FireEye Launches Purple Team Assessments to Test Security Operations With Mandiant Experts
Purple Team and Continuous Purple Team Assessments enable organizations to quantifiably evaluate security controls and programs against Verodin simulated attack scenarios
“Many organizations do not test the efficacy of their security controls and program thoroughly or often enough. Without validation, security teams may base decisions on assumptions rather than evidence, which can instill false confidence in their ability to detect and respond to a security breach,” said Charles Carmakal, CTO of FireEye Mandiant consulting. “FireEye Mandiant Purple Team Assessments combine the best practices from offense and defense so that the organization can quantifiably test and measure their security effectiveness and improve their overall risk posture.”
Red teams simulate attacks and blue teams defend against attacks. Purple team assessments are a collaborative effort among the red and blue teams. Mandiant experts function as the red team and augment an organization’s blue team.
“Our experience with
Purple Team Assessments
With Purple Team Assessments, Mandiant experts guide an organization’s security team through highly-realistic attack scenarios. To simulate the attacks, Mandiant will create scenarios within the FireEye Verodin Security Instrumentation Platform (SIP). The scenarios are based on analysis from the latest data breaches and the most current intelligence regarding industry-relevant threat groups. With that methodology, Mandiant can emulate the tools, tactics, and procedures (TTPs) of hundreds of attackers and simulate any component of the MITRE ATT&CK framework. Throughout the assessment, the organization receives a detailed scorecard that quantifiably identifies where security operations are thriving, areas of improvement, and strategic recommendations to strengthen the security posture.
Continuous Purple Team Assessments Deliver Prolonged Refinement
Mandiant also offers Continuous Purple Team Assessments. Over a prolonged period of 3 - 6 months, an organization’s security team can train and enhance its detection and response capabilities while Mandiant experts use the Verodin platform to execute attacker TTPs. During this hands-on exercise, the security team will engage in periodic re-testing and evaluation to measure and continually refine its capabilities. Mandiant experts will track the progression of the security team’s detection and response capabilities from the start of the engagement to the end, providing quantifiable scorecards along the way to measure the team’s effectiveness. Not only does this practice assess the impact of ongoing changes to people, processes and technology within a security program, it also demonstrates the ROI of the organization’s security spending.
Carmakal concluded, “By integrating the Verodin platform with frontline threat intelligence, we are able to quantify organizations’ security effectiveness in a new and comprehensive way. Purple Team Assessments are just the beginning of how we plan to integrate Verodin into our wider services portfolio.”
For more information about FireEye Mandiant Purple Team Assessments, including the FireEye Verodin Security Instrumentation Platform (SIP), please visit https://www.fireeye.com/services/purple-team-assessment.html