Security Operations

PRACTICAL CYBERSECURITY: Why Your Organization Should Consider Setting  Up It’s Own Purple Team.

October 26, 2021 No comments yet

PRACTICAL CYBERSECURITY: Why Your Organization Should Consider Setting  Up It’s Own Purple Team.

Typically, the Red Team’s job is to embarrass the Blue Team. The Red Team shows up with a bit of swagger, conducts reconnaissance like and attacker, and finds a path in. At the end, they publish a report that points out the ugliness of your enterprise and they move on to the next engagement.

Meanwhile the Blue Team, most of whom have barely seen their families as they work tireless to secure the enterprise, are left with a .pdf report full of screenshots, claims, and lots of questions. 

This Red vs. Blue approach to cybersecurity is unsustainable, and often does more harm than good. The goal should be Red AND Blue, working together as a PURPLE team to improve the security posture of the organization. 

The Red Team is continuously identifying critical attack vectors and ineffective security controls, informing the blue team on where to prioritize their fix-actions and how to better tune their security detection tools.

Setting Up Purple Team. (Emphasis on the attached image).

Typically, organizations security operations or SOC team fits into the BLUE team description. Now, at most organizations, the RED team description fits into external consultants hired on an ad-hoc basis (ONCE or TWICE a year). 

Our autonomous penetration platform called NodeZero, a completely agentless platform and does not require external consultants to operate and manage) perfectly fits into the red team (again, see the attached  image). At your convenience, I’d like to present this solution and give detailed explanation on how it can help with both red and purple team setup.

REAL WORD USE CASE.

A global consulting company’s Red Team experimented and starting using NodeZero to accelerate their own delivered Time-To-Value. As a traditional 2–3-person Red Team, they’d scope and assess 1-3 /24s and take 6-16 weeks from contract signing to complete.

NodeZero enabled them to run 15 operations in 24 days, assessing 22K+ hosts and finding 3800+attack vectors. This was 99%+ coverage enabling 4 people to operate like an 80-person Red Team, ultimately saving 600+ man-hours per /24 operation and 1000 man-hours per /16. That’s a 50x coverage in 50x less time. That’s the potential of automated and AI-driven Purple Teaming. Painless.

Finally, as stated earlier, I’d like to invite you and your team to join our weekly webinar this Wednesday for detailed demonstration of how it can get your purple and red team up and running.

Webinar Details Below;

Date: 27th October 2021

Time: 2PM (Nigeria), 16:00 EAT & 14:00 GMT

Zoom Registration Link:  https://us02web.zoom.us/j/86595605766?pwd=Y1k0TWZYd1VZemdQV2EybmRSZnlXQT09

Meeting ID: 865 9560 5766

Passcode  844772