What is a Purple Team Assessment?

Updated: Oct 22, 2021

Unlike the red team engagements, the purple team testing is a collaborative exercise between both the red team and the blue team. Its goal is to let organizations better understand threat actors' TTP (Tactics, Techniques and Procedures).



How does a purple team engagement differ from a red-team engagement?

During the exercise, the attacking team (Red Team) design and execute a chain of attacks that should lead it to compromise/obtain its target/objective. In the meantime, the defending team (Blue Team) tries to detect, identify and defeat the attackers and their TTP, protecting the assessment target and the whole organisation's network.


How can my organisation benefit from a purple team engagement?

Organisations can benefit from a purple team engagement because this cooperative exercise has the ability to spot misconfiguration and weak points within the network and improve the security posture of the target by configuring and tuning its detection and response capability.


If you like this blog post, find more content in our Glossary.