Purple Team
In some cases, companies organize a [red-team]/[blue-team] exercise with outside resources that do not fully cooperate with internal security teams. For example, digital adversaries hired to play the part of the red team may not share their attack techniques with the blue team or fully debrief them on points of weaknesses within the existing security infrastructure — leaving open the possibility that some gaps may remain once the exercise concludes.
A so-called “purple team” is the term used to describe a red team and blue team that work in unison. These teams share information and insights in order to improve the organization’s overall security.
At CrowdStrike, we believe that red team/blue team exercises hold relatively little value unless both teams fully debrief all stakeholders after each engagement and offer a detailed report on all aspects of project activity, including test techniques, access points, vulnerabilities and other specific information that will help the organization adequately close gaps and strengthen their defenses. For our purposes, “purple teaming” is synonymous with red team/blue team exercises.