Skip to Main Content

Purple Teaming

Adversarial Detection & Countermeasures, also known as Purple Team, engagements are designed to evaluate the effectiveness of the Information Security program, with a focus on detection, deflection, and deterrence.

Enhance your cybersecurity with our Purple Team

TrustedSec utilizes both Red Team (penetration testers) and Blue Team (defenders) consultants. The Red Team follows the Penetration Testing Execution Standard (PTES) to circumvent security controls and gain unauthorized access to systems. The Blue Team will then work with an organization’s defensive team to determine their ability to either detect the attack, deflect the attack, and/or deter the attacker.

With TrustedSec, you can:

With their years of experience, TrustedSec’s Tactical Awareness & Countermeasures (TAC) team is able to provide a unique insight into attacks and assist in creating detections and providing helpful guidance on how an organization can remediate or build in additional defenses to protect against attacks. This process includes:

  • Improve your team’s organizational readiness
  • Gauge current performance levels
  • Improve training for defenders
  • Evaluate the effectiveness of your IT security defenses and controls
  • Gain objective insight into vulnerabilities that may exist across your environment

TrustedSec evaluates an organization's security policies based on the three (3) Ds: detection, deflection, and deterrence:

Detection: Defined as the ability to recognize and identify an attack through multiple phases of a compromise, detection is the foundational element of reducing the damage inflicted during a breach. Detection systems include security information and event management (SIEM), network access control (NAC) rogue device detection, account change monitoring, suspicious command usage, user behavior analytics (UBA), and more. Where detection controls cannot be implemented, enhancements in deflection and deterrence controls are necessary.

Deflection: Also referred to as protection, deflection is the ability to build proactive measures that directly defend the network. This would include anti-virus, intrusion detection/prevention systems, NACs, and more. Where deflection controls cannot be implemented, enhancements to detection and deterrence controls are necessary.

Deterrence: The third piece of an organization’s defensive team is deterrence, which is the implementation of patch management procedures and the enforcement of complex password policies. This also includes creating paths of least resistance to bait an attacker to use a specific system or set of credentials in order to detect their activity, which is often achieved with Honeypots, Honeytokens, and Honeycreds. Where deterrence controls cannot be implemented, enhancements in detection and deflection controls are necessary.

“TAC doesn't just build detections or run attack simulations, we provided knowledge transfer on how to improve defenses, remediate issues, and detect attacks, giving clients actionable guidance.”
Megan NilsenPractice Lead, Tactical Awareness and Countermeasures (TAC)

Get real security guidance from real security experts.

Experts across security domains are ready to tackle your security challenges.

Read our blog

Explore the latest cybersecurity topics on the TrustedSec Security Blog

Blog September 24 2024

Pull Your SOCs Up

"It is a capital mistake to theorize before one has data. Insensibly one begins to twist facts to suit theories, instead of theories to suit facts."-Sir Arthur…

Read about this article
Blog September 03 2024

When on Workstation, Do as the Local Browsers Do!

1    IntroductionWeb browsers are common targets for many different APTs. Tools like Redline Malware or penetration testing tools such as SharpChrome or…

Read about this article
Blog April 09 2024

A Hitch-Hacker's Guide To DACL-Based Detections - The Addendum

 This blog was co-authored by TAC Practice Lead Megan Nilsen and Andrew Schwartz.1    IntroductionLast year, Andrew and I posted a four (4) part blog series…

Read about this article
Blog February 01 2024

The Rising Threat: A Surge in Zero-Day Exploits

IntroductionThe cat-and-mouse game between defenders and attackers continues to escalate in the ever-evolving cybersecurity landscape. Advanced Persistent…

Read about this article
Blog January 25 2024

From Zero to Purple

IntroductionFor any Purple Team, or team using offensive techniques for defensive purposes, we need to make sure we are developing new techniques based on…

Read about this article
Blog January 18 2024

Engagement Guide: How to Prepare for Your Purple Team

After performing many Purple Team engagements with organizations ranging from large enterprise networks to small-to-medium businesses, we've found that the…

Read about this article
Blog January 09 2024

Detection Alchemy - The Purple Team Way

1.1      IntroductionAs security practitioners, we frequently extol the virtues of penetration testing and red team exercises as a way of identifying issues…

Read about this article
Blog October 17 2023

A Hitch-hacker's Guide to DACL-Based Detections (Part 3)

This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1    IntroductionIn this third and final…

Read about this article
Blog October 12 2023

A Hitch-hacker's Guide to DACL-Based Detections (Part 2)

This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1    IntroductionThis is a continuation of A…

Read about this article
Blog October 11 2023

A Hitch-hacker's Guide to DACL-Based Detections (Part 1B)

This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1    IntroductionIn this continuation to our first…

Read about this article