Chapter 8: Red, Blue, and Purple Teaming

Active defense, which we discussed in Chapter 6, Active Defense, applies the principles of blue teaming. Many organizations, as part of the process of deploying new applications, as well as to provide ongoing assurance, perform red teaming to ensure that at least the obvious security vulnerabilities have been addressed before putting a new application or a new infrastructure out into the world. Purple teaming is a mix of the two.

In purple teaming, the defenders, or the blue team, perform monitoring and alerting, while the red team, the attackers, perform controlled attacks. During the process or afterward, the teams compare notes to evaluate how certain attacks appear on the network, whether detections ...

Get Agile Security Operations now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Agile Security Operations by Hinne Hettema

Chapter 8: Red, Blue, and Purple Teaming

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly