prevent any future exploitations in your network!