The main issue we see with organizations being able to effectively leverage their purple team testing program is speed. It just takes so long to execute a proper purple team exercise – the research, the planning, the execution, the scoring and analysis, and then implementing new detections and mitigations.
If it takes three months for the team to work through this process, best case scenario you get four exercises done in the year.
But I am guessing you’d like to do more than that. Me too.
While the team has been busy building a lot of new features and improvements into BlindSPOT, today we’re going to focus on those items that we’ve targeted to help with speeding up your purple team exercises. Our goal is to trim down those time-consuming tasks that are so necessary to execute a purple team while still giving you the ability to simulate the real threat actor activities you are worried about.
-Ben Finke, OnDefend Co-Founder/CTO
Sometimes it’s just not feasible to conduct all of the scoring directly in the BlindSPOT interface. Our scoring sheets export the data from the campaign you are working on, and allow you to score the campaign inside of Excel:
The spreadsheet file that you download has all of the details you’re used to seeing in BlindSPOT, and even has dropdowns for you to select the outcome and the security tool:
When you are done, just save the spreadsheet file, and upload it back into the campaign from the same menu, and BlindSPOT will update the campaign score for you, from the spreadsheet.
Oh, and it works for entire projects too, in one sheet!
Our BlindSPOT consulting team has seen an enormous increase in speed using these sheets to score the campaigns. Very helpful for team members who can help score, but don’t have access to BlindSPOT.
One of the most time intensive parts of a purple team exercise is the scoring – how did our tools handle those attack activities? As you may have noticed, we’ve been busy building integrations to enable autoscoring (BlindSPOT will connect to your security tools and extracts all of the alerts and logged data, and automatically score your BlindSPOT campaigns), which are very useful. But sometimes the integration just isn’t possible.
Until now…… (sorry for the cheesiness.)
We’ve built a file upload input for Microsoft’s Defender for Endpoint. MDE makes it very easy to export an entire incident to a file. BlindSPOT will now let you upload that file into a campaign and will use that file to autoscore the campaign.
This is useful in situations where a direct integration with Defender is not possible, but you’d still like to hurry up the scoring. Just find the incident (or walk the team member with access to MDE) through the process of exporting just the data you need.
Our initial testing shows this can save up to an hour per campaign, depending on your experience scoring in BlindSPOT.
While not the biggest time saver that we will talk about today, it is a whole lot faster!
Our new reporting engine is able to generate reports about 400% faster than our previous engine, generating large and complex reports in under 30 seconds.
We’ve also improved the resolution of the images and charts and have refactored the base version of the BlindSPOT report template.
You don’t need to do anything to start using this, it’s already in production.
One Last Thing….
Thank you for taking the time to read our newsletter. We are committed as an organization to continue pushing boundaries within the world of innovation, BlindSPOT is the product of that.
If you want to stay in the loop about what’s happening at OnDefend & BlindSPOT, including our upcoming webinars, the latest cybersecurity trends, and product updates, then follow us on Facebook, Twitter, and LinkedIn @ondefend.
TikTok U.S. Data Security Inc. (USDS) is further enhancing the security of TikTok users' data and protection against cybersecurity threats by appointing HaystackID and OnDefend to serve as Independent Security Inspectors (ISIs) for USDS.
Read
Trust but verify your security tools are working through BlindSPOT.
Read
OnDefend CTO Ben Finke breaks down "How to prepare for a cyberattack" for Forbes.
Read