The power of purple teaming as a more effective alternative to traditional penetrating testing can be seen throughout the results of the CyberRisk Alliance survey. Respondents increasingly see it as a better way to vet existing tools, tactics, and procedures. It is also seen as a more effective way to help security decision makers steer their investments to the right places.
Though both types of AASEs challenge an organization’s general cybersecurity readiness, including incident response and asset protection plans, purple team adoption was seen as adding several benefits, especially the prospect for improved collaboration between red and blue teams. Additionally, with the help of purple teaming platforms offering advanced features like artificial intelligence, machine learning and data analytics, survey respondents indicated they have used their purple teaming outcomes to lobby for more cybersecurity budget.
When asked specifically if their organization engaged in some type of AASE, almost half (45%) of survey participants said they had conducted such exercises, whether red team-blue team or purple teaming, or both. Among the study’s key findings:
- Purple teaming is gaining popularity, with more than one in four red team/blue team users having evaluated or trialed a purple teaming solution or approach and another third intending to give purple teaming a try in the coming year.
- The tech, industrial and financial services sectors were most experienced with purple teaming and use results to help shape their cybersecurity strategies, rather than just vetting current security controls.
- Even with a more strategic emphasis, almost 9 out of 10 purple team users found the exercises “very effective” in defending their organizations against ransomware and other advanced attacks.
- While both types of AASE users expected a reduction in future attacks because of exercises, purple teamers were more likely (88%) to believe their cybersecurity defenses had improved, compared to those using only red teams vs. blue teams (52%). Their programs appeared to be more strategic, using results to advocate for more resources, talent, and tools than those who don’t conduct purple teaming exercises.
- Among the top challenges for red team/blue team adopters are siloed data and the inability to apply data analytics, limited resources to conduct exercises and a process that takes too long.
- Two-thirds of existing purple teaming users intend to invest more budget into this approach in the coming 12 months