The IT security industry is in a constant state of change. Every day, new vulnerabilities and attack techniques materialize and the arsenal of tools at an attacker's disposal is forever growing. In order for your monitoring systems and team to also identify the very latest attack patterns and initiate a swift response, SySS carries out coordinated attacks. These simulated scenarios can be played through both theoretically and in practice.
Various aspects can be tested and the relevant training provided:
The offensive position is assumed by the red team, while experts from digital forensics support the defense team (blue team). This interplay is known as purple teaming.
Steffen Stepper
steffen.stepper(at)syss.de
redteam(at)syss.de
+49 (0)7071 - 40 78 56-6157
PGP Key
In case a company is still in the process of setting up a security operations center (SOC), it makes sense not to start directly with a technical purple teaming engagement because, in technical purple teaming, the processes are not the paramount concern. For a perfect defense, these processes should be modeled and put into practice first. For this reason, SySS has designed a purple team process in which the SOC is coached step by step. The objective is to create, test and firm up the processes first. Then the technical capabilities with the in-place infrastructure and skills of employees are assessed. Employees are trained directly and the in-place infrastructure is optimized in the best way possible. In the last phase, the support given by the DFIR department of SySS to the customer's blue team is withdrawn. The intention here is to put the acquired knowledge to the test. A workshop is then held in which the results are discussed.
As part of a workshop, the scope of the purple team assessment is defined together with you. Based on the following aspects, you can gain an initial insight into the workshop schedule. We will be more than happy at this point to address your individual requests and questions:
The objective of the workshop is to provide the foundation on which a tailored and customer-oriented workflow can be created for the purple team assessment.
In this phase, a selected threat scenario is played through. The scenario is based on the previously convened purple team planning workshop. The objective is to stage an incident in its entirety – in a scenario that is as realistic as possible – up to the instigation of an emergency operating condition. Here, the focus is on decision-making and which measures are taken (processes). The response of your establishment to the measures taken is simulated by the gamemaster. On a smaller scale, certain tasks are also performed by individual persons to test the feasibility of the measures adopted.
In the overt technical purple teaming, scenarios are discussed with the respective blue team. Based on these scenarios, the exercises are put into practice. SySS complies here with the customer's requirements as to what extent it is disclosed during the process which attack vectors are chosen by SySS. The "Purple Team Playbook" contains various suggestions for scenarios and their objectives. We will gladly expand them to include scenarios of your own, which can also be developed in the workshop.
SySS undertakes attacks covertly with a close circle of personnel. The knowledge already gained by the blue team is the key focus. In this phase, we test whether the knowledge gained so far can be applied in everyday life. Here, too, it is possible to fall back on the Purple Team Playbook or the scenarios developed in the planning workshop.
DO NOT HESITATE TO GET IN TOUCH +49 (0)7071 - 40 78 56-0 or anfrage@syss.de | OUTSIDE REGULAR OFFICE Hours CALL +49 (0)7071 - 40 78 56-99
As a framework contract customer please dial the provided on-call service number
DO NOT HESITATE TO GET IN TOUCH +49 (0)7071 - 40 78 56-0 or anfrage@syss.de
OUTSIDE REGULAR OFFICE Hours CALL +49 (0)7071 - 40 78 56-99
As a framework contract customer please dial the provided on-call service number
GET IN TOUCH
+49 (0)7071 - 40 78 56-0 or anfrage@syss.de
OUTSIDE REGULAR OFFICE Hours
+49 (0)7071 - 40 78 56-99
As a framework contract customer please dial the provided on-call service number