Intro

Our Persistent Purple Team™ (PPT) targets organizations with relevant attack vector(s) being used in the wild. This is a low time effort for your organization (roughly 2 hrs. a month) but high impact assessment to ensure your protections including tools, controls and processes are in line with adversarial tactics on modern attack vectors. Think of it as a mini purple team assessment where we provide the people, tooling and intelligence to conduct the exercise.

We have developed this as a scalable solution that is hands on with experts and provides more value than traditional security scans, tests, and audits. We avoid the common pitfalls of automated attack tools and reduce the demand on the teams, not only preventing burnout but also enhancing deep knowledge of the most relevant attack vectors often missed and incorrectly prioritized by tools and/or analysts.

Approach

This framework comprehensively categorizes the known tactics, techniques, and procedures (TTPs) threat actors use during real and current cyber-attacks. It uses a common language to describe how hackers attack systems and is extensively used throughout cyber security. We leverage our deep-rooted knowledge of Incident Response along with our leading world-renowned certified pen-testers to execute some of the most beneficial testing possible without overtaxing the team’s time.

Outcome

SIEM Log Gap Analysis
Through simulated attacks, the Persistent Purple Team™ (PPT) identifies gaps or where use cases are misconfigured, logs are missing, or alerts are ineffective. The process involves simulating a real-world attack and observing how the SIEM solution detects, and how the team responds to the attack.

Better Use of Resources
Our PPT enables you to maximize resource efficiency by reducing dwell time in the SOC and eliminating duplicated efforts ensuring that resources are focused on the most relevant security challenges.

Continuous Improvement
The PPTs circular relationship between the red and blue teams enables organizations to continuously improve their security posture through regular testing and remediation.

Collaboration
PPTs have the added benefit of Impetum helping your SOC detect the most important attack vectors leveraging existing infrastructure and making recommendations for additional configuration and/or defensive tools and process gaps.

Increased Preparedness
The PPTs help organizations to prepare for and respond to security incidents on a continual basis, reducing the likelihood of a successful attack and minimizing the impact of a breach with a fast response time.

Enhanced Threat Intelligence
A blue team’s best source of threat intelligence is targeted and tailored to the actual environment. Working with Impetum creates a continuous threat intelligence feedback cycle, improving the blue team’s capabilities.