Purple Team Assessments

Do you ever worry about your organization’s ability to detect and/or prevent a threat actor? Would you like to know how your team and toolsets react to a battery of offensive tests that range from the most basic tactics to the latest and greatest advanced persistent threat techniques? Have you ever discovered a new attack technique and wondered, "How many more are there?" or "Which ones should I be worried about?" Are you curious about testing a particular exploit or lateral movement activity in your network, but aren’t sure where to start?

If you answered yes to any of those questions, perhaps a Purple Team exercise is exactly what you need. A Schneider Downs Purple Team exercise brings together our red teamers and blue teamers, onsite, to work alongside your team to learn how to prevent and detect specific offensive techniques from the MITRE ATT&CK framework and other hacker tools, techniques and procedures.

 

As part of a Purple Team exercise, our goal is to provide the hacker toolsets and mentality of our red team experts along with the incident responder and defensive thinking of our blue team experts in a way that encourages, engages and sparks knowledge transfer.

The Purple Process

  • Acclimation – To maximize the effectiveness of a Purple Team exercise, our team must first gain a strong understanding of your environment. During this process, we’ll become familiar with your current alerting/detection capabilities, as well as your network architecture and various other pertinent details. We believe the more we understand about your environment, the more valuable the exercise will be.
  • Threat Mapping - By leveraging every category of the MITRE ATT&CK framework, we’ll work collaboratively with you to map a custom set of tactics and techniques that are risk-based, industry-appropriate and meaningful to your organization. This selection process is highly flexible and can steer the exercise toward a specific theme of offensive techniques or it can ensure a well-balanced exercise for a stronger baseline. Ultimately, the scope and variety of the exercise is entirely up to you. Additionally, we will cross-reference your threat intel against the framework’s data to identify which threat actors you’re most likely facing in the wild, and then use our understanding of their typical behavior to further shape your organization’s custom threat map. This enables us to anticipate additional attack vectors of concern and provide an authentic attack scenario within the collaborative process.
  • Execution – Once threat mapping is complete, the offensive experts of our red team will execute each of the techniques in a transparent environment. This process encourages an "over-the-shoulder" element, in which your security can observe, learn and even get hands-on assisting in the execution of a variety of typical hacker activities like enumeration, exploitation, lateral movement, post-exploitation and exfiltration, et al. Throughout this process, our red team will serve as an expert resource to transfer valuable knowledge regarding modern offensive strategies, and offer insights into the mind of a hacker.
  • Impact Analysis – The success or failure of each technique is closely monitored to ensure complete understanding of its impact within the environment. The best case scenario is for controls to prevent the execution or deny the intended result, in which case we may attempt several other methods of execution. If a technique is successful, we analyze the results to determine its full impact and identify additional mitigating factors. With the understanding that it’s not always possible to prevent every technique, impact analysis for successful techniques allows for appropriate prioritization and accurate decision-making.
  • Detection – As our red teamers execute offensive techniques, our blue teamers are alongside your team simultaneously monitoring your logs and systems. If a technique is successful, we’ll help your team leverage current capabilities to prevent/detect each technique. If current capabilities are insufficient, we’ll help your team develop a plan for new capabilities. Throughout this process, our blue team will serve as an expert resource to transfer valuable knowledge regarding modern defensive strategies and offer insights into their real-world threat actor encounters.
  • Reporting – After the exercise, your team will receive a full report that will include a detailed threat map of each technique’s execution status and analysis from both our red and blue teams, as well as a detailed guide for the implementation of any defensive items that were not fully addressed during the exercise.

For more information, please contact Daniel J. Desko.

case studies

 
big problem:
Ransomware attack halted a global manufacturer's operations.
big thinking:
Recover and secure the system – fast – save $1 million in ransom.
 
big problem:
High tax burden for family-owned franchisor.
big thinking:
Comprehensive planning for a 15% tax reduction.

our thoughts on

Department of Labor Announces Rule to Strengthen Retirement Security for Millions Employed in Small and Mid-Sized Businesses

Citing a 2018 report by the U.S. Bureau of Labor Statistics that approximately 38 million private sector employees in the United States lack access to

read more >

Application to Receive Funding for On-Road and Class 8 Fleet Vehicle Projects in Pennsylvania Now Available!

As you know from our previous articles (Volkswagen Environmental Mitigation Trust Fund), Volkswagen is obligated to fund various environmental trusts for

read more >

Financial Fitness: Setting SMART Goals

This article was originally published in Wedgewood Life magazine and is reprinted with their permission. Happy New Year! As the calendar flips and a New

read more >

Good News Regarding Excess Business Losses For Your Pass-Through Construction Business

If you own a construction business, you know all too well that one or more bad contracts can make or break the financial results for the year. If you were

read more >

Financial Fitness - Are my personal finances on the right track?

This article was originally published in Wedgewood Life magazine and is reprinted with their permission. This is a frequently asked question by my clients

read more >

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office
Pittsburgh

One PPG Place, Suite 1700
Pittsburgh, PA 15222

contactsd@schneiderdowns.com
p:412.261.3644     f:412.261.4876

Map of Columbus Office
Columbus

65 East State Street, Suite 2000
Columbus, OH 43215

contactsd@schneiderdowns.com
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102