The F-Secure Guide to Purple Teaming

Consultant research team: Alfie Champion, Luke Roberts, and James Coote
October, 2020

CISOs and SOC teams can improve their detection capability by designing it around the motives of real attackers and the tactics, techniques, and procedures (TTPs) they are known to use. Instead of building detection measures against a fictitious threat, security investment is given to those needed most.

This paper depicts the step-by-step walkthrough of a collaborative purple team exercise. True-to-life, it is based on recent client engagements and real threat intelligence gathered by our consultants. Detailed representations and explanations allow readers to draw their own conclusions and anticipate how purple teaming could improve their own organization's cyber resilience.

In this whitepaper

Experience the delivery of a purple team exercise through the eyes of a fictional client. This is based on recent real-world engagements led by our consultants. Readers can draw their own conclusions on identifying high-risk cyber detection gaps and improving an organization's prevention and detection capabilities.

It will help readers see:

  • A realistic walkthrough of a purple team exercise, focusing on the involvement and development of the SOC
  • A demonstration of contextual, intelligence-based testing and its value
  • Analyses of the threat intelligence and attack simulation software that build authenticity into the exercise
  • Examples of the TTPs used by known threat actors to bypass detection controls
  • Examples of cost-effective remediations
  • Detailed insights into the data and recommendations contained in a purple team report


This paper is most suitable for organizations:

  • That have an advanced security posture, including a dedicated SOC

  • Looking to prioritize the implementation of new detection controls

  • In need of evidence-based resources to justify security spend 

  • (In some cases) Whose security infrastructure is not well understood

  • At the roadmap stage of planning new security investment

“Purple teaming is a continual cycle of discovery and feedback...the results provide a baseline that can be cited to continually demonstrate detection improvement and ROI.”

Accreditations & Certificates

F-Secure Consulting (F-Secure Cyber Security (Pty) Ltd) is a level 4 contributor to B-BBEE with a procurement recognition level of 100%. Learn more and download our B-BBEE certificate. Click here to read the press release.

Follow us
@fsecure_consult F-Secure-Consulting f-secure-foundry fsecurelabs