April 2014 | Secure Ideas

Purple Teaming for Success

Posted on April 29, 2014 by secureideas • 0 Comments

You know what blue teams and red teams are. Red is our attack side, or the adversaries, and Blue is the defense side. Unfortunately, we don’t see both teams working together in many situations. Having a red team test your network or application provides a great service to understanding the weaknesses. But this is not all we should be thinking about when we are trying to increase the security posture of the company.

The idea of purple teaming is that you do the assessment with both teams at the same time. Have the blue team ready and looking for what the red team is doing. Have the red team let the blue team know what they are doing and what they should be looking for. The goal here is that the blue team is going to get a better understanding of what the attackers are doing and what that looks like on the network.

Done right, the blue team should come out with better monitoring and response plans. Seeing the attacks come through will help tune the systems and ensure that items that should be sent via alerts, are actually alerting. This also helps because now the blue team doesn’t have to go look through logs to see everything. They can see it much more quickly and more accurately.

Don’t fall into the trap of allowing the blue team to do something they normally wouldn’t do during the test. You want this to be as realistic as possible. Make note of what is happening and where your deficiencies are so you can remediate them properly. For example, you wouldn’t want to block specific IP addresses or turn off servers just because you know a test is about to happen. The red team is bound to find some way of accessing something. Watch what they are doing and learn from it.

Of course, this doesn’t guarantee that attackers will not be able to get in, but it will help build your defenses. It will give you more confidence in what your systems are monitoring and how they are working.

We need to start having better communication between the two sides of security. It isn’t an “us against them” situation. We all have the same goal: help make your company more secure. We need to take advantage of the time we have together to really get things going rather than just testing and sending over a report that may or may not be acted upon.

James Jardine is a Principal Security Consultant at Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at james@secureideas.com, @jardinesoftware or visit the Secure Ideas – Professionally Evil site for services provided.

Professionally Evil Tools: MobiSec 1.3 Release

Posted on April 23, 2014 by • 0 Comments

Wow, I can’t believe how long this release has been in the making. a couple of years ago, we were honored to be allowed to build MobiSec under the DARPA CyberFast Track process. We released the first two version quickly after that. Then at DerbyCon last year, we offered our MobiSec course for the first… Continue Reading

Heartbleed: Complete Heart Surgery

Posted on April 22, 2014 by secureideas • 0 Comments

If you haven’t seen it in the news, you must not have any technology close by. That is right.. another story about heartbleed. But this is different. The goal is to discuss the patching of this nasty bug so that consumers and companies are properly protected. We see websites telling us they have applied patches… Continue Reading

Windows XP: Eol, What you need to know

Posted on April 16, 2014 by secureideas • 0 Comments

Last week Windows XP finally reached its end of life. The operating system was released back in 2002 and was (and still is) a favorite among many users. So what does it mean that it is now reached the end? Well.. If you are still using it, it will still work. You don’t have… Continue Reading

All Your Base Are Belong to #HeartBleed – OpenSSL Heartbeat Overflow

Posted on April 10, 2014 by jason_wood • 0 Comments

What You Need to Know and Do About It Unless you’ve been hiding under a rock, I’m sure you have heard about the overflow vulnerability in OpenSSL’s heartbeat extension. All today I watched my Twitter feed talk back and forth about this vulnerability and its impact. In fact, as I write this post a search… Continue Reading

Auto-Updating Devices: How to Test?

Posted on April 8, 2014 by secureideas • 0 Comments

Everyday we see new technology and devices in our everyday lives that are connected to the internet. Smart TVs, scales, even a crockpot. I personally have bought into the idea of the Nest products, thermostat and smoke detectors. I have a Nest thermostat and two Nest Protect smoke alarms. So far I really… Continue Reading

Professionally Evil Training: Tactical Burp Suite Webinar

Posted on April 3, 2014 by secureideas • 0 Comments

Tactical Burp Suite Webinar Secure Ideas is excited to announce its latest upcoming online training. We will be offering a two-hour session exploring Burp Suite and its use in a web application penetration test. Kevin Johnson and James Jardine will explore the various features of Burp Suite, focused on how we use the system during… Continue Reading

Oversharing: Who Has Access?

Posted on April 2, 2014 by secureideas • 0 Comments

What types of information do you copy to a shared folder? Who has access to the share? This can be a difficult problem within many organizations to handle these questions. From a user perspective, a shared folder is just a means to collaborate. We often don’t think about what type of data is in the… Continue Reading

M	T	W	T	F	S	S
« Mar				May »
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30

Monthly Archives: April 2014