Tactics, Techniques & Procedures (TTPs) We don't use a standard set of TTPs when collaborating with you do perform Purple team engagements; your organization is unique. Your culture, your risk tolerance and your own threat intelligence among other factors help to determine the best TTPs to provide the most value given your set of circumstances. Choosing TTPs which closely align with real-world adversaries can yield useful results which can then be used as data points to strengthen security practices, address technological shortcomings and even modify policy to enhance your organization's security posture.
Logging & Alerting From an information security perspective, a critical component of a mature organization is proper logging and alerting. This comes in the form of system, application, network and security logs feeding into a centralized log management system. These data points are subsequently parsed and correlated across business segments, products and networks to ultimately produce actionable security alerts. SpyderSec's Purple Team solution focuses on generating malicious traffic on your network and systems to ensure that your endpoints, network devices, applications, etc. are producing logs and that those logs are being collected while SIEM tools are tuned properly to alert on malicious events.
Testing Controls Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) and Web Application Firewalls (WAF) each play an important role in protecting organizational assets. Like other security devices and solutions, these components need to be configured properly to provide a robust or even adequate level of protection. Often times the mere purchase and implementation of one these devices is not enough to add a significant level of security; these tools must be tuned according to their environment and needs of the business. SpyderSec's Purple Team solution helps your organization ensure that these devices are implemented fully and tuned properly. This is just one possible outcome from a Purple team engagement along with enhanced SOC capabilities, a properly tuned SIEM, higher fidelity threat feeds, and validation of current controls. In order to sustain process improvement, it is important to confirm which controls are currently working as designed and from there, delve into the cost/benefit analysis of enhancements and endpoint, infrastructure and perimeter modifications.