Introduction

What?

The scope and goals for purple team operations are very similar to the operations defined for the red team. The core difference is that the focus lies on transparency and collaboration between red, blue, and engineering teams.

Why?

Wake up to a constantly changing environment, with new threats, tactics, and technologies, to new laws, regulations, guidelines, frameworks, and standards.

The goal throughout all stages of a purple team operation is to improve the security posture of a system pretty much immediately by running attacks and validating detections and alerts for the most imminent threats, currently still systems, and hypervisors, IoT, and the cloud.

If attacks succeed and are not caught, detections are fixed and implemented, and attacks are run again right away–until there is a measurable improvement.

How?