ADVERSARY SIMULATION (PURPLE TEAM)
The Purple Team Assessment service improves the internal security team or SOC’s ability to detect, inhibit, and respond to advanced attackers active in the environment. LMNTRIX will emulate an advanced attacker through various scenarios in each phase of the MITRE attack lifecycle as would be discussed in the plan of action.
At each phase, if malicious activity was detected, LMNTRIX will work with the internal security team to ensure that the response to the detection is appropriate and that procedures exist to ensure continued success. If the malicious activity was not detected, LMNTRIX work with customer to either better utilize the detection technologies in place for the next simulation or to identify an area for technological improvement.
As the security team detects and responds to the purple team activity, customer’s incident response team will observe the execution of incident response processes and procedures and help drive improved detection and response time. LMNTRIX will review existing logs to determine if they are sufficient for detecting purple team activity.
The purple team will use OSINT along with proprietary LMNTRIX intelligence, to create signatures that would emulate these advanced threat actors, groups’ tools, tactics, and procedures (TTPs) associated with the Customer’s industry. This approach will test the Customer’s ability to detect and respond to threats known to target your industry in as realistic a scenario as possible.
The purple team tests the client security team’s capabilities
against every phase of the attack lifecycle.
WE HELP YOU:
- Prepare your security team for real world cyber incidents— without real risk or business impact
- Assess and enhance your security team’s ability to prevent, detect and respond to real attack scenarios in a controlled, realistic environment
- Test and tune technical defenses to increase breach detection and response effectiveness
- Align with MITRE ATT&CK framework
- Identify gaps in your active and passive security controls
- Improve your organization’s ability to respond to future incidents
WHAT YOU GET:
- Detailed report that includes:
- A scorecard containing metrics related to detection of the simulated incidents
- Executive summary
- Walkthrough of technical details and capability evaluation with step-by-step instructions on how to recreate our findings
- Evidence-supported findings and remediation strategies
- Strategic recommendations for long-term operational improvements Technical and executive-level briefs can be produced upon request.