Purple Gain: Using Red Team, Blue Team Solutions and Strategies to Provide Preferred Cybersecurity Outcomes
Businesses in the pursuit of protecting their data and networks buy tools to create a defense-in-depth cybersecurity posture. The thinking is well-intended but is slightly fallacious.
Make no mistake, cybersecurity tools often gather insights and provide protections as advertised. However, adding more tools does not necessarily build a better defense. Tools fail silently, and often, due to human and system issues:
- Either the filters or the installation of software to a server is
- An OS, an application, or a platform becomes obsolete.
- While OpenAPI is used to integrated tools, often, these integrations are not well-developed leading to false positives.
- Practitioners who often wear many hats simply do not know how to use tools or have the bandwidth to continuously evaluate them.
To be more precise, cybersecurity is more than the tools and the people responsible for security monitoring; cybersecurity is about outcomes. Further, the idea of outcomes becomes far more acute when we go to the “right of boom.” When an alert becomes an incident and an incident becomes a breach, the security paradigm changes rapidly. A company would be wise to understand its prevention tools and its security posture and how each performs in practical situations.