![Purple teaming in the modern enterprise. [CyberWire-X] - CyberWire Daily cover](/_next/image?url=https%3A%2F%2Fmegaphone.imgix.net%2Fpodcasts%2F855b836c-3689-11f0-ad2a-073ac49e0035%2Fimage%2Fcca6449db500549f3982c5870b5f89a9.png%3Fixlib%3Drails-4.3.1%26max-w%3D3000%26max-h%3D3000%26fit%3Dcrop%26auto%3Dformat%2Ccompress&w=1200&q=75)
CyberWire Daily Podcast Summary
Title: Purple Teaming in the Modern Enterprise [CyberWire-X]
Host: Dave Buettner, CyberWire Network, powered by N2K Networks
Release Date: May 25, 2025
Introduction
In the episode titled “Purple Teaming in the Modern Enterprise”, host Dave Buettner delves into the synergistic relationship between red and blue teams within cybersecurity operations. Sponsored by N2K Networks, this in-depth discussion features insights from Justin Tiblitsky, Director of Red Team at Adobe, and Ivan Koshkin, Senior Detection Engineer at Adobe’s security organization. The conversation explores how Adobe leverages purple teaming to enhance its security posture through collaboration, real-world simulations, and continuous improvement.
Guest Introductions
Ivan Koshkin begins by outlining his journey at Adobe:
"[...] I transitioned into more of a detection engineer role. Over time, as we matured the program, collaborating with the adversarial emulation teams, especially the Red team, became natural and very fruitful."
[01:44]
Justin Tiblitsky shares his experience in building Adobe’s Red Team from the ground up:
"[...] We’re continuously building up the Red team program year over year, seeking improvements on the defense side. This is where the Red and Blue collaboration comes into play, fostering effective purple teaming."
[02:19]
Defining Purple Teaming
Justin elucidates the concept of purple teaming:
"Purple is an opportunity to strengthen the blue team. By simulating attacks and sharing techniques, we allow the blue team to build stronger defenses."
[03:00]
Ivan adds his perspective:
"We use the red team as a practice squad for real-time adversaries, enabling us to emulate threats and prepare more effectively."
[03:44]
Collaboration Dynamics at Adobe
Dave Buettner inquires about the day-to-day collaboration between teams.
Ivan describes it as a continuous partnership:
"Red team has ongoing engagements, collaborating with the blue team to track actions, measure detection effectiveness, and improve our operations."
[04:20]
Justin compares the teams to a sports practice squad:
"Like a practice squad in sports, purple teaming allows us to strengthen defenses during practice so that we can execute effectively during real incidents."
[05:08]
Real-World Examples of Purple Teaming
Justin provides a concrete example:
"We select valuable assets and plan attack paths to reach them, executing these simulations using real-world attack techniques. This helps us identify areas to harden and improve detection mechanisms."
[06:06]
Ivan explains the blue team's role in these scenarios:
"We monitor for detections during red team operations, identify any missed behaviors, and use lessons learned to enhance our detection and response capabilities."
[07:25]
Tools and Platforms Used
Justin details Adobe’s custom toolchain:
"We utilize completely custom exploits, a bespoke command and control framework, and tailor-made post-exploitation modules to simulate and execute attacks ethically within our environment."
[08:29]
Managing Team Tensions and Alignment
Addressing potential conflicts, Ivan acknowledges initial challenges:
"There were conflicting priorities as both teams matured. We developed a prioritization model to focus on critical areas and align our efforts effectively."
[09:27]
Justin emphasizes the collaborative spirit:
"We view our relationship as a friendly competition with the shared goal of securing Adobe, ensuring that any disagreements steer us toward a more secure environment."
[10:12]
Ivan concurs, highlighting teamwork over rivalry:
"Red team operations make our jobs easier by allowing us to identify and respond to adversary behaviors more efficiently, fostering collaboration across teams."
[16:05]
Lessons Learned and Advice for New Purple Teams
Justin underscores the importance of communication:
"Ensure clear communication by using shared channels and consistent terminology to avoid miscommunications and facilitate effective collaboration."
[11:21]
Ivan echoes the need for a collaborative mindset:
"View the red team as a practice squad. Aligning both teams towards the common goal of protection fosters natural collaboration and effectiveness."
[17:03]
Measuring Success in Purple Teaming
Justin discusses setting clear, business-aligned goals:
"Define what’s important to the business and agree that specific exercises will deliver meaningful outcomes, such as patching critical vulnerabilities discovered during simulations."
[14:21]
Future of Purple Teaming in the Age of AI
Justin highlights the impact of AI on threat simulation:
"With AI enabling accelerated attack chains, attackers can execute exploits much faster. This necessitates that our response capabilities also leverage AI to keep pace."
[19:08]
Ivan adds that blue teams must use AI as a force multiplier:
"To match the enhanced capabilities of attackers, blue teams must aggressively adopt AI to enhance detection and response, ensuring we stay ahead."
[20:09]
Words of Wisdom for Aspiring Cybersecurity Professionals
Ivan advises cultivating curiosity and interdisciplinary knowledge:
"Find something you're passionate about and dive deep. Interact with various disciplines to understand how a security organization functions holistically."
[21:23]
Justin recommends specialization and hands-on experience:
"Specialize in an area that excites you. Reverse engineer job expectations to guide your learning, and engage in hands-on activities to build practical skills."
[22:09]
Conclusion
Host Dave Buettner wraps up the episode by summarizing the powerful collaboration between Adobe’s red and blue teams through purple teaming. Emphasizing trust, aligned goals, and a shared mission of continuous learning, Justin and Ivan illustrate how this partnership leads to smarter, faster, and more resilient security strategies. For organizations looking to establish or enhance their purple teaming initiatives, following Adobe’s example of starting with trust, aligning objectives, and fostering a collaborative learning environment is key to success.
Notable Quotes:
-
Justin Tiblitsky:
"Practice like you play."
[05:50] -
Ivan Koshkin:
"Red team has ongoing engagements, collaborating with the blue team to track actions, measure detection effectiveness, and improve our operations."
[04:20] -
Justin Tiblitsky:
"Our goal is to secure Adobe. Even if we have minor disagreements, we are united in making Adobe more secure."
[15:38]
This comprehensive discussion provides valuable insights into the implementation and benefits of purple teaming, offering practical advice for organizations and professionals aiming to bolster their cybersecurity defenses through collaborative efforts.