Purple Team Assessment

Evaluate and develop your cybersecurity team's capabilities in a single engagement: a purple team assessment.
Are you ready for a Purple Team Assessment?

Ready for a Purple Team Assessment?

The key to protecting your organization against critical threats is preparation. While your team may have all the right certifications, proven processes, and the latest and greatest threat detection tools, it’s hard to know how well these components will work together without testing them. Purple team assessments can help you drive your capabilities forward, evaluate a new policy or procedure, and get more value from your technology investments.

Our Approach

During this assessment, our team (the red team) executes attack scenarios to test specific aspects of your defense team’s capabilities (the blue team). Both teams coordinate their actions and responses, creating the ultimate purple team.

Phase 1

During this phase, our red team works closely with your blue team to identify the capabilities, controls, and technologies that make up your program. Focus areas include monitoring, active defense, response, and physical security.

Following these sessions, the red team designs scenario-based tests tailored to your team’s capabilities. These are provided to the blue team for feedback.

  • Information-Gathering Sessions
  • Custom Test Design
  • Project Plan

Phase 2

The red team kicks off the test scenarios, carefully logging and time-stamping all activities so they can easily be compared to blue team responses. Throughout this phase, our team works side-by-side with the blue team.

For each scenario, our team carefully evaluates the effectiveness of the controls in place, documenting recommendations for improvement when needed.

  • Test execution
  • Activity logs
  • Recommendations for improvement

Phase 3 (Optional)

For each control weakness or gap the red team identifies, our team can help the blue team make improvements or design additional controls. This typically includes developing modifications, rules, signatures, or integrations that address identified deficiencies.

  • Recommendations for improvement
  • Design assistance
  • Implementation assistance

Phase 4

In this final phase, our team provides a full report of our observations during test execution, documenting activities and responses. This report includes a summary of your overall security posture and any suggested remediation efforts. Following delivery, our team can perform additional remediation testing.

  • Summary of overall security posture
  • Documented activities and responses
  • Recommendations for improvement

Different from the Rest

At Focal Point, we take a different approach to managing cyber risk.

Customized Tests

We design our tests around your established objectives to test and strengthen your team's capabilities. Each scenario is unique to your team, program, and threat landscape.

Control Enhancements

We help your team strengthen controls through hands-on collaboration, which can include rapid retesting to ensure your defenses are now effective.

Learning Experience

Our assessments are designed to be a learning opportunity for your team. Our experts are skilled at working alongside blue team members, helping them understand complex threat vectors and the strategies required
Red Purple Team Guide
White Paper

A Guide to Red and Purple Teams

Red team and purple team assessments let you simulate the impact of a specific threat on your organization, putting your people, processes, and technologies through the rigors of an attack. In this guide, our security experts define the roles involved in these types of assessments, the strategies behind them, and their benefits.

Let's chat.

Ready to get started?

Focal Point is excited to take on your biggest data risk challenges. If you'd like to speak to a Focal Point expert or inquire about our services, please fill out the following form.

Related Content

Recommended reading for those looking to explore the world of penetration testing.
MFA Blog Post

The MFA Vulnerability You May Be Missing

Ok, now that you've patched your Windows hosts and blocked RDP access externally (right?), we can finally get to the point of this article: bypassing multi-factor authentication (MFA) and gaining access to...
Learn More
Free Tool for Finding Malicious JavaScript

A New Tool for Finding Malicious JavaScript

Why compromise just one website when you can compromise a whole bunch of them all at once? I'm sure that's what attackers were thinking in 2018 as they compromised content delivery networks (CDNs) and used...
Learn More
Password Cracking Blog

A Beginner's Guide to Password Cracking

The Focal Point Attack & Penetration team performs many internal penetration tests that culminate in a compromise of Windows Active Directory domains and access to the password hashes of all domain users. Like...
Learn More