ITSPmagazine Podcast

Red Team + Blue Team Doesn't Mean You Have A Purple Team | Operationalizing Purple With @ch33r10, Erik Van Buggenhout, Ben Goerz, Craig Balding

Episode Summary

We can't deny the value of the Red and Blue Teams. One tests the weaknesses of an environment and the other the controls and processes as they get attacked. However, things get better when you add a Purple Team.

Episode Notes

We can't deny the value of the Red and Blue Teams. One tests the weaknesses of an environment and the other the controls and processes as they get attacked. However, things get better when you add a Purple Team.

Does having a Red Team and a Blue Team mean that you automatically have a Purple Team too? The answer is no. But what is the material demand and measurable value in defining, hiring, and running a dedicated Purple Team?

Not sure? Neither was I. That's why I pulled this group of red, blue, and purple teamers together to have an open, candid discussion.

Listen to this conversation to make your own determination of value and stay with us for more as we move beyond this debate to take the conversation deep to the point where we look at how to define goals, set scope, get started, and measure success. You might be surprised by how each guest's perspective on how to start, where to start, how to keep things on track, and how the diversity of thought bringing a purple team into the mix can dramatically change the way the Red and Blue Teams operate.

If you're considering standing up a Purple Team, this is a must-listen episode. If you haven't considered one yet but want to see how it helps Red and Blue do their jobs, you'll find some fantastic nuggets in this episode as well.

Go Purple!

"There are a lot of models, processes, and frameworks that you can use to help you with your purple teaming; everything from the pyramid of pain, to the diamond model that you can use to create activity groups to help prioritize the threats that are coming at your org, to Erik's threat intel process." —@Ch33r10

"Quite often the red teams are very good at abusing [vulnerabilities] and they give recommendations which are technically very correct, but they're not always tailored for the environment." —Erik Van Buggenhout

"I have red and blue teams on three continents in three very different time zones. Trying to put a big eight-hour block to work together just isn't possible in my situation. So we've worked to get our purple team exercises down to an hour." —Ben Goerz

"You might choose a [purple teamer] because of their interpersonal skills, because of their emotional intelligence, and because they get what you're trying to do in a fairly limited time rather than, say, showboating their skills." —Craig Balding

Guest(s)
@Ch33r10* | Erik Van Buggenhout | Ben Goerz | Craig Balding

This Episode’s Sponsors:
Nintex: https://itspm.ag/itspntweb

Resources
🦾TTPs

🦄PURPLE

👾MALWARE ANALYSIS

To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-security

Are you interested in sponsoring an ITSPmagazine Channel?
https://www.itspmagazine.com/podcast-series-sponsorships

* Note from @ch33r10 - “The opinions expressed in this podcast are those of the speaker, in their individual capacity, and not necessarily those of the employers. Use of SCYTHE’s Purple Team Exercise Framework (PTEF) in this podcast does not endorse them as a vendor."