PurpleLabs - values and benefits
- By Leszek Miś
PurpleLABS is a dedicated, virtual infrastructure for detecting and analyzing the behavior of attackers in terms of the techniques, tactics, procedures, and used offensive tools. The environment is to serve the continuous improvement of competences in the field of threat hunting and learning about current trends from offensive scope (red-teaming) vs direct detection perspective (blue-teaming). By providing high-quality training materials with the lab environment in a scalable online format, we want to enable businesses to improve the detection capacity of their SOC teams and achieve better visibility and resistance to attacks. The active participation of your organization's security team in PurpleLabs will allow you to:
- Develop the team's analytical skills required to work in the Security Operation Center environment.
- Increase awareness of the complexity and dependencies between the elements of the APT campaign and the areas of detection.
- Deliver a periodic knowledge transfer and systematic expansion of team competences in the field of Red + Blue = Purple teaming.
- Acquire Attack Paths / Attack Lifecycles and Security Event Chains skills by combining attacker’s single techniques, tactics and procedures(Chain Attack Scenarios).
- Understand the value of the Assume Breach approach and simulation of threats after early access (C2, post-exploitation, Lateral Movement, Persistence, Evasion).
- Understand what threat hunting is and why it is important.
- Acquire skills related to generating suspicious events on the layer of network and Windows and Linux operating systems and methods of their detection.
- Understand the potential of Sigma rules and their values for SIEM solutions.
- Run a validation of the current security status of the organization's network and the risks involved.
- Obtain knowledge on supplying/creating a complete SOC environment using Open Source software.