Harness the Power of Purple Team Automation

Written by

In 2018, the global average cost of a data breach was $3.86m and the average cost for each lost or stolen record containing sensitive and confidential information was $148, according to a study led by the Ponemon Institute. Over 4.5 billion records were compromised in the first quarter of 2019, reported IT Governance.

Cyber-attacks are growing steadily in number, strength and variety. In parallel, even the most sophisticated adversaries are using surprisingly unsophisticated means to wreak damage. Top-notch hackers can mimic legitimate user actions and go under the radar of protective measures. They can move laterally from hole to hole and reach what matters most to you – your crown jewels.

By 2025, more than 85% of successful attacks against modern enterprise user endpoints will exploit configuration and user errors, rather than make use of advanced malware, revealed Gartner’s “The Long-Term Evolution of Endpoints Will Reshape Enterprise Security” report’.

Your Organization through the Eyes of the Attacker

What if you could see your organization through the eyes of the attacker? The good news is that there are tools to simulate cyber-attacks and help you win this battle. They run exhaustive scenarios, which are safely activated simultaneously and continuously within the production environment, exposing attack vectors and compromised assets.

The result of cyber-attack simulation is that you can check every possible route and type of attack vector – from the attacker’s perspective – to see where the organization is at risk and take actions to remediate.

A new category of solutions has emerged to help with this problem. Breach and Attack Simulation tools allow organizations to continually and consistently simulate the full attack cycle against their infrastructure, using software agents, virtual machines, and other means.

Purple Team: Simulate and Remediate

A ‘purple team’ blends the activities of both red team (that security group that tests the organization against the techniques and approaches used during real breaches, see how the team reacts, and identify points of improvement) and blue team (the company’s own IT/Security personnel who defend their organization’s around the clock).

The purple team enables both attack (the red team) and defense (the blue team) to exchange ideas, observations and insights more productively. In theory, a purple team combines the attack vectors and vulnerabilities found by the red team with the defensive tactics from the blue team, to build the strongest security program possible.

All three forces share the ultimate purpose of improving the organization’s defenses. Red does this through “ethical attack”, blue through defense, and purple by ensuring that the previous two are cooperating. Great! So what’s the evolution of purple teams?

Automated Purple Team

Combining the best of all worlds, an effective automated purple team can better secure all critical assets through 24×7, real-time attack path exposure. By doing so it will help organizations to shut their cyber-windows, and not just rely on locking their cyber-door.

With an automated purple team running continuously, organizations are finally able to follow prioritized remediation guidelines and know as soon as an issue has been resolved. The move to automation empowers organizations with the ability to gain a worm’s eye view into new back doors and blind spots as soon as they appear and move to remediate them immediately without delay.

XM Cyber’s HaXM is the first fully automated Advanced Persistent Threat (APT) simulation and remediation platform to continuously expose attack vectors, from breach point to any organizational critical asset. This continuous loop of automated red teaming is completed by ongoing and prioritized actionable remediation of security gaps.

In effect, the solution operates as an automated purple team that fluidly combines red team and blue team processes to ensure that organizations are always one step ahead of the hacker. Addressing real user behavior, poor IT hygiene and security exploits, HaXM continuously leverages advanced offensive methods to expose the most critical blind spots.

What’s hot on Infosecurity Magazine?