Hackers of India

Painting Your Organizations with Shades of Red, Blue & Purple

By  Hidayath Khan  on 13 Nov 2021 @ C0c0n : Adversary Village


Presentation Material

AI Generated Summarymay contain errors

Here is a summarized version of the content:

The speaker emphasizes the importance of adopting a “purple teaming” approach, which combines red teaming (simulating attacks) with blue teaming (defending against attacks). This approach helps organizations improve their defenses by thinking like attackers and testing their networks simultaneously. The goal is not to be the red team within an organization but to enhance the blue team’s capabilities.

The speaker shares their experience of implementing purple teaming in their organization, which has led to significant improvements in detecting breaches. They conduct regular one-hour sessions every fortnight, focusing on specific adversaries and threats.

In a Q&A session, the speaker addresses two questions:

  1. How to convince companies that do red teaming for compliance purposes to adopt purple teaming? The speaker suggests showing the measurable defenses that can be implemented immediately, which is more effective than traditional red teaming reports.
  2. What’s the impact of “red teamers” who only do vulnerability assessments and call it red teaming? The speaker agrees that this practice affects industry standards and expectations negatively. They emphasize the need for advocates to promote the right approach to penetration testing.

The speaker concludes by encouraging organizations to start building their own purple teams, emphasizing that it’s essential for those who don’t have one yet.