Adversary Emulation

Our Adversary Emulation services consist of Red and Purple Teams. Red and Purple Teaming can be described as adversary simulation and emulation using real-world tactics, techniques, and procedures with the goal of educating and measuring people, process, and technology.

Adversary Emulation is a goal-oriented series of scenarios emphasizing significant depth of tradecraft while foregoing the large breadth of vulnerability coverage a Penetration Test would offer.

Emulation vs Simulation

To simulate an adversary, we would use specific TTPs associated with that adversary in order to mimic a threat as closely as possible.

To emulate an adversary, we would use whatever TTPs available, often the best or most appropriate, to mimic a theoretical adversary as best as possible. This is often what a typical red team will consist of unless specific scenarios call for mimicking an actual known adversary or TTPs.

Red Teams

The currently popular assessment type. Be advised that while this type of assessment is in high demand right now it is only recommended for mature organizations. This assessment type will not be as beneficial to you as a penetration test if your organization doesn’t have a dedicated SOC1 or MSSP.2

This type of assessment is more focused than any other type we offer. The assessment is composed of one or more exercises where each exercise contains one or more scenarios designed to test very specific human and/or technical controls. Typically red teams work against a blue team which is usually the organization’s Security Operations Center, or SOC. This is why without a SOC this assessment type is severely hindered.

Red Queen Security red team exercises and scenarios are custom built for each client during the proposal process. While many red teams focus very heavily on “winning” we put strong emphasis on educating the blue team with real world tactics, techniques, and procedures (TTPs) as they would be used by a persistent adversary.

If this sounds like something you’re looking for, request a quote.

Purple Teams

Purple Teaming is very similar to a Red Team Assessment. Like an RTA, it is only recommended for mature organizations. If your organization doesn’t have a dedicated SOC1 or MSSP2 this assessment type will not be as beneficial to you as a penetration test.

Similar to the RTA, this assessment is composed of one or more exercises where each exercise contains one or more scenarios designed to test very specific human and/or technical controls. The difference is that typically red teams work without coordination with a blue team (usually the organization’s SOC and/or MSSP). During a Purple Team, we work directly with the blue team in a more collaborative approach. While a RTA gives defenders experience responding to breaches and the unknown, a Purple Team allows for more focused and methodological testing of people, processes, and technology for gaps in the defense of an environment or organization.

Does this sound like the assessment you want? Get a quote!

  1. Security Operations Center ↩︎ ↩︎

  2. Managed Security Services Provider ↩︎ ↩︎