SiliconAngle reports that more companies have been conducting purple team cybersecurity threat evaluations, with security penetration testing firm SpecterOps being the latest to create a collaboration between its offensive and defensive cybersecurity teams in testing and defending corporate systems.
Realistic attack simulations and partnerships with other security staff are being conducted by purple teams in a bid to bolster organizational prevention, detection, and response to cybersecurity threats, indicating a significant difference from red teams that independently simulate attacks as an external threat actor, said Mandiant Managing Director Evan Pena.
Despite the benefits of purple teaming, such an approach may not be suitable for other organizations, according to We Hack Purple founder Tanya Janca.
"I wonder how many companies are actually mature enough for effectively using such a service offering. I find that a lot of companies are at the start of their journey, rather than near the end, and purple teaming is a mature activity," Janca added.
The next version of the PCI DSS will likely mean more work for pen testers and give them more leeway in conducting tests, but it also puts them under greater scrutiny. Here’s what’s new in PCI DSS 4.0.
SecurityWeek reports that more than $1 million in cash and prizes will be offered by the Zero Day Initiative for its first Pwn2Own Automotive hacking contest that will be held in Tokyo from Jan. 24 to 26, 2024.
Prioritizing Blue Team Success Over Red Team Wins
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news