Security Assessments
Strategy & GRC
Incident Response
SERVICES
Red Team

A Red Team simulates the tactics, techniques, and procedures (TTPs) of real-world threat actors to test an organisation’s defences against likely adversaries.

Purple Team

A Purple Team exercise brings together the offensive expertise of the Red Team and the defensive capabilities of the Blue Team to identify and remediate security gaps.

Penetration Testing

A Penetration Test leverages the offensive expertise of our security team to simulate real-world attacks on your critical systems and applications. Our tailored approach uncovers misconfigurations, flawed application logic, and other security gaps that may have gone unnoticed.

SERVICES
vCISO

Our expert team can operate as an embedded part of your organisation, either as a vCISO or embedded security team.

Security Maturity Assessments

Our team helps your baseline your cyber security control and capability effectiveness and performance.

Cyber Risk Management

We help you build the right frameworks, policies and processes aligned to your risk profile across a broad range of areas. 

Cyber Strategy & Roadmap Development

Our team helps you define a long-term path forward based on your risk profile.

Technical Due Diligence

Our team uses a bespoke methodology to provide an assessment of both the existing level of risk and a quantification of the gap towards a desired target state.

SERVICES
Incident Readiness

Equip your organisation with the tools, processes, and training needed for a swift and effective response to cyber incidents.

On-Call/Emergency Incident Response Retainer

Our team will identify threats, analyse risk and damages to critical assets, and provide immediate and preventative remediation, uprooting the threat from the network.

Post-Incident Response Analysis and Remediation

After an incident has been eradicated, our expert team will identify opportunities to improve preventative controls to reduce the risk of incident re-occurrence. 

Board & Advisory Education

Our in-depth and realistic scenarios help prepare executive teams in the event of an incident to minimise the resulting impact.  

Purple Team

Combine the power of offensive and defensive teams to strengthen your security

A Purple Team exercise brings together the offensive expertise of the Red Team and the defensive capabilities of the Blue Team to identify and remediate security gaps.

By simulating real-world attack scenarios, the Red Team works alongside your Blue Team to define tactics, techniques, and procedures (TTPs) that should be detected and prevented by your existing security controls. Any gaps in control effectiveness are quickly identified, investigated, and addressed through iterative cycles, ensuring continuous improvement.

This collaboration not only strengthens your security defences but also raises awareness and enhances the skills of your defensive teams.  

Talk to us

Benefits

Significant uplift in the skills and knowledge of the internal security team 

Rigorous testing of security controls aligned to common and tailored TTPs

Testing and improvement of playbooks and procedures

Optimisation and rationalisation of security tooling 

How it works

01

Planning

As a first step, our Red Team works together with your blue team to design the exercise and define specific scenarios, TTPs and controls for testing.  

02

Attack Simulation

Our teams work collaboratively to execute the defined attack scenarios, while monitoring the performance of various prevention and detection controls, including tooling, processes and procedures. Execution will often consist of several iterations, aligned to the different scenarios in scope.

03

Analysis

Our team will review the data collected throughout the exercise, identifying key gaps and opportunities for improvement across people, processes and technologies in use. This will include any feedback and insights from the blue team. 

04

Remediation Guidance

Once the exercise is completed, we will present our recommendations on how to close the various gaps identified pragmatically, as part of a program of work.

Best Suited For

Organisations who have an internal security function with an existing detection capability, and who are eager to test and optimise its effectiveness.

Best Suited When

A detection capability has been recently established or undergone a major change. 

Speak to our team

Talk to us

FAQs

What is the difference between a Red Team and a Purple Team?

A red team provides higher realism, given that it is conducted covertly, and aims to test the effectiveness of the security stack as a whole against a specific adversary. A purple team on the other hand, is a collaborative exercise, designed to test and uplift mostly the detection capability of an organisation by testing it against a wide range of TTPs. 

Who should be involved in a Purple Team exercise? 

Purple teams commonly involve key stakeholders from the security team, depending on the organisation’s size and structure. Commonly these include the CISO, the head of the SOC, senior analysts as well as security engineers, depending on the stage of the exercise. 

How long does a Purple Team last for? 

Most purple teams run between four and six weeks, from initial planning to remediation guidance. 

What is the risk for disrupting our normal operations? 

A purple team is both well planned and collaborative in nature, minimising the chance of any disruptive activity. We would define together with your team where and how testing is to be conducted, specifically avoiding hyper sensitive areas and higher risk TTPs. 

What resources are required on our end? 

Purple teams require high involvement of the blue team, with an emphasis on senior analysts during the planning and execution phase, with less intensive involvement in the rest of the phases. The high friction is by design, as one of the main goals of the exercise is to uplift the skill level and knowledge of the blue team, which is achieved through their active participation. 

What type of gaps do you often encounter? 

We typically encounter issues related to insufficient coverage of data collection agents, inadequate playbooks and procedures, non-optimised tooling and insufficient experience identifying offensive cyber TTPs.  

How do we know we have effectively closed the identified gaps? 

Quick and simple fixes will be applied as part of the execution iterations, and the effectiveness of those fixes will be validated within the defined timeline of the exercise. Larger and more complex remediation items are validated by our team in a separate validation activity. 

How often should I conduct a Purple Team exercise?

Ideally, this type of exercise is carried out after a detection capability has been set-up, undergone major changes, or has not been tested in more than 12 months.

Copyright © 2024 Skylight Cyber All rights reserved.
Privacy Policy