Purple Teaming for Pen Testers

Cymulate Cyclone enables pen testers to craft, automate and deliver purple teaming exercises that help their customers actively protect their network. Cyclone-based services optimize SOC detection capabilities, hone threat hunting skills and improve incident response processes.

Building upon the success of the Purple Team module for enterprise, Cymulate Cyclone is an exclusive offering for security service providers.  It is a highly customizable, automated, template-driven purple teaming platform that leverages and scales pen-testing expertise. Unlike traditional automated pen-testing solutions that only offer the adversary perspective, Cymulate Cyclone integrates with security controls to also provide the defender’s findings and correlates them with attacker actions. The platform’s rich repository of attack resources and scenarios provides immediate value out-of-the-box. Boosting productivity, it automates repetitive efforts, providing expert pen testers the means to craft sophisticated and unique purple team exercises and scenarios that can be automated and reused, empowering junior team members and freeing the experts to focus on more demanding activities.

Service offerings include:

Automate purple teaming Help your customer develop their threat hunting capabilities, optimize threat-detection technology and exercise incident response playbooks.

  • Craft, automate and launch attack scenarios
  • Correlate security-control findings and validate their effectiveness
APT group resiliency Simulate APT attacks to identify areas for improvement:

  • Detection and prevention
  • Containment and mitigation
  • Artifact gathering and cyber forensics
SOC validation Improve SOC performance and help improve key metrics:

  • Detection and alerting efficacy
  • Mean time to detect
  • Mean time to response

Bringing together customizable attack scenarios and red teaming, together with blue teaming detections, events, and alerts provides the following efficiencies:

  • Auto-correlate security-control findings to attacks
  • Auto-generate reports mapped to MITRE ATT&CK®
  • Easily generate Sigma rules with the platform based on findings
  • Export findings to MITRE ATT&CK Navigator

Automation and granular customizability help to capture and scale existing expertise. Expert pen testers and red teamers can create reusable and modifiable template-based assessments with flexibility to focus on a specific stage of an attack or recreate full kill chain APT scenario. These are shareable and can be reused in different service offerings and customer engagements by pen-testing team members of all skill levels. Templates can be used to create and automate routine and base-line assessments for additional efficiencies. Cyclone customizability provides full transparency to modify execution syntax, inputs, outputs, dependencies, and success factors. Cymulate Cyclone reporting provides a wealth of information including, mapping to MITRE ATT&CK TTPs, execution code, success indicators and output, IOCs, detection, and mitigation guidance.

Product features:

  • Fully aligned to the MITRE ATT&CK framework for the creation, execution, and analysis of assessments
  • Comes loaded with a rich repository of resources, including out-of-the-box assessment templates, executions, payloads, tools, and Sigma rules
  • Upload or create your own templates, assessments, payloads, executions, tools and Sigma rules
  • Create and modify executions in BASH, powershell, CMD, Python and more
  • Auto-correlate security-control findings to attacks via API integrations with security controls
  • Executive and technical reports generated after each assessment for efficient and comprehensive customer reporting
  • Automate and schedule assessments
  • Full support of Windows, MacOS, and Linux Operating Systems
Cymulate Cyclone | Purple Teaming for Pen Testers

Learn More About Cymulate Cyclone

See how simple it is