From an information security perspective, a critical component of a mature organization is proper logging and alerting. This comes in the form of system, application, network and security logs feeding into a centralized log management system. These data points are subsequently parsed and correlated across business segments, products and networks to ultimately produce actionable security alerts. SpyderSec's Purple Team solution focuses on generating malcious traffic on your network and systems to ensure that your endpoints, network devices, applications, etc. are producing logs and that those logs are being collected while SIEM tools are tuned properly to alert on malicious events.
Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) and Web Application Firewalls (WAF) each play an important role in protecting organizational assets. Like other security devices and solutions, these components need to be configured properly to provide a robust or even adequate level of protection. Often times the mere purchase and implementation of one these devices is not enough to add a significant level of security; these tools must be tuned according to their environment and needs of the business. SpyderSec's Purple Team solution helps your organization ensure that these devices are implemented fully and tuned properly.
Red Teams attack and Blue Teams defend; a Purple Team is the notion of these teams working together to enhance an organization's security posture. As Red Teams mimic malicious threat actors, Blue Teams attempt to identify attack traffic, compromised machines and accounts while Purple Teams guide the process of attack and defense to ensure as new methods of exploitation are executed, Blue Teams are made aware and adapt.
SpyderSec's Endpoint Evaluation centers on the endpoint; It's Host-Based IDS/IPS, Anti-Malware, Proxy, Application Whitelisting, Firewall and other typical endpoint protection mechanisms that may be in place. The endpoint security controls are tested by attempting to bypass them in a controlled manner. This is accomplished by executing payloads, egress calls, attempted privilege escalation, process migration, system abuse, etc. while monitoring and evaluating how the endpoint detects, quarantines or otherwise thwarts attacks targeting the endpoint.