Purple Team

A purple team simulation is when an offensive red team comes together with a defensive blue team to test various scenarios.

Overview

To combat future threats, many security operation centers (SOCs) perform simulations to test their capabilities against attacks. However, many attack simulations are conducted from a purely offensive “red team” perspective, using only a handful of attack techniques.

As the red team, Cisco Talos Incident Response (Talos IR) will conduct various controlled attacks against your systems and services. They will constantly communicate with your blue team about what they find, and what should (and shouldn’t) be in your logs. Sitting side by side with your defenders will be our own Talos Incident Response blue team, helping to guide your detection and remediation every step of the way.

Benefits
  • Identify successes and opportunities with your organization’s detection and mitigation capabilities.
  • Understand how adversaries leverage vulnerabilities, evade detection, and bypass security controls, so you can better protect against them.
  • We follow the MITRE ATT&CK framework, and we base our testing on current APT and cyber-criminal tactics, techniques and procedures.
  • We can accommodate specific situations that you would like to test, such as ransomware or insider threat.
Step-by-step process
  • Scoping to ensure any simulation is going to be the best use to you.
  • Assign skilled Talos IR consultants, both red team and blue team, who are experienced and real-world battle tested for each attack.
  • Workshops - collaborative sessions to enhance your understanding and cooperation in threat detection, mitigation and incident response.
  • Conduct customized Purple Team exercise. Throughout each exercise our red team will be transparent with what they find.
  • Post analysis report which highlights what attacks your security investments can and cannot detect.
What You Get

Our global team of incident responders is vendor agnostic, which means that in the heat of the moment, we won’t ask you to perform any software deployment before we can get to work on handling the incident. Talos IR uses your existing tools and security investments to immediately respond to adversary activities. If anything is missing, we can provide full access to Cisco’s tool suite.

Sample Timeline

Security expertise at your fingertips

When you partner with Talos IR experts, you ensure your organization takes full advantage of Cisco’s world-class security knowledge and experience. We will work closely with you to become a trusted advisor and partner – helping ensure you have access to information and insights you need to be prepared for what’s now and what’s next.

Next Steps

Contact us:

IncidentResponse@cisco.com

Or contact your dedicated Cisco sales representative.

Fortify Your Security Resilience

For questions regarding our Talos IR retainer subscription or to sign up: