Purple teams with wings: measuring detection efficacy in the cloud

Alfie Champion, Detection Lead, and Nick Jones, Cloud Security Lead
October 2021

In the cloud, a collaborative approach to attack detection capability development pays even greater dividends than on-premises. With cloud environments evolving just as rapidly as the TTPs being used against them, and analysts monitoring and developing detections for unfamiliar technologies, an iterative, adaptive, and continuous approach is necessary for detection to remain effective.

We’ve been delivering on-premise purple teaming since 2015. And our first cloud purple team was delivered in early 2020. Since then, clients in 5 countries have used the process, and the thinking behind it has been shared publicly at conferences, globally. This eBook describes our learnings and approach to measuring and developing attack detection efficacy in the cloud, and presents the approach in 5 phases for you to adopt in your own organization.

What you’ll learn:

  • The benefits of a highly collaborative purple teaming approach (in contrast to traditional, objective-led exercises)
  • The differences between detection on-premise and in the cloud
  • The 5-phase purple teaming approach we use to measure and drive further cloud detection efficacy
  • The background of this approach

Accreditations & Certificates

F-Secure Consulting (F-Secure Cyber Security (Pty) Ltd) is a level 4 contributor to B-BBEE with a procurement recognition level of 100%. Learn more and download our B-BBEE certificate. Click here to read the press release.

Follow us
@fsecure_consult F-Secure-Consulting f-secure-foundry fsecurelabs