Governance & Risk Management , Vulnerability Assessment & Penetration Testing (VA/PT)

Purple Teaming: Evaluate the Efficacy of Security Controls

Jared Atkinson of SpecterOps on Why 'Detection Is Not the End of the Line'
Purple Teaming: Evaluate the Efficacy of Security Controls
Jared Atkinson, chief strategist, SpecterOps

The concept of red teaming has been around since the 1960s. Red teams use tactics, techniques and procedures to emulate a real-world threat and measure the effectiveness of your defenses. "Red teaming is narrative-driven," said Jared Atkinson of SpectorOps. It looks at a specific attack chain and doesn't take into account the "numerous variations" in how a threat can enter your environment.

Red teaming is not effective for evaluating the efficacy of preventative or detective security controls, Atkinson said, but purple teaming is. He defined purple teaming as "the evaluation of security control efficacy through atomic testing, using deliberately selected test cases." Atomic testing allows teams to control variables and evaluate a specific part of an attack chain.

In this episode of CyberEd.io's podcast series "Cybersecurity Insights," Atkinson discussed:

  • The value in building defenses around lateral movement, credential access and privilege escalation;
  • How SpecterOps' BloodHound Enterprise product helps you get rid of routes along an attack path and achieve least privilege;
  • Why defenders should focus less on detection and more on "shepherding that detection through remediation."

Atkinson is a security researcher who specializes in digital forensics and incident response. He is an expert in PowerShell and the open-source community and the lead developer of PowerForensics and Uproot. He also maintains a DFIR-focused blog. Recently, Atkinson built and led private sector hunt operations capabilities. Prior to that, he led incident response missions for the U.S. Air Force Hunt Team.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.