Latest News

Traditionally, the Offenders (Red Team) and Defenders (Blue Team) have been considered two sides of the same security coin. While the Red team emulate an attacker exploiting a vulnerability in an organisation’s systems, the Blue team is responsible for building security controls to defend against the attackers. As both the activities are integral in improving the cyber security posture of a company, an integration between both mindsets is crucial in achieving the desired business objectives. Purple teaming process involves consistent knowledge sharing between both the Red and Blue teams for continuous process improvements:

  • Defence informs the offence about their controls, monitoring and how to respond to the security incidents.
  • Offence on the other hand, informs defence about TPPs (Techniques, Tactics and Procedures). 

Privasec Purple Teaming

Is it possible to calculate the return of investment on cybersecurity controls?

Traditionally, organisations have struggled to calculate the financial losses from cyberattacks/ fraud and prioritise security investments based on Return of investment (ROI). Frameworks such as APRA CPS 234 demand regulated entities to maintain information security capability commensurate with information security vulnerabilities and threats. However, the APRA CPS 234 framework doesn’t provide enough information to articulate cyber risks in financial metrics with which business executives and board are familiar with. FAIR is one framework that helps quantify the risks and measure the expected financial loss due to a cyber attack.

Dollar Value on Cyber Risks

Often, when it comes to security technologies, organisations are forced to accept the “it works, just trust us” marketing copy without ever being able to validate their effectiveness within their own environment. Thus, despite knowing the security flaws, many organisations fail to detect intrusions. Offensive security testing (i.e. Penetration tests or Red Team exercises) pinpoint many security flaws but leave it up to the organisations to fix them alone. None of these tell the IT department how to improve their tools to detect breaches or how to detect them faster. Privasec’s Breach and Attack Simulation on the other hand focuses on helping your organisation to fine tune your tools and processes and trains your SMEs to detect when you are actually under attack.

Purple Teaming copy 

Privasec Team recently sponsored the 2019 RMIA annual conference: the premier risk conference in the Asia Pacific Region from 13th -15th November. The conference featured Risk and Resilience professionals from Asia Pacific region. Privasec’s Principal Consultant, Pablo Borges was on the panel addressing management of cyber risk.

Privasec at RMIA

Privasec Red team has launched the fourth round of Privasec Red Hacking Challenge.

Privasec Red Hacking Challenge Round 3

Privasec Red team has launched the third round of Privasec Red Hacking Challenge.

Privasec Red Hacking Challenge Round 3

Our team has launched the first Round of the Privasec Red Hacking Challenge.

Privasec Red Hacking Challenge

Reshmi Hariharan and Zeeshan Zafar joined Privasec GRC Team in Sydney early this month.

Reshmi has over six years of experience in Information Security, within domains including but not limited to Operational Security Management, Governance, Risk Management & Compliance.

 

Privasec5 No Tag Line

 

The Privasec team are proud to be one of the sponsors for Australia’s biggest software security conference: OWASP AppSec Day 2019. The conference talks focus on techniques to build and deploy secure web and mobile applications and DevSecOps practices for fast agile software delivery environments.

AppSecDay also marks the beginning of our Privasec Red Hacking Challenge which will consist of four weekly challenges where we’ll give away 80 one month subscriptions to the Hack The Box penetration testing platform. Make sure you follow Privasec Red on Twitter and look out for the Privasec Red Hacking Challenge’s clues at the conference for your chance to grab a free Hack the Box subscription in the week one challenge.

Stay tuned to Privasec Red’s Twitter channel and the Privasec Blog page for updates on the upcoming challenges.

The prize giveaways are subject to the following terms and conditions:

Privasec Red Hacking Challenge