CRIMSON
7

Purple Team is about improving SecOps. it’s about people, not tools

Unlike Red Teams, which focuses on penetrating a single, high-value attack path, Purple Teams take a more comprehensive approach addressing a broader range of threats with a collaborative and efficient strategy.

Our Purple Team exercises are designed to maximise value and enhance your overall security operations. We offer two distinct methodologies tailored to meet your specific needs, always threat-driven, based on real-world scenarios, and aligned with the MITRE framework. We go beyond traditional IoC-based intelligence to provide deeper insights and actionable results—delivering you far more than just a report.

METHODOLOGY

We deliver Purple Team using our Offensive Security best resources who developed years of experience working as Red Teamers and now are focusing on Research. Purple Team is the essence of our research.

  • Wide and collaborative, based on replicating real TTPs
  • TTPs and tradecrafts curated with external CTI partnership
  • We want to "light up the Christmas tree", not to be stealthy
  • Our research team are constantly developing new playbooks
  • Detection Engineering to produce actionable Detection Code and immediately improve operations
  • Permanent Simulation environment
  • Minimal SoC personnel involvement, concretely continuous

(DEEP) PURPLE

PROJECT BASED, ONE OR MULTIPLE "DROPS", PURPLE TEAM CLASSIC EXERCISE
1 - PREPARATION

We define the entire exercise together, during a technical kick-off to discuss: planning, communication, selection of TTPs (curated), setup of the testing environment.

2 - EXECUTION DROP

The core execution phase, it's about running the selected playbooks. The "curated" list comes from the CTI selection.

Average time: 2 weeks

3 - WRAP UP

To bump up the value, wee need to debrief with the SoC, replay necessary attacks, discuss detectability and visibility getting the feedback and review Identity issues

4 - WRITE UP

We provide an extensive report that might include an executive summary.
The write up is not limited to paper reports, we'll share detection rules on a repository (git).

PURPLE RAIN

CONTINUOUS "DRIPS", MANAGED PURPLE TEAM SERVICE
1 - SETUP

It's a program definition phase, where together we define the program, the objectives, and upfront plan the baseline simulation+the continuous model.

2 - BASELINING

At the beginning of the program we run an initial purple team, a big "drop". This is the moment to rate current detection capabilities and perform an AD (identity) sanity check

3 - EXECUTION DRIPS

The core phase of the program, where our hybrid model-human, AI, Automation, helps executing playbooks produced by our offensive research on the sim-environment.

4 - PROGRESS

Status and progress reports are periodically, mostly targeted to executive/management.

Access to a client portal allows monitoring of the program at all time.

THE QUINTESSENCE OF PURPLE TEAMING

Our clients asked more than just a report, they wanted to actively get involved to improve operations, detection and remediate missed attacks. We decided to trial a new concept, merging together Threat Intelligence - to prioritise efforts to what is really relevant for the business, Attack Simulation leveraging the modern automation by code and human manual execution, and finally, the Detection Engineering to rate visibility of missed attacks and immediately produce Detection Code to inject into the SIEM/SOAR platform.

Methodology for Purple Team

PURPLE RAIN, MANAGED SERVICE

WHAT PROBLEM WE SOLVE?

SITUATION

For years, consulting companies have struggled to provide continuous security assessments, but the evolving threat landscape now demands a rethink of traditional frameworks. With CTEM, stricter regulations, and real security needs, validation and testing must be redefined. Testing the effectiveness of security measures against emerging attacks is essential.

SOLUTION

At Crimson7, we reinvented Purple Team, maintaining a threat-led approach while focusing on advanced TTPs and hybrid (human AI and tools). Instead of overwhelming simulations, we test over new intelligence gradually over year-long DRIPS. Throughout, you maintain full control and visibility over the TTPs and actor playbooks being executed.

VALUE

With Managed Testing and continuous validation, we focus on delivering real value and actionable improvements (as code). Our approach integrates seamlessly with CTEM, DORA, and other resilience frameworks, offering both enhanced security and measurable assessments of your security capabilities’ effectiveness.

Vito Rallo

Director and co-Founder
* We will get back to you for additional conversations, to provide a tailored approach fitting your needs and propose a trial
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form