// THREAT DETECTION AND DATA PRIVACY TERM
Purple Team Exercise
A security exercise where an organization's attack (Red Team) and defense (Blue Team) teams work together openly to test, measure, and improve security capabilities.
TECHNICAL DEFINITION
A Purple Team Exercise is a collaborative cybersecurity engagement integrating offensive Red Team tactics, techniques, and procedures (TTPs) with defensive Blue Team detection and response operations to validate and enhance security controls, threat intelligence, and incident response playbooks in a continuous feedback loop.
BACKGROUND
A red team is a group that simulates an adversary, attempts a physical or digital intrusion against an organization at the direction of that organization, then reports back so that the organization can improve their defenses. Red teams work for the organization or are hired by the organization. Their work is legal, but it can surprise some employees who may not know that red teaming is occurring, or who may be deceived by the red team. Some definitions of red team are broader, and they include any group within an organization that is directed to think outside the box and look at alternative scenarios that are considered less plausible. This directive can be an important defense against false assumptions and groupthink. The term red teaming originated in the 1960s in the United States.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- Collaborative security testing
- Red/Blue team collaboration
- Threat-informed defense exercise
- Blended team engagement
- Adversary emulation partnership
- Cyber threat emulation exercise
USAGE NOTE
This exercise is distinguished by its collaborative nature, focusing on rapid improvement rather than a pass/fail adversarial assessment.
DEVELOPERS
Organizations developing technology related to Purple Team Exercise.
Provides the Mandiant Security Validation platform, a breach and attack simulation (BAS) tool that automates testing of security controls against a vast library of threats. This technology is a core component of purple team exercises, allowing for continuous, data-driven assessment of defensive capabilities.
A leading developer of breach and attack simulation (BAS) platforms. Their Security Optimization Platform enables purple teams to automate the testing of security controls and programs by safely emulating adversary behaviors mapped to the MITRE ATT&CK framework.
Develops an adversary emulation platform that allows red and purple teams to create and deploy custom, realistic cyber threats in a production environment. The platform is designed for collaboration, providing visibility to both offensive and defensive teams to improve detection and response.
Pioneered the Breach and Attack Simulation (BAS) space. Their Complete Security Validation Platform simulates real-world cyber threats to continuously assess and measure the effectiveness of security layers, providing actionable mitigation insights for security teams to use in purple team workflows.
While known for its Falcon endpoint protection platform, CrowdStrike provides extensive professional services, including purple team exercises. Their technology and services enable organizations to test their defenses against simulations of sophisticated adversary tactics, using the Falcon platform for real-time detection and response validation.
A not-for-profit organization that develops foundational technology for cybersecurity. They created and curate the MITRE ATT&CK framework, the globally-recognized knowledge base of adversary tactics and techniques that underpins most purple team exercises. They also develop CALDERA, an open-source adversary emulation platform.
Provides a high-fidelity cyber range platform for cybersecurity training, testing, and live-fire exercises. Their technology creates realistic virtual network environments where blue and red teams can conduct collaborative purple team exercises to hone their skills and validate security tools and processes against advanced threats.
Offers a comprehensive SaaS-based Breach and Attack Simulation (BAS) platform. It allows organizations to run continuous security validation tests across the entire attack kill chain, providing a collaborative tool for purple teams to identify security gaps and prioritize remediation efforts.