VECTR™ is the first platform designed to facilitate your Red and Blue security teams through comprehensive Purple Team Threat Simulations. Document your attacks, gauge the effectiveness of your defensive tools, strengthen your security, and improve your detection capabilities through historical performance tracking.
Why Purple Teams?
The concept of purple teaming is not new. We’ve been doing it for years; it was just disjointed and we didn’t call it “purple” or “red and blue”. Instead, the red team “broke in” (usually walked in), perused the aisles, took what they wanted, and then wrote up a scathing report with lots of items for the blue team to “fix”. The end result was the red team left with a “mission accomplished” feeling and the blue team was left feeling dejected or confused or angry and then tasked with digging through log sources to find out what went wrong with all the defensive controls they painstakingly put in place but still “didn’t see anything”. We aim to identify:
Lack of coverage
Event sources lacked coverage over portions of the network and the applications that attackers may hitting the hardest. The red team doesn't have to be stealthy if no one is watching.
Signals lost in the noise
Alerts are firing, but way too often to make them meaningful and separate out the false positives. Identifying attack patterns that lead to the creation of high fidelity alerts is a core concept of purple teaming.
Need for engineering
Relying on research, blog posts and a base set of rules from toolsets sometimes aren't enough. Engineering alerts based on business use cases time is needed to reliably detect the basics like password guessing against VPN endpoints and lateral movement across the network.
We developed a tool to help streamline purple team assessments. We call it VECTR™. It provides a centralized dashboard for tracking all things Purple. A quick feature list:
- Real-time tracking during Purple Team Simulations
- Measure progress across phases, test cases completed, and outcomes
- Centralizes red team arsenal and blue team recommendations/tuning
- Ability to add custom test cases and target assets
- Manage view of a toolset inventory
- Produce summary and detailed reporting for Purple Team outcomes
- Provide historical trending of Purple Team exercises