The Benefits of Purple Teaming Your SOC Analysts

Purple teaming in cybersecurity is an important way to measure how prepared your security operation center (SOC) is to prevent, detect, and respond to cyber-attacks. However, when most people take advantage of purple teaming’s benefits they typically focus on measuring the performance of a SOC’s technology and processes. That leaves a gaping hole: Are your SOC analysts, your frontline defenders, fully trained and prepared to take on adversary activity?

To realize the full benefits of purple teaming, you’ll need to understand how your overall systems’ performance, and including your personnel. If you want an elite team facing off against cyber attacks, you need to train against adversary tactics before an actual attack takes place.

Watch the video below for an inside look at the benefit of using purple team for your people, using hard data, identifying issues, resolving them, and providing training tailored to the cyber threats your organization is facing.

Learn More:

Measure Your SOC’s Live Fire Performance

6 Best Ways to Improve Your SOC Analysts’ Skills

The Importance of Cybersecurity Training Standards

Video Transcript

0:00 Intro
0:37 Personnel Performance
1:14 The SightGain Readiness Platform
2:24 Choose Your Training Scenario
2:50 The SightGain Readiness Approach
3:28 Challenges to Overcome
4:11 Overview

Using the readiness approach, we’re excited that we can evaluate and train your personnel on production. So what does this mean? This means your people don’t have to take a day off to go to a classroom. This means you don’t have to buy an extra range so that they can train against threats in an environment that may or may not look like yours. Finally, perhaps most importantly, this also means that your team can train on the actual production systems that they use every day and be evaluated against the threats that you’re expecting them to stop.

0:37 Purple Teaming Benefits: Personnel Performance

One of the biggest myths about personnel performance is that they occur in a vacuum on their own when in reality, personnel performance is at the end of technology performance and process performance before the humans have any chance of making a good decision. So it’s important to take a look at all of those as you evaluate personnel.

I remember when we first started to evaluate personnel performance on their production systems. We were using stopwatches and manually having the analysts raise their hands to tell us if and when they saw something. At that point we would record what they saw and if they saw what we actually tested them against.

1:14 Purple Teaming Benefits:The SightGain Readiness Platform

The SightGain readiness platform uses the readiness approach to start with the threat, execute those threats in a safe manner, and then evaluate higher production systems, processes and personnel are performing. Specifically for the personnel, you can identify how well your technology and your processes are serving your analyst in order to enable them to actually have a chance of making a good decision.

But we go further and dig into what decisions are they making, are they making those decisions in a timely manner, on aggregate, how fast are they doing it, how accurate are they able to identify those threats. And then at the end of the day, how many did they catch, how many did they miss. And then, like we do on the production technology side, we recommend gap filler for the personnel improvement. This gap filler can be training in terms of what the threats are, how to stop them, where to mitigate them, how to configure your specific systems to stop those threats or identify those threats, and then provide a curriculum based on the nice framework or any other curriculum standard that you want to use to train against in a repeatable manner and over a scheduled period of time.

2:24 Purple Teaming Benefits: Choose Your Training Scenario

We can do this type of evaluation for teams, for individuals. We can do it in an announced way so that they know they’re being tested, or they can do it in an unannounced way so that it’s added to the normal flow and operations of their daily routine. Likewise, we track this by individual, so we know what this particular analyst is good at.

2:50 The SightGain Readiness Approach

We know where their shortcomings are, as well as being able to aggregate that for the organization, or in high-level organizations by different echelons to figure out where things are strong, where we need to improve, and how much value we’re getting out of our personnel vis a vis the money and the investment that we’ve made.

We’re super excited about this approach to personnel evaluation and performance because for the first time, using innovation and automated breach and attack, we can finally dig into these big investments that many organizations are making into their SOC analysts. We can identify for the first time how well they’re doing on their production system and how to improve it, or should we make a better or different decision and how we deliver those services.

3:28 Challenges to Overcome

So often the biggest challenge that we’ve overcome in using the SightGain readiness platform is an attitude of not wanting to use their production system. Using the production system is critical in order to really understand and evaluate how your overall system is going to respond to threats that are out there. Unless you’re testing your personnel, you’re assuming that their classroom training or range training is going to work in the time of need.

Now with the SightGain readiness platform, they can test for the first time as if they’re experiencing it in the wild and how it would happen when that moment and time comes. So with the SightGain readiness platform, they can prepare proactively and comprehensively now for that day and time when the adversary tries to attack you in the future.

4:11 Recap

So to recap, the SightGain readiness platform starts with a threat-based approach, safely executes those malicious tactics against your technology, your processes, and eventually, your people to understand how the overall system is working and give you really concrete evidence of your personnel performance and leads you to better investments and better use of your analysts and investment inside your SOC.

If you’re excited like we are about what SigtGain can do for your personnel evaluation and training purposes, click the link below, and subscribe to our YouTube channel. We’ll continue to fill you in on all the new innovations that we’re bringing to the market.