The Evolution of Purple Teaming

In S5E19 of the BSM podcast, host Steven Bowcut welcomes Jared Atkinson, the Chief Strategist at SpecterOps and the host of the “Detection Challenging Paradigms Podcast.” The episode focuses on the dynamic and increasingly important topic of purple teaming within cybersecurity.

Key Points Discussed:

– Evolution of Purple Teaming: Jared delves into the progression of purple teaming practices and their significance in the current threat landscape. He emphasizes how both defensive (blue team) and offensive (red team) strategies have melded to form a more comprehensive security approach.

– Testing Landscape and Vendor Claims: The conversation touches on how the testing landscape has evolved, particularly considering vendor claims about the capabilities of their security solutions. Jared scrutinizes these claims and suggests a more measured approach to evaluating their efficacy.

– Shortcomings in Purple Team Assessments: Jared enumerates the reasons why many purple team assessments don’t reach their full potential. These shortcomings often stem from a lack of realistic testing scenarios or comprehensive coverage of possible attack vectors.

– Role of New Frameworks: The introduction of new frameworks like Atomic Testing is highlighted as a game-changer in the field. Jared talks about how these frameworks can improve the precision and effectiveness of security assessments.

– Building and Selecting Test Cases: The importance of building and selecting diverse and relevant test cases is discussed. Jared underlines the necessity for organizations to cover a wide range of attack techniques in their testing protocols.

– Evolution of Attack Techniques: Examples of how attack techniques have evolved over time are provided, offering listeners insights into the adaptive nature of cyber threats.

– Analyzing Malware Samples: Jared points to SpecterOps’s 10-part blog series that offers a deep dive into the technical aspects of malware sample analysis, an essential skill for modern threat hunters.

– Future of Purple Teaming: Finally, Jared presents his perspective on the direction purple teaming should take in the future. He stresses the need for continual adaptation and the adoption of forward-thinking strategies to stay ahead of threat actors.

The episode serves as an informative piece for cybersecurity professionals looking to understand the current state and the progression of purple teaming. Jared Atkinson’s expertise provides listeners with a detailed examination of the challenges and considerations essential to advancing the effectiveness of cybersecurity defenses through collaborative and realistic testing. The discussion not only sheds light on current practices but also charts a course for the future of purple teaming, making it a must-listen for those engaged in or interested in the strategic aspects of cybersecurity.

About our Guest

Jared Atkinson is a security researcher specializing in Digital Forensics and Incident Response. Recently, he has been building and leading private-sector Hunt Operations capabilities. In his previous life, Jared led incident response missions for the U.S. Air Force Hunt Team, detecting and removing Advanced Persistent Threats on Air Force and DoD Networks. Passionate about PowerShell and the open-source community, Jared is the lead developer of PowerForensics and Uproot.

Click the image below to listen to this Brilliance Security Magazine Podcast episode.

Steven Bowcut is an award-winning journalist covering cyber and physical security. He is an editor and writer for Brilliance Security Magazine as well as other security and non-security online publications. Follow and connect with Steve on Twitter, Instagram, and LinkedIn.