purple team (1)

    Empowering Cybersecurity Collaboration through PTEF

     

    SCYTHE created a Purple Team Exercise Framework (PTEF) to facilitate the creation of a formal Purple Team Program by performing adversary emulations as Purple Team Exercises and/or Continuous Purple Teaming Operations.

    At a high level, a Purple Team Exercise is executed with the following flow:

    EXERCISE COORDINATOR (EC)

    Present adversary, TTPs, and technical details

    ALL

    Table-top discussion of security controls and expectations for TTP execution

    RED TEAM

    Emulate the TTP while sharing the screen so everyone sees and learns what an attack looks like

    BLUE TEAM

    Follow process to detect and respond to TTPs, share screen to confirm identification of artifacts

    DETECTION ENGINEERING

    Can any adjustments or tuning to security controls and/or logging be made to increase visibility

    ALL

    Repeat procedure and record new results, move to next TTP

    Download Guide