Most organizations test their security systems and protocols regularly. You may have heard terms like “Red,” “Blue,” or even “Purple” teams being tossed around in the context of cybersecurity. In simple terms, red teams are penetration testers. Blue teams are the ones who defend against the red teams. It is best when Purple isn’t a team at all, but rather a permanent dynamic between Red and Blue teams where they learn from each other.
What is it?
Cybersecurity needs to be an organic and evolving strategy that changes in light of new information and potential threats. Constructing teams that represent either attack, defense, or collaboration can be highly effective in improving your security.
Historically, many organizations used a red and blue teams approach — with attackers pitted against the defenders. But the world has moved on from the concept of relying on perimeter products that would guard your organization from external threats. Introducing purple thinking— where information, ideas and practices are shared — offers an approach that can be particularly effective with an agile delivery environment.
What’s in for you?
By sharing knowledge, you can improve the overall effectiveness of your security efforts — enabling you to detect and remediate threats faster.
What are the trade offs?
Many organizations have traditionally used third parties to carry out vulnerability and penetration testing and may not have those ‘red team’ skills in-house. Even where they do exist, integrating them with blue teams — and potentially as part of the software development team, is a huge cultural challenge.
How is it being used?
We are increasingly seeing government departments and enterprises adopting this approach to security threat responses. The purple function operates best when it is a mindset informing the blue team to understand how attackers think and to learn the offensive tactics and techniques that they employ.