紫色团队评估
主要联系人: 卡尔·N. Kriebel CISSP
Do you ever worry about your organization’s ability to detect and/or prevent a threat actor? Would you like to know how your team and toolsets react to a battery of offensive tests that range from the most basic tactics to the latest and greatest advanced persistent threat techniques? Have you ever discovered a new attack technique and wondered, “How many more are there?或者“我应该担心哪些。?” Are you curious about testing a particular exploit or 横向运动 activity in your network, 但不确定从哪里开始?
如果你对以上任何一个问题的回答是肯定的, 也许你需要的正是紫队的训练. A Schneider Downs Purple Team exercise brings together our red teamers and blue teamers, 现场, to work alongside your team to learn how to prevent and detect specific offensive techniques from the MITRE ATTACK框架 and other hacker tools, 技术和程序.
作为紫色队训练的一部分, our goal is to provide the hacker toolsets and mentality of our red team experts along with the incident responder and defensive thinking of our blue team experts in a way that encourages, 参与并激发知识转移.
适应环境
最大限度地提高紫色团队的效率, our team must first gain a strong understanding of your environment. 在这个过程中, we’ll become familiar with your current alerting/detection capabilities, as well as your network architecture and various other pertinent details. We believe the more we understand about your environment, the more valuable the exercise will be.
威胁映射
通过利用MITRE ATT的每一个类别&CK框架, we’ll work collaboratively with you to map a custom set of tactics and techniques that are risk-based, 适合行业并对您的组织有意义. This selection process is highly flexible and can steer the exercise toward a specific theme of offensive techniques or it can ensure a well-balanced exercise for a stronger baseline. Ultimately, the scope and variety of the exercise is entirely up to you. 另外, we will cross-reference your threat intel against the framework’s data to identify which threat actors youâre most likely facing in the wild, and then use our understanding of their typical behavior to further shape your organization’s custom threat map. This enables us to anticipate additional attack vectors of concern and provide an authentic attack scenario within the collaborative process.
执行
一旦威胁映射完成, the offensive experts of our red team will execute each of the techniques in a transparent environment. 这个过程鼓励“过肩”元素, 你的保安可以在里面观察, learn and even get hands-on assisting in the execution of a variety of typical hacker activities like enumeration, 剥削, 横向运动, 后开发和渗透, 等. 在这个过程中, our red team will serve as an expert resource to transfer valuable knowledge regarding modern offensive strategies, 并提供对黑客思想的洞察.
影响分析
The success or failure of each technique is closely monitored to ensure complete understanding of its impact within the environment. The best-case scenario is for controls to prevent the execution or deny the intended result, 在这种情况下,我们可以尝试其他几种执行方法. 如果一个技术是成功的, we analyze the results to determine its full impact and identify additional mitigating factors. With the understanding that it’s not always possible to prevent every technique, impact analysis for successful techniques allows for appropriate prioritization and accurate decision-making.
检测
当我们的红队执行进攻技术时, our blue teamers are alongside your team simultaneously monitoring your logs and systems. 如果一个技术是成功的, we’ll help your team leverage current capabilities to prevent/detect each technique. If current capabilities are insufficient, we’ll help your team develop a plan for new capabilities. 在这个过程中, our blue team will serve as an expert resource to transfer valuable knowledge regarding modern defensive strategies and offer insights into their real-world threat actor encounters.
报告
练习后, your team will receive a full report that will include a detailed threat map of each technique’s execution status and analysis from both our red and blue teams, as well as a detailed guide for the implementation of any defensive items that were not fully addressed during the exercise.
查看我们的 紫色团队评估bet9平台游戏概述 欲了解更多信息或下载我们的白皮书, 紫色团队评估的好处, to learn more about the impact the assessment can have for your organization.
