Dan DeCloss, CEO
The military does it; the National Security Agency does it; so do enterprises. The concept of a red team - blue team exercise to strengthen security capabilities is gaining importance in the enterprise landscape today.
The idea is simple: One group of security professionals—the red team—conducts security assessments, penetration testing, and full-scale cyber-attack simulations while an opposing group—the blue team—organizes defense mechanisms and bolsters the incident response capability. Companies work with these teams or adopt their distinctive operating principles to defend themselves against cyber threats. However, many a time, the lack of proper collaboration between these teams in an enterprise setting leaves companies with inefficient cybersecurity strategies. There are many reasons for this. First and foremost, enterprises today have a lot of security tools in place that provide a lot of “information.” Further, the detailed reports or ‘findings’ of red teams are not properly conveyed to the blue teams. As a result, the blue team often gets buried in the ‘noise,’ which hinders their ability to prioritize risks and respond to them. What companies need is a secure platform that can bring together all critical pieces of a security program in one place and foster the collaboration between the red team and the blue team.
Enter PlexTrac, a company that is pioneering the notion of “purple teaming” with its platform that unites red and blue teams. PlexTrac is built on a powerful idea: centralizing all security assessments, penetration test reports, bug bounty submissions, audit findings, and vulnerabilities in one place while streamlining the engagement process between red and blue teams. “Enterprises today have many tools—from Security Information and Event Management (SIEM) software to vulnerability scanners—for identifying security issues. However, at the end of the day, when an engineer or a CISO sits down, they need to understand what needs to be done for improving their security posture and also prioritize the remediation measures,” says Dan DeCloss, CEO of PlexTrac. Unfortunately, there are no solutions to assist them in this undertaking. “That’s the pain point we’re trying to solve,” DeCloss adds. “The only way to ensure optimal security is to recognize security gaps that come through penetration testing or security assessments and have those in a central location for tracking and remediation.”
Eliminating the Drudgery of Reporting
Usually, red teams produce multi-paged reports in Word or PDF format to help blue teams comprehend an organization’s security posture. Although document-based reports are detailed and comprehensive, some inadequacies remain. The blue teams fail to interpret the depth and nuances of the report, which can lead them to miss out on key areas that need attention. Also, in many cases, the reports aren’t appropriately consolidated or stored in a central location.
For PlexTrac, Purple teaming is not a single specific technical engagement— it’s a true paradigm
This means that important information can easily get lost or even duplicated, which is a loss of valuable time.
The PlexTrac platform helps red teams get away from document-based delivery of findings and, instead, present reports in simple, web-based formats. They can add artifacts, such as screenshots and even videos, to accurately convey how they discovered certain vulnerabilities. After presenting the reports, the platform also makes the follow-up process easier. “It’s not a static document. We have status tracking on those reports. An organization can see the progress they made on those findings and vulnerabilities. That’s how we elevate the reporting piece,” DeCloss comments.
Most importantly, PlexTrac accelerates the reporting process, enabling the security teams to spend more time carrying out their core duty—finding security gaps. In one instance, for one of its clients, PlexTrac cut down the time spent on generating reports by 75 percent.
Furthermore, the platform’s integration capabilities with vulnerability scanners such as Nessus, Burp Suite, and Nexpose, allow security teams to seamlessly import findings from these sources and integrate them in the report. The capability to visualize all reports from a single pane of glass is highly beneficial for internal security teams and the leadership team.
Analytics and Making Reports more Intriguing
After aggregating data and enabling red and blue teams to work in tandem, PlexTrac can translate consolidated reports to insightful visualization through its analytics module. Subsequently, security teams can easily comprehend the crux of the reports and implement necessary organization-wide measures while monitoring their security posture in real-time. It also allows stakeholders to identify areas that need more resources and effort allocation.
PlexTrac doesn’t just stop there. It helps businesses understand how every department in their organization is functioning in terms of cybersecurity. The platform enables users to track and analyze how safe and proactive other constituents are. Take a venture capital firm, for example. The firm wants to keep a solid perspective on the cybersecurity posture of its portfolio companies. PlexTrac allows the VC firm to keep track of the security posture of all their different companies from a centralized location. Another example can be cyber breach insurance provider that can use PlexTrac to evaluate and compare the cybersecurity posture of their diverse clientele. They can track all of the relevant data from a centralized platform and benchmark their clients to aid them in setting premiums in a streamlined and informed way. This capability of making informed decisions translates to better business outcomes.
PlexTrac also offers a robust tagging mechanism. This enables security teams to categorize and understand how companies from a different industry vertical are addressing the same kind of vulnerabilities. In addition, with the “white glove treatment,” the company helps organizations to brand the cybersecurity assessment reports in their style and letterhead. Similarly, clients can export reports into beautiful and custom-formatted Word documents by leveraging PlexTrac’s powerful template engine.
Success Stories that Speak for Themselves
The unique value proposition has helped PlexTrac glean a legion of clients. One of them is a well-known consulting firm that was facing problems with their complicated and manual process of Word-based penetration test reporting. It was hindering the client’s capability to ensure on-time document delivery. Additionally, employees were tired of handling a large number of Word documents manually. The company was looking for an automated solution that could produce document-based reports and make the process faster. Leveraging the PlexTrac platform, the client was able to centralize diverse reporting functions and reduce the reporting time by 60 percent. The platform also allowed the client to license some of its subcontractors to write reports for them, eliminating an additional painstaking process of quality assurance for subcontractor reports. Now, the consulting firm can see all their activities from a centralized location and can easily access reports that they had written in the past. Also, the firm utilized the writeups database (WriteupsDB) that holds several writeups from authoritative sources as well as their own repository of common findings. This enabled the client to import a relevant writeup into a report with a single click. In essence, PlexTrac enabled the consulting firm to focus more on their actual business by exponentially reducing the time invested in reporting.
"The only way to ensure optimal security is to recognize the security gaps and have them in a central location for tracking and remediation"
In another instance, PlexTrac helped a client that was struggling without a platform where they could centralize and adequately manage all findings from external pen testers. PlexTrac allowed the client to place all findings in a central location, run analytics to turn reports into compelling visualizations, and make a prioritized list of the results. As an outcome of the partnership, the client understood areas that require more focus, and they allocated resources in a streamlined manner.
Through the success of their clients, PlexTrac has drawn a comprehensive roadmap for its future. “We plan to leverage threat intelligence to help our clients prioritize different issues. However, we leave it in the hands of the practitioners because engineers and analysts know their environment better and understand what they should prioritize,” mentions DeCloss.
Staying safe from cybercriminals is going to be a challenge for businesses in this new decade. The PlexTrac platform will allow organizations to be more proactive by enabling them to understand their security posture in real-time and make more informed decisions. “For PlexTrac