Cybersecurity testing has come a long way, but traditional methods often fall short. Let's take a quick trip down memory lane and explore why Crimson7's Purple Team service is shaking things up.
Remember the good old days of vulnerability management? Sure, it helped patch internal weaknesses, but it was like looking at your security through a keyhole – missing the big picture of your real external exposure.
Then came penetration testing, with the idea to expand the view and really rate vulnerabilities based on their exploitability, trying identify vectors to penetrate the ‘perimeter’; good old days when defense in depth was the solition. Pentest gained great popularity, great tool to identify weaknesses but often source of failed and forgotten reccomendations.
Enter Red Team exercises – the cool kid on the block for enterprise clients. These simulated attacks from an external hacker's perspective are great; and end-to-end simulation based on a scenario, without caring of the entire attack surface, just aimed at prooving that something was wrong by ‘showing the blood’. Red Team came with a hefty price tag and are widely adopted by mature entities looking to step up their game. Red Team are essentially proving that your hard work securying systems isn’t good enough, in an attack simulation where you might have gotten it right 9 times and the ethical hackers win by finding that one and only one way to bypass your controls.
You know what? Red Team are great, are very useful but they key winning factor is collaboration and availability of the Blue Team in improving and block, detect or handle that one attack that won the game.
Now, here's where things get interesting; did I say “collaboration”? Purple Team exercises emerged as a hybrid solution, offering a broader test of attack techniques and better insights into what to protect by testing controls on a larger scope. Evolved from atomic testing of TTPs, today you might even chop a complex actor’s emulated attack kill chain in many TTPs and make sure you can detect tham at several stages. But even these advanced methods often overwhelmed security operation teams, already bloated with massive Threat Intel, alert fatigue and last min improvised hunting tasks.
Crimson7's reinvented Purple Team service to not stop at controls validation but merging CTI, selecting a curated list of complex TTPs, provide detection engineering to immediately strategize and improve instead of a lenghy report with nice detection rates.
It comes in two flavors:
Both options blend Threat Intelligence, Attack Intelligence, and Detection Engineering. Plus, they take some of the load off your SecOps team, letting them focus on proactive security measures.
The best part? Whether you choose the "drop" or "drip" model, you're in control. You get visibility into your threat model, the selection of TTPs and actor playbooks being tested, aligning perfectly with frameworks like Gartner's CTEM.
In short, Crimson7's approach is changing the game, making advanced security testing accessible to a wider range of clients while helping security teams work smarter, not harder. The managed model takes away the burn of running DCV (detection controls validation) in the house, to develop detection rules-perhaps setup a proper DE-DevOps, and look into producing Threat Hunting that makes sense.
Citations:
[2] https://www.cypressdatadefense.com/blog/limitations-of-penetration-testing/
[3] https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf
[5] https://www.vertexcybersecurity.com.au/the-limitations-of-penetration-testing/
We are after something special: a talented team of experts, offensive research and tailored technical expertise, adversary-focused security, intelligence, tools, and technology for clients and partners.
