探索我们的网络安全资源库, 包括案例研究, 白皮书, 最佳实践和专家思想领导.
了解更多 >
主要联系人: 卡尔·N. Kriebel CISSP
Do you ever worry about your organization’s ability to detect and/or prevent a threat actor? Would you like to know how your team and toolsets react to a battery of offensive tests that range from the most basic tactics to the latest and greatest advanced persistent threat techniques? Have you ever discovered a new attack technique and wondered, "How many more are there?或者“我应该担心哪些。?" Are you curious about testing a particular exploit or 横向运动 activity in your network, 但不确定从哪里开始?
If you answered “yes” to any of those questions, perhaps a Purple Team exercise is exactly what you need. A bet9游戏平台 Purple Team exercise brings together our red teamers and blue teamers, 现场, to work alongside your team to learn how to prevent and detect specific offensive techniques from the MITRE ATTACK框架 and other hacker tools, 技术和程序.
作为紫色队训练的一部分, our goal is to provide the hacker toolsets and mentality of our red team experts along with the incident responder and defensive thinking of our blue team experts in a way that encourages, 参与并激发知识转移.
To maximize the effectiveness of a Purple Team exercise, our team must first gain a strong understanding of your environment. 在这个过程中, we'll become familiar with your current alerting/detection capabilities, as well as your network architecture and various other pertinent details. We believe the more we understand about your environment, the more valuable the exercise will be.
By leveraging every category of the MITRE ATT&CK框架, we'll work collaboratively with you to map a custom set of tactics and techniques that are risk-based, industry-appropriate and meaningful to your organization. This selection process is highly flexible and can steer the exercise toward a specific theme of offensive techniques or it can ensure a well-balanced exercise for a stronger baseline. Ultimately, the scope and variety of the exercise is entirely up to you. 另外, we will cross-reference your threat intel against the framework's data to identify which threat actors youâre most likely facing in the wild, and then use our understanding of their typical behavior to further shape your organization's custom threat map. This enables us to anticipate additional attack vectors of concern and provide an authentic attack scenario within the collaborative process.
一旦威胁映射完成, the offensive experts of our red team will execute each of the techniques in a transparent environment. This process encourages an "over-the-shoulder" element, 你的保安可以在里面观察, learn and even get hands-on assisting in the execution of a variety of typical hacker activities like enumeration, 剥削, 横向运动, 后开发和渗透, 等. 在这个过程中, our red team will serve as an expert resource to transfer valuable knowledge regarding modern offensive strategies, 并提供对黑客思想的洞察.
The success or failure of each technique is closely monitored to ensure complete understanding of its impact within the environment. The best-case scenario is for controls to prevent the execution or deny the intended result, in which case we may attempt several other methods of execution. 如果一个技术是成功的, we analyze the results to determine its full impact and identify additional mitigating factors. With the understanding that it's not always possible to prevent every technique, impact analysis for successful techniques allows for appropriate prioritization and accurate decision-making.
As our red teamers execute offensive techniques, our blue teamers are alongside your team simultaneously monitoring your logs and systems. 如果一个技术是成功的, we'll help your team leverage current capabilities to prevent/detect each technique. If current capabilities are insufficient, we'll help your team develop a plan for new capabilities. 在这个过程中, our blue team will serve as an expert resource to transfer valuable knowledge regarding modern defensive strategies and offer insights into their real-world threat actor encounters.
练习后, your team will receive a full report that will include a detailed threat map of each technique's execution status and analysis from both our red and blue teams, as well as a detailed guide for the implementation of any defensive items that were not fully addressed during the exercise.
查看我们的 紫色团队评估bet9平台游戏概述 for more information or download our whitepaper, 紫色团队评估的好处, to learn more about the impact the assessment can have for your organization.