Red teaming and blue teaming
In this section, we'll develop a view of what purple teaming is by considering the operations of a red team, a blue team, and a purple team.
The context for a blue team, in terms of our closure of the incident loop, which we discussed in Chapter 3, Engineering for Incident Response, is given in the following diagram.
The purpose of a blue team is to improve the security posture by preventing breaches, improve the discovery of breaches by providing better detection, and improve how breaches are analyzed and contained. The main purpose of purple teaming is to give the blue team an expanded approach to do just that.
The focus points of this chapter are depicted in the following diagram, which, as you might notice, is an extract of the agile incident response loop we discussed in Chapter 3, Engineering for Incident Response.
There are several ways in which the blue...