Urgences 24 sur 7 – (888) 287-5858   Connexion au Portail TitanSupport    Contactez-nous      Blogue

GoSecure Ethical Hacker Maxime Nadeau shares his perspective on the quickly growing, industry capability that delivers fast and long-lasting security improvements through a collaborative engagement.

 

What are Purple Team Services?

Purple Team services are a collaborative engagement where professional security testers work through real-world attack scenarios by dividing those activities into individual steps and executing those elements with in-house security teams. Purple Teaming works best as a complement to a robust Penetration Testing program with advanced, multifaceted scenarios to test defense and response capabilities with an organization that has some dedicated security resources that can benefit from the partnership. A Purple Team engagement allows an organization to pinpoint strengths and weaknesses in people, processes and technology in a safe environment– before the threats become a reality.

 

Why Would an Organization Consider Purple Team Services?

There are many reasons an organization would consider a Purple Team engagement. In my experience, a few of the top reasons are:

  • Organizations want to see a fast and long-lasting improvement in security maturity – At GoSecure, we focus on continuous improvement over the course of the engagement that can elevate security maturity posture for the organization quickly, but in a way that will last. We do this through a “Test, Fix and Test Again” approach — and by providing as much information as possible to the in-house teams during workshop sessions. With each scenario, we’re able to make immediate adjustments, test again to see if there is improvement and then make more adjustments to ensure that defenses and response capabilities are fully optimized.
  • Teams want to improve their detection processes and learn new techniques to identify vulnerabilities or conduct proactive threat hunting activities – The collaborative approach to Purple Team engagement offers a unique opportunity to train and mentor the organization’s security team. Through the scenarios, we can determine where there may be skill gaps and target those areas for knowledge transfer from our highly experienced and certified professionals. Training sessions to bridge certain gaps observed during the activities can be offered to further enhance the capabilities of the in-house teams.
  • The security team may want to identify areas for potential investment and build a case they can take to leadership – The real-world attack scenarios pinpoint gaps in capabilities, processes and technology that may require added investment by the organization. We can help make that case through our collaboration–and show improvement from the baseline we documented after the technology is implemented. It’s important to note that we are vendor-neutral, we can recommend adding some tools or resources—not what to buy or where to buy it from. And we will keep existing budget/vendor requirements in mind as we make recommendations.

 

What is the difference between a Purple Team and a Red Team engagement?

Red Team engagements are an important tool for in-house teams to get a point-in-time assessment of preventive security controls, as well as detection and response capabilities, against professionals who specialize in breaking through defenses. With a Red Team exercise, the security professionals within an organization will not know exactly what to expect or when the attack will happen. Professionals like the team at GoSecure will design a series of real-world attacks with multiple threat vectors that we feel have the best chance of breaching the defenses. During Red Team engagements, the offensive security team will use technical, social engineering, and physical threat vectors to try to get access to predefined targets referred to as the “Crown Jewels” or the end goals of the assessment. The client will receive a report filled with actionable recommendations specific to the risks and gaps we find. A year later if we test that client again, we’ll likely find improvement in those areas, but other weaknesses may present an opportunity for us to infiltrate their environment once again.

Purple Team engagements are a collaborative engagement where our professionals work together with the in-house team through real world attack scenarios or granular attack techniques. Both Red Team and Purple Team services include real world testing of the organization’s defenses and response capabilities. The difference is that with a Purple Team engagement we take a Test, Fix and Test Again approach and focus on empowering the internal team. This can be via training sessions or live exploitations, hunting, and/or use case creation or remediation in a mini workshop format. The report we provide shows the improvements we have already made within the client environment and how we tested them again to demonstrate the resulting enhanced security maturity. With Purple Team services, the in-house team gains the benefit of knowledge transfer from our experienced professionals who have industry certifications and years of experience identifying advanced threats.

 

What makes GoSecure different from others offering Purple Team services?

GoSecure Purple Team engagements are conducted with detection, threat hunting and offensive security experts with years of experience in their fields. This enables identification of improvements which can be implemented at a faster pace, since all aspects of the attacks and questions are covered during the activities. The other key element for GoSecure is flexibility. The activities can change based on the previous observations, newly identified threats or toolchain currently used in the environment to offer the most value possible. If the in-house team needs to build their skills, we have the resources to offer mentoring and training in areas like threat hunting.

