4/20/24
Red teams attack.
Blue teams defend.
Purple teams combine the best of both.
5
5
Basic terminology
Vulnerability scanning
Penetration test
External
§ Automated scan
§ Active attempts to
§ VA or pen testing focused on assets reachable from the public internet
looking for software with known vulnerabilities
exploit vulnerabilities and security weaknesses
Internal
Red team exercise
Purple team exercise
§ VA or pen testing focused on assets behind your firewall(s)
§ Coordinated external and internal pen test
§ Training exercise to validate that your security tools provide visibility to malicious activities; tests your ability to detect attacks
leveraging logical, physical, and social engineering attack vectors targeting specific objectives; tests your ability to impede attacks
6
6
3
Made with FlippingBook - Online catalogs