We believe in Purple Teams as the best way to assess and improve technical cybersecurity defenses. What are Purple Teams? We define them as an open-book exam process that prioritizes and shows quantifiable improvements in defenses over time.
Check out our SANS Webcast recording!
Purple Teams through VECTR™ generates success defense metrics and help align Red and Blue Teams towards the same mission: protecting the organization by discovering and plugging detection gaps. If you are scratching your head on how to adopt and align to the MITRE ATT&CK Framework, this is for you.
VECTR™ is the only free platform of its kind and is taught in three SANS classes (that we’re aware of).
VECTR™ is available for free on Security Risk Advisors’ GitHub page. If you join the VECTR™ community, you’ll receive notifications of updates and new features. You will not be solicited and your contact information will not be shared.
We developed VECTR™ to help streamline purple team assessments. It provides a centralized dashboard for tracking all things Purple. A quick feature list:
Document TTPs used in Purple and Red teams so test cases can be repeated until detection rules are made successful
Light up a MITRE ATT&CK heatmap to show your teams’ mutual success and needs
Show how far you’ve come with historical trending of your metrics
Evaluate and report the effectiveness of your tools investments
Prioritize tuning and remediation activities
Report defensive capability at each phase in the kill chain
Import test cases using STIX 2.0 and TAXII