It is evident that adversary attacks are becoming more and more frequent, severe, and sophisticated. While 93% of organizations, according to Cisco 2020 CISO Benchmark Report, receive more than 5000 alerts every day and security teams can’t keep up, investigating only on average 51% of these alerts, 91% of the attacks did not generate an alert according to 2020 Mandiant Security Effectiveness Report. A proactive cyber threat program is the only way to keep up in an asymmetric fight.
So what’s the remedy? It is purple (teaming).
It is believed that the future of the security operations center (SOC) is purple. Purple teaming, as a proactive measure, helps your organization prepare, prevent, and detect adversary actions.
Currently, disjointed, misaligned red, and blue teams need to work towards a common goal. With an effective purple teaming program — having offensive experts (red team) simulating adversaries in-network, and defensive experts (blue team) measuring and improving prevention, detection, and response—organizations can get and stay ahead of the threat.
The good news is that you can likely take a more proactive purple teaming approach today with the existing tools and staff in your organization. To understand the strategic importance of refocusing efforts on threat anticipation and prevention rather than recovery and response is outlined in this report: https://www.boozallen.com/content/dam/boozallen_site/sig/pdf/publications/the-future-is-purple.pdf