Purple-teaming has now become somewhat of a buzzword. However, the effort behind it has great merit and value. The methodology of attack simulation is the assumption that the network or a system will become compromised and the current controls will not prevent the infection. With purple-teaming, everyone know what controls are being tested and when. The attack simulation is a bit different, as the focus is the emulation of a specific attacker group and their methods of obtaining sensitive data.
LBMC Information Security’s Bill Dean outlines purple-teaming, some of the benefits involved with the practice, as well as attack simulation, or what some people label adversary simulation, including:
- Brief descriptions of purple-teaming and attack simulation
- How purple-teaming can be beneficial to both penetration testers and defenders
- Why your penetration tests are not the same as the collaboration involved with purple-teaming
- Key differences between purple-teaming and attack simulation
- Reasons why attack/adversary simulation is the best way for you to see how you would measure up against a nation-state attacker group