The purple team begins by analyzing
intelligence to determine the data breaches and threat groups most
active in your industry vertical. They use this intelligence to create
Verodin SIP scenarios to emulate the tools, tactics and procedures
(TTPs) used by those groups. This tests your security team’s ability
to detect and respond to industry-relevant threats in realistic scenarios.
Your security team works directly with a
FireEye Mandiant incident response consultant and red team consultant
at each phase of the attack lifecycle in an attempt to detect scenario
activities. If malicious activity is detected, the purple team works
with your security team to ensure an appropriate response to the
detected activity and the existence of procedures to ensure continued
success. If malicious activity is not detected, our consultants work
with your security team on how to better use existing logging,
monitoring, and alerting detection technologies during the next
simulation attempt. They may also identify areas for technological improvement.
FireEye Mandiant Attack Lifecycle
The purple team tests the client security team’s
capabilities against every phase of the attack lifecycle.