Monthly Archives: April 2014

Purple Teaming for Success

You know what blue teams and red teams are.  Red is our attack side, or the adversaries, and Blue is the defense side.  Unfortunately, we don’t see both teams working together in many situations.  Having a red team test your network or application provides a great service to understanding the weaknesses.  But this is not all we should be thinking about when we are trying to increase the security posture of the company.


The idea of purple teaming is that you do the assessment with both teams at the same time.   Have the blue team ready and looking for what the red team is doing.  Have the red team let the blue team know what they are doing and what they should be looking for.   The goal here is that the blue team is going to get a better understanding of what the attackers are doing and what that looks like on the network. 


Done right, the blue team should come out with better monitoring and response plans.  Seeing the attacks come through will help tune the systems and ensure that items that should be sent via alerts, are actually alerting.  This also helps because now the blue team doesn’t have to go look through logs to see everything.  They can see it much more quickly and more accurately.

Don’t fall into the trap of allowing the blue team to do something they normally wouldn’t do during the test.  You want this to be as realistic as possible.  Make note of what is happening and where your deficiencies are so you can remediate them properly.  For example, you wouldn’t want to block specific IP addresses or turn off servers just because you know a test is about to happen.  The red team is bound to find some way of accessing something.  Watch what they are doing and learn from it.  

Of course, this doesn’t guarantee that attackers will not be able to get in, but it will help build your defenses.  It will give you more confidence in what your systems are monitoring and how they are working. 

We need to start having better communication between the two sides of security.  It isn’t an “us against them” situation.  We all have the same goal: help make your company more secure.  We need to take advantage of the time we have together to really get things going rather than just testing and sending over a report that may or may not be acted upon.

James Jardine is a Principal Security Consultant at Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at james@secureideas.com, @jardinesoftware or visit the Secure Ideas – Professionally Evil site for services provided.

Professionally Evil Tools: MobiSec 1.3 Release

Wow, I can’t believe how long this release has been in the making.  a couple of years ago, we were honored to be allowed to build MobiSec under the DARPA CyberFast Track process.  We released the first two version quickly after that.  Then at DerbyCon last year, we offered our MobiSec course for the first… Continue Reading

Heartbleed: Complete Heart Surgery

Heartbleed: Complete Heart Surgery

If you haven’t seen it in the news, you must not have any technology close by.  That is right.. another story about heartbleed.   But this is different.  The goal is to discuss the patching of this nasty bug so that consumers and companies are properly protected.  We see websites telling us they have applied patches… Continue Reading

Auto-Updating Devices: How to Test?

Everyday we see new technology and devices in our everyday lives that are connected to the internet.  Smart TVs, scales, even a crockpot.  I personally have bought into the idea of the Nest products, thermostat and smoke detectors.   I have a Nest thermostat and two Nest Protect smoke alarms.   So far I really… Continue Reading

Oversharing: Who Has Access?

 What types of information do you copy to a shared folder?  Who has access to the share?  This can be a difficult problem within many organizations to handle these questions.  From a user perspective, a shared folder is just a means to collaborate.  We often don’t think about what type of data is in the… Continue Reading