Establishing a Purple Team culture.
Typically the Red Team’s job is to embarrass the Blue Team. The Red Team shows up with a bit of swagger, conducts reconnaissance like and attacker, and finds a path in. At the end, they publish a report that points out the ugliness of your enterprise and they move on to the next engagement.
Meanwhile the Blue Team, most of whom have barely seen their families as they work tireless to secure the enterprise, are left with a .PDF report full of screenshots, claims, and lots of questions.
This Red vs. Blue approach to cybersecurity is unsustainable, and often does more harm than good. The goal should be Red AND Blue, working together as a purple team to improve the security posture of the organization. The Red Team is continuously identifying critical attack vectors and ineffective security controls, informing the Blue team on where to prioritize their fix-actions and how to better tune their security detection tools.
Here are some lessons we learned as we established a Purple Team culture in our organizations, and how Node Zero can help accelerate your journey.