In addition, GoSecure’s approach to “Test, Fix and Test Again” helps ensure we leave the organization more secure than when we started the engagement. GoSecure also considers the day-to-day budget and vendor requirements of the customer in our recommendations, which can include the use of free or open-source tools to make improvements.

 

Do you have any examples of positive results from a Purple Team engagement?

A recent Purple Team engagement comes to mind. The team we were working with had minimal detection use cases, limited event sources, issues with their Identity and Access Management (IAM) practices and no proactive threat hunting program.

We started by identifying new events that could be collected without changing the technologies they had in place and immediately offered visibility by creating multiple use cases. After those new baseline recommendations were implemented, GoSecure found opportunities to add tools to the environment and identified more use cases that could further the enhance detection capabilities of the team.

We also conducted training activities to help improve the team’s IAM capabilities and developed an integrated proactive threat hunting practice. While improvements continue, the client has already detected and properly responded to multiple incidents, as well as demonstrated a noted improvement on their last Red Team engagement.

 

About the Expert: Maxime Nadeau

Maxime is a GoSecure ethical hacker. Having studied programming and software engineering, he has been working as a cybersecurity professional for the last five years and obtained multiple certifications including the Offensive Security Certified Professional (OSCP) and Pentester Academy Certified Enterprise Security Specialist (PACES). He has an interest in adversary simulation and physical security. When he is not coding new tools, he can be found transforming everyday objects into physical network implants or woodworking.

Détection et réponse gérées et étendues GoSecure TitanMC (MXDR)

Détection et réponse gérées et étendues GoSecure TitanMC (MXDR) Fondation

Gestion des vulnérabilités en tant que service GoSecure TitanMC (VMaaS)

Surveillance des événements liés aux informations de sécurité gérée GoSecure TitanMC (SIEM gérée)

Défense du périmètre gérée GoSecure TitanMC (pare-feu)

Détection et réponse des boîtes de messagerie GoSecure TitanMC (IDR)

Passerelle de messagerie sécurisée GoSecure TitanMC (SEG)

Modélisateur de menaces GoSecure TitanMC

Identity GoSecure TitanMC

Plateforme GoSecure TitanMC

Services de sécurité professionnels de GoSecure

Services de réponse aux incidents

Évaluation de la maturité de la sécurité

Services de confidentialité

Services PCI DSS

Services de piratage éthique

Opérations de sécurité

MicrosoftLogo

GoSecure MXDR pour Microsoft

Visibilité et réponse complètes au sein de votre environnement de sécurité Microsoft

CAS D'UTILISATION

Cyberrisques

Mesures de sécurité basées sur les risques

Sociétés de financement par capitaux propres

Prendre des décisions éclairées

Sécurité des données sensibles

Protéger les informations sensibles

Conformité en matière de cybersécurité

Respecter les obligations réglementaires

Cyberassurance

Une stratégie précieuse de gestion des risques

Rançongiciels

Combattre les rançongiciels grâce à une sécurité innovante

Attaques de type « zero-day »

Arrêter les exploits de type « zero-day » grâce à une protection avancée

Consolider, évoluer et prospérer

Prenez de l'avance et gagnez la course avec la Plateforme GoSecure TitanMC.

24/7 MXDR

Détection et réponse sur les terminaux GoSecure TitanMC (EDR)

Antivirus de nouvelle génération GoSecure TitanMC (NGAV)

Surveillance des événements liés aux informations de sécurité GoSecure TitanMC (SIEM)

Détection et réponse des boîtes de messagerie GoSecure TitanMC (IDR)

Intelligence GoSecure TitanMC

Notre SOC

Défense proactive, 24h/24, 7j/7

À PROPOS DE GOSECURE

GoSecure est un leader et un innovateur reconnu en matière de cybersécurité, pionnier de l'intégration de la détection des menaces au niveau des terminaux, du réseau et des courriels en un seul service de détection et réponse gérées et étendues (MXDR). Depuis plus de 20 ans, GoSecure aide ses clients à mieux comprendre leurs failles en matière de sécurité et à améliorer leurs risques organisationnels ainsi que leur maturité en matière de sécurité grâce aux solutions MXDR et aux services professionnels fournis par l'une des équipes les plus fiables et les plus compétentes de l'industrie.

CALENDRIER D’ÉVÉNEMENTS

DERNIER COMMUNIQUÉ DE PRESSE

BLOGUE GOSECURE

AVIS DE SÉCURITÉ

Urgences 24 sur 7 – (888) 287-5858