What is Purple Team? Updates to SEC599

  • Webcast Aired Wednesday, 20 Jun 2018 11:00AM EDT (20 Jun 2018 15:00 UTC)
  • Speakers: Stephen Sims, Erik Van Buggenhout, Chris Gates

After seeing so many blue teamers take a penetration course, authors Stephen Sims and Erik Van Buggenhout created SANS first Purple Team course SEC599: Defeating Advanced Adversaries Purple Team Tactics and Kill Chain Defenses. But what is Purple Teaming? Does 1+1=3 here?

"In my experience, after years of teaching penetration testing classes for SANS, over half of the students in each class are not actually penetration testers. In fact, they most often worked in a defensive role and were coming to these courses to learn about the techniques used by attackers so that they could better defend their networks", says SANS Fellow, Stephen Sims.

"Single, stand-alone solutions, tools, and techniques will only get us so far," comments course author and instructor Erik Van Buggenhout, "If we want to stop advanced adversaries effectively, we have to ensure we have an in-depth approach to defense where we can implement security controls that counter each and every one of their attacking moves."

The newly updated SEC599 course contains over 20 hands-on labs, culminating in a full-day Defend the Flag exercise. Get an in-depth understanding of purple team tactics and how to implement kill chain defenses in order to defeat the adversary. This webcast will review what Purple Teaming is, team exercises, and new updates to the course. Well reserve time at the end for webcast attendees to ask SANS authors Stephen Sims and Erik Van Buggenhout questions about the APT cycle, Purple Team and the newly updated SEC599.