Purple teaming

Purple teaming exercises

Following the comprehensive workshop, your security operations center now has a deeper understanding of their detective capabilities – both conceptually and functionally. Through this unique opportunity they were also able to refine existing defensive measures for improved performance.

After analysis and assessment of the SOC capabilities, we move on to a series of purple teaming exercises: a collaborative effort between FalconForce’s offensive “red” team and your defensive “blue” team. With our combined forces, let us put detection security strategies to the test!

Purple teaming exercise

First, we jointly select targets and relevant attacker techniques that will be used in the purple teaming exercises. We use the industry-wide accepted MITRE ATT&CK matrix, a common language to aid both offensive and defensive teams. Also, during the preparation step, the necessary technical preparation will be made, such as setting up test accounts, or arranging network access for the red team.

Attack technique simulation
Next, the red team will perform attacks on your selected environment(s) based on the chosen attacker techniques in the preparation step. The red team will perform these attacks in a controlled manner, as to not disturb production systems. During the red team’s attacks the SOC will actively monitor and see if the selected MITRE ATT&CK techniques are detected.

Purple teaming exercise
Next, FalconForce will facilitate a hands-on purple teaming exercise with your SOC team. Input for the exercise are the techniques used, and the IOC data captured during the red teaming. In the purple teaming exercise, we will discuss where detection was (not) successful. FalconForce can replay specific attacks during the exercise to enable an in-depth discussion on how detection can be improved. Where useful, first tweaks can already be made, and tested on the spot. Outcome of the exercise is a list of improvement points that you can take further action on.

“Collaborative purple teaming sessions boost the learning experience of your blue team and enables pragmatic defensive improvements.”

Purple teaming

Our other services

Defensive capability workshop

Before engaging on the purple teaming session(s), we can host a defensive capability workshop. This workshop is used to kickstart the purple teaming exercise, to gain more insight in your current detective capabilities, to help your team prepare and to provide both teams solid context to make the most out of the purple teaming exercises. Moreover, we often identify ‘low-hanging fruit’ improvement during the workshop.

Read more

Together. Secure. Today.

Get in touch with one of our professionals

Want to discuss your challenges in more detail or wondering what we can do for you? We are happy to meet you for a (virtual) coffee. Please get in touch!

FalconForce realizes ambitions by working closely with its customers in a methodical manner, improving their security in the digital domain.

Energieweg 3
3542 DZ Utrecht
The Netherlands

FalconForce B.V.
[email protected]
(+31) 85 044 93 34

KVK 76682307
BTW NL860745314B01