purple team (1)

Empowering Cybersecurity Collaboration through PTEF

 

SCYTHE created a Purple Team Exercise Framework (PTEF) to facilitate the creation of a formal Purple Team Program by performing adversary emulations as Purple Team Exercises and/or Continuous Purple Teaming Operations.

At a high level, a Purple Team Exercise is executed with the following flow:

EXERCISE COORDINATOR (EC)

Present adversary, TTPs, and technical details

ALL

Table-top discussion of security controls and expectations for TTP execution

RED TEAM

Emulate the TTP while sharing the screen so everyone sees and learns what an attack looks like

BLUE TEAM

Follow process to detect and respond to TTPs, share screen to confirm identification of artifacts

DETECTION ENGINEERING

Can any adjustments or tuning to security controls and/or logging be made to increase visibility

ALL

Repeat procedure and record new results, move to next TTP

Download Guide