Purple Teaming

Collaboration between Red and Blue Teams for validation and improvement of detection capabilities.

All of IntrusionOps' Red Team projects include a Purple Team exercise to validate what attack components were and were not detected, and to collaboratively improve detections. This is an important valuable outcome allowing Red Team Exercises to have a long lasting impact, leaving your company more prepared to identify attacks. See how your detection rules perform against real-world attacks.

Customers may opt to only use IntrusionOps' Purple Teaming services. Although this service can be tailored to meet specific requests, these projects are designed similar to unit testing. IntrusionOps prepares a series of attacks and launches them while recording timestamps and IOCs. A collaborative real-time notebook or spreadsheet is used to cross-reference attacks versus detections. Attacks that were not identified are entered into the notebook and prioritized. IntrusionOps works with the clients' Blue Team to write detections and repeat the attacks to verify newly developed detection rules are effective.

IntrusionOps' logo is purple because we have both professional Red and Blue team capabilities. Our Purple Team engagements involve IntrusionOps staff from the Red and Blue teams working with your team. We work with internal security teams, and third-party MDR/MSSP for the betterment of our clients' detection library.