Purple teaming: The future of cyber security

21.02.2020 by HackerHouse

In almost every company and organization on the planet, cyber security is shockingly flawed. And it’s costing them, big time. In fact, between 2013 and 2017 the total approximate cost of data breaches was $4,848,000,000 and counting. And it wasn’t just the big, high profile companies that fell victim to attack. More than 70% of attacks target small businesses, and as many as 60% of SMES that experience a data breach go under within the subsequent six months. The saddest part about all of this? Most attacks are easily preventable. In fact, in all of the high-profile cases we hear about – from Equifax and Talk Talk to Sony and Target – it was security negligence that led to them being compromised.

So, what’s going wrong?

We know that there aren’t enough cyber security professionals. In fact, there will be a shortage of 1.8 million information security workers by 2022. But that’s not the whole story. Let’s assume, for a moment, there are enough InfoSec professionals. Even if this were the case, breaches will still be commonplace, and that’s because the prevailing set up of cyber security within companies – with blue and red teams – doesn’t work.

Seeing Red

What usually happens: Blue teams (helpdesks, system patchers, back-up-and-restore staff, security tool managers and the all encompassing active threat hunters) are in charge of white hat defense. They typically perform analyses to ensure security and identify flaws, and verify the effectiveness of security during and after implementation.

Red teams are typically hired by larger companies to play the role of adversary, and usually tasked with a specific objective, such as accessing and retrieving data. They provide reports, from 10 – 99 pages) pointing out security flaws for internal staff to follow up. Penetration testing encompasses parts of red teaming but a red team is a more comprehensive simulated attack performed by a group of specialists with differing skills.

Sounds good, right? Wrong. These two teams have different skills and approaches, so often fail to work well together. Often, blue team staff don’t have the skills to act on reports made by red teams, and even if they did, aren’t allocated the required time to go through the reports and action each item (let’s not even mention how boring that could be).

The result is animosity, finger pointing, internal chaos… and a system which remains wide open to attack.
Furthermore, when internal IT teams don’t have an effective grasp of cyber security, there is little chance of creating an effective security culture within a company, and data risk is rarely discussed by the Board.

Go Purple

The answer to this age-old problem (or for as long as cyber security has been an issue) is purple teaming. So, what is it? Purple teaming is a blend of blue and red team protocols, in other words, it gives those trained in it an effective set of skills in both defense and attack mitigation techniques. Ideally, staff in internal IT teams – whether that’s just a few people or a huge number – should have purple teaming skills. This would mean that attacks would be anticipated, vulnerabilities would be patched before they are exploited, and that breaches would be caught quickly, contained effectively and patched with urgency.

The benefits don’t stop there. Purple team staff reduce the requirement for external pen testers, meaning money saved can be spent on driving innovation. Furthermore, an empowered IT team is able to effectively communicate the need and practical steps for creating a strong security culture within a company – from Charlie on reception right the way through to the Board who will understand and review data risk on a regular basis.

I know what you’re thinking… ‘Purple teaming makes sense… but also impractical and expensive’

And you’d be right – if you’re looking towards traditional cyber security training for the answer; after all it can cost several thousand pounds per student and take staff off-site for a week. But, with Hands-On-Hacking, the online ethical hacking course from Hacker House, creating a purple team is not only financially viable (costing a fraction of the price of traditional training) but completely practical too, as students can take the course on their own computer, in their own time.

With its 12 modules, the course covers effective attack and mitigation techniques – in other words, purple team skills – including the very latest methods used by cyber criminals. Unlike traditional courses which are theory-heavy, Hands-On-Hacking is extremely practical, allowing students to practice purple teaming techniques within virtual sandboxed environments.

Hands-On-Hacking assists purple teams

Hands-on-Hacking is ideal for IT students and existing cyber security professionals that want to learn purple teaming skills, as well as companies and organizations that want to train their internal IT staff. For the latter, Hacker House offers clients an enterprise training portal with optional features and continuous learning support with scaled pricing structure for multiple licenses.