GRIMM Blog

The Purple Team - Organization or Exercise As the cybersecurity industry continues to evolve, the use of certain terminology is changing and becoming more prevalent; such as the increased mention of Red Teams and Blue Teams inside boardrooms and IT departments. With the use of these terms, it is also means their definitions can be broad or confusing, sometimes becoming interchangeable with other terms which may or may not be applicable. For example, a staff member may use the term “Red Team” however this could refer to either an internal team within that organization or an external Penetration Testing Firm. One such term that has been gaining popularity is “Purple Team”. Though the term can reference a formal organization of staff within a company, it is far more commonly referencing a type of cyber security exercise. Exercise The most common use of the term “Purple Team” is in to reference a specific exercise in which an offensive engagement transforms into a defensive learni

DNI Threat Assessment - Practical Guidance for your Company Last week the Director of National Intelligence released a Worldwide Threat Assessment. It’s fairly short and to the point (only 42 pages), but I wanted to summarize for those who don’t have time to read it and help apply it to enterprise defense. The main two things to take away from this report are: Threats: there are real threats against your organization, and Capabilities: it’s important to understand their capabilities. Who they are, their motivations, and where they live is not important for most organizations. First, we’ll look at some of the threats in the report related to critical infrastructure, then we’ll move on to those faced by large corporations and financial institutions.   The report says that China can conduct localized attacks such as “disruption of a natural gas pipeline for days to weeks.” The same is said for Russia with the example being “disrupting an electrical distribution network for a