Purple teams with wings: measuring detection efficacy in the cloud
Alfie Champion, Detection Lead, and Nick Jones, Cloud Security Lead
October 2021
In the cloud, a collaborative approach to attack detection capability development pays even greater dividends than on-premises. With cloud environments evolving just as rapidly as the TTPs being used against them, and analysts monitoring and developing detections for unfamiliar technologies, an iterative, adaptive, and continuous approach is necessary for detection to remain effective.
We’ve been delivering on-premise purple teaming since 2015. And our first cloud purple team was delivered in early 2020. Since then, clients in 5 countries have used the process, and the thinking behind it has been shared publicly at conferences, globally. This eBook describes our learnings and approach to measuring and developing attack detection efficacy in the cloud, and presents the approach in 5 phases for you to adopt in your own organization.
What you’ll learn:
- The benefits of a highly collaborative purple teaming approach (in contrast to traditional, objective-led exercises)
- The differences between detection on-premise and in the cloud
- The 5-phase purple teaming approach we use to measure and drive further cloud detection efficacy
- The background of this approach
Related resources
Cloud security: striking the balance between risk, speed, and cost
Your organization’s risk profile will impact how you approach cloud migration. Learn how to balance your security needs with speed and cost efficiency.
Find out moreThe Microsoft Azure Security Framework
Inspired by Scott Piper’s roadmap for building cloud security in AWS, our MS Azure security framework provides the building blocks required to harden your Azure platform from the ground up.
Download now
How the cloud has changed detection
The cloud may have moved the goalposts for cyber detection, but the rules of engagement can still be understood and mastered by those moving from on-premise security.
Find out more