Group-IB’s New Purple Teaming Service Asks an Uncomfortable Question: Does Your Security Actually Work?

CYBERSECURITYGROUP-IBPurple TeamingTECHPLUGGED.COM

Most enterprise security budgets buy tools. Very few buy proof that those tools work. Group-IB is betting that gap is worth a product.

The Singapore-headquartered threat intelligence firm today launched a Purple Teaming service, a live security validation exercise that drops offensive and defensive specialists into the same room at the same time. Group-IB’s red team runs adversary scenarios. The client’s own defenders watch, respond, and then immediately rewrite their detection rules and response playbooks while the attack is still happening.

Not another pentest report

The distinction Group-IB keeps drawing is against traditional penetration testing, which ends with a PDF delivered weeks after the fact. Purple Teaming is structured as a feedback loop inside a single engagement: attack, detect (or fail to), tune, repeat.

Every scenario is mapped to the MITRE ATT&CK framework and drawn from Group-IB’s own threat intelligence rather than a generic catalogue. Engagements can include ransomware simulations, Active Directory attacks, supply chain compromise and data exfiltration, and they run anywhere from one to eight weeks, on-site, remote or hybrid. The company says none of it disrupts live business operations.

The intelligence backing comes from more than 1,600 high-tech cybercrime investigations Group-IB has run since it was founded in 2003. The pitch is specificity: scenarios reflect the actual techniques of threat actors targeting a client’s industry and geography, not a composite adversary assembled from a framework.

“Organisations today face a fundamental accountability question: they have invested heavily in detection and response capabilities, but many have never tested whether those capabilities actually work when it matters,” said Dmitry Volkov, Group-IB’s CEO. “It is not a checkbox exercise; it is a structured, intelligence-driven process that reveals exactly where detection fails, where response breaks down, and where training has not kept pace with the threat.”

The catch

Purple teaming is not a Group-IB invention. The practice has been circulating in security circles for the better part of a decade, and most of the large consultancies will sell you a version of it. What Group-IB is really selling is the intelligence library underneath, and that is a genuinely harder thing to replicate than a red team roster.

It is also worth noting who is doing the grading. A vendor that runs the attack, scores the defence and then recommends the fix has an obvious structural incentive to find problems. That is not a reason to dismiss the exercise — a security team that has never been tested under pressure is genuinely worse off — but it is a reason to treat the output as a starting point rather than a verdict.

Purple Teaming joins Group-IB’s existing portfolio alongside Threat Intelligence, Managed XDR and Incident Response, and is available globally through the company’s network of Digital Crime Resistance Centers across Asia-Pacific, Europe, the Middle East and Africa, the Americas and Central Asia.