Download Purple Teaming for Dummies

Leading global organizations — from the United States military to global banks to energy providers — have been investing in cybersecurity for decades. However, intruders continue to break past organizational defenses. With the publication of the MITRE ATT&CK framework of adversary tactics, techniques, and procedures (TTPs), security teams now have a single repository of threat behavior that they can use to test and validate that cybersecurity controls work as intended. But what’s the good of threat intelligence and automated testing if your security team isn’t testing your defenses continuously and making adjustments to improve your security performance?

Enter the concept of purple teaming, which takes the best of red and blue teams and brings them together around a common threat framework and an automated testing platform to improve cybersecurity effectiveness. The combination of the MITRE ATT&CK framework, an automated breach and attack simulation platform, and purple teaming as an operational construct delivers a threat-informed defense and cybersecurity effectiveness.

But ATT&CK is not just a framework to understand adversary behavior: it is a tool for improving security effectiveness. How and why? For years in cybersecurity, defenders lacked a common vision of the threat landscape. In the private sector, cyberthreat intelligence was often based on after-the-fact forensic data, leaving defenders uncertain about the adversary’s future approach. Further, detailed knowledge of adversary tactics was often limited to classified government environments. Lacking a common lexicon for discussing adversary behaviors across the community, defenders fumbled in the dark to achieve security effectiveness.In this guide, we will take a look at practical ways to implement a purple teaming strategy and maximize your cybersecurity effectiveness. Filled with helpful tips, hints, and potential struggles, after reading this guide, you will walk away with actionable insights to start building a threat-informed defense.