Purple Teaming
Purple Teaming is an approach to security testing and development in which the Red Team (2NS) and Blue Team (the customer’s security personnel and possible service provider’s SOC team) work in close collaboration to improve the customer’s detection response capabilities. Unlike the traditional security testing model, where the teams operate independently of each other, Purple Teaming combines both teams into a dynamic process in which attack techniques are tested and the customer’s defensive capabilities are developed based on findings made during the testing.
We offer the Purple Team service as a one-time project or as an ongoing service.
Purple Teaming Process
Purple Teaming is conducted in sprints, consisting of the following phases:
Definition:
The scope of testing, attack scenarios, and the attack techniques to be used (Tactics, Techniques & Procedures, TTPs) are defined and linked where applicable to the MITRE ATT&CK framework. Risk management practices and the sprint schedule are also agreed upon.
Execution:
Testing based on the planned TTPs is carried out in close collaboration with the customer’s security team. During testing, detection gaps are identified, existing control mechanisms are validated, and defenses are optimized iteratively.
Analysis and Reporting:
Test results are analyzed and the organization’s detection and response capabilities are assessed. The final report includes concrete findings, prioritized areas for improvement, and recommendations for follow-up actions.
The final report provides security leadership with a clear, decision-supporting overview of the organization’s security posture, findings, and prioritized areas for development.
Where needed, a follow-up meeting with the customer is arranged after the project to plan the introduction of Purple Teaming as an ongoing service.
Primary Goal of Purple Teaming
The goal is to develop the organization’s ability to detect, prevent, and respond to current and relevant threats – not merely to test against them. During testing, real-world attacks are simulated, defensive performance is measured, and prioritized recommendations are provided for improving security.
Purple Teaming gives security leadership a concrete view of how well existing controls, processes, and personnel perform under real attack scenarios, and where investments will have the greatest impact.
Would you like to hear more about Purple Teaming?
REFERENCES
SEE ALL
CSC
“I highly recommend 2NS for both individual technical cybersecurity training projects and for more comprehensive cybersecurity partnerships.”
Urpo Kaila, Information security manager – CSC
CableCrew Oy
“The collaboration went so well that from now on, we will use 2NS for our annual audits. Cybersecurity is extremely important to CableCrew because we operate in critical infrastructure. Communication was straightforward, and availability was excellent even outside business hours when needed. All questions were answered by the next day at the latest. Schedules were also communicated in real time.”
Satu-Maria Ravelin, HESQ Director – CableCrew Oy
Kehätieto Oy
“Our collaboration with 2NS has proceeded very smoothly. We have received the support we needed from them for both staff training and security testing of our products. We trust 2NS’s specialized expertise in cybersecurity matters.”
Juhani Ruohotie, Team Leader – Kehätieto Oy