We train your defenders (Blue Team). We do this by putting them to work together with attackers (Red Team). Blue and Red working together, that's Purple Teaming.
Are you prepared for a digital attack? Or does your network resemble a watermelon? A hard shell alone is not enough to protect you, because a patient hacker will always find ways to penetrate that shell and come in. How well can you respond to that?
Request Free ConsultTechies who can communicate!
We see it as our mission to help our clients to become more digitally mature and safer in understandable language. Based on practicing realistic attack scenarios, we help you build bridges between IT, incident response and boardroom.
We got to know each other at the Dutch Intelligence and Security Services, where we have been committed to a safer Netherlands for many years. We have experience at the highest level in the digital domain, both offensively and defensively.
Traditional methods pit attackers and defenders against each other, giving the attackers an advantage and only catching up with the defenders afterwards. We don't think that's optimal, so we put them together in one team with one common goal: the protection of your crown jewels.
We think it is important that you as an organization learn to respond better to a digital attack. Why? Because we know that someday a hacker will find a way to get into your network. How well are you really prepared for that? What can you do about prevention?
In martial arts, sparring is essential in preparation for an important match. This ideally happens with a sparring partner at the level of the opponent and just outside the comfort zone. To help an organization put up a good digital defense, we apply this principle of sparring, adjust the levels of our attacks and fully involve the organization in what is happening. With the aim of preparing you for a real digital battle.
That's why Chapter8 puts the attackers (Red Team) and defenders (Blue Team) together to learn from each other. After all, blue and red together make purple. Unlike a 'penetration test' or 'red teaming', you do not receive a report from the hackers afterwards, but they work together with your defenders in real time to make your organization more secure.
So a different approach. Therefore, Chapter8 refers to chapter 8 of The Art of War (Sun Tzu): Variation of Tactics. Doing things differently is in our DNA.
Read moreInterests to be protected. Every organization has them.
Before we start with an assignment, we start with a crown jewel analysis. Together with the client, we determine which crown jewels are located within the organisation. Blueprints? Intellectual property? Personal data? Financial information? What should really not come out on the street? Which processes are really critical?
After your Crown Jewels have been mapped, our mission starts: the Hackers 'hit' the Crown Jewels. The Hunters (defenders) gradually 'catch' the Hackers and the reaction of your organization to learn how to avoid actually hitting your Crown Jewels.
The penetration test report is met with resistance. It eventually ends up at the bottom of a drawer as a 'tick' for the annual audit. Recognizable? Then consider involving key figures from the organization and organize a Purple Teaming assignment to actually create support for the necessary changes.
System administrators regularly get the full blast when a penetration test reveals another vulnerability. But just as often they have been stating what is wrong for a long time but they feel unheard and unheard of. During our Purple Teaming assignments they - just like their management - are simply part of the Blue Team to rebalance this imbalance.
Firewalls are important and honeypots can be useful. But who analyzes the logging of these devices? How does an administrator respond to prompts from a compromised account? What are the right research questions? People, process and organization are at least as important as technical solutions. Our approach also reveals where the soft side of digital security can be improved.