SCYTHE created a Purple Team Exercise Framework (PTEF) to facilitate the creation of a formal Purple Team Program by performing adversary emulations as Purple Team Exercises and/or Continuous Purple Teaming Operations.

A Purple Team is a virtual team where the following groups work together:

Cyber Threat Intelligence - team to research and provide threat TTPs

Red Team - offensive team in charge of emulating adversaries

Blue Team - the defenders. Security Operations Center (SOC), Hunt Team, Digital Forensics and Incident Response (DFIR), and/or Managed Security Service Provides (MSSP)

A Purple Team Exercise is an open engagement where the attack activity is exposed and explained to the Blue Team as it occurs. Purple Team Exercises are "hands-on keyboard" exercises where Red and Blue teams work together with an open discussion about each attack technique and defense expectation to improve people, process, and technology in real-time. Purple Team Exercises are Cyber Threat Intelligence led, emulating Tactics, Techniques, and Procedures (TTPs) leveraged by known malicious actors actively targeting the organization to identify and remediate gaps in the organization’s security posture.

Executive Summary

Goals

Methodology

Roles and Responsibilities

Cyber Threat Intelligence

Preparation

Exercise Execution

Lessons Learned

At a high level, a Purple Team Exercise is executed with the following flow:

Cyber Threat Intelligence, Exercise Coordinator, or Red Team presents the adversary, TTPs, and technical details

Attendees have a table-top discussion of security controls and expectations for TTP

Red Team emulates the TTP

Blue Team (SOC, Hunt team, and DFIR) analysts follow process to detect and respond to TTP

Share screen if TTP was identified, received alert, logs, or any forensic artifacts

Document results - what worked and what did not

Perform any adjustments or tuning to security controls to increase visibility

Repeat TTP

Document any feedback and/or additional Action Items for Lessons Learned

Repeat from step 1 for next TTP

Get the Purple Team Exercise Framework.

Fields marked with * are required.

First Name *Last Name *Company Email Address *Phone NumberCompany *Position/Title *Are you located within the United States? *Would you like help running a Purple Team Exercise?
Would you like to see a demo of the SCYTHE Platform?
Are you interested in purchasing the SCYTHE platform to run Red and Purple Team Exercises?
Anything else we should know?

Request the Purple Team Exercise Framework (PTEF) for free, today!

SCYTHE created a Purple Team Exercise Framework (PTEF) to facilitate the creation of a formal Purple Team Program by performing adversary emulations as Purple Team Exercises and/or Continuous Purple Teaming Operations.

Get the Purple Team Exercise Framework.

COMPANY

SCYTHE USE CASES

Get In Touch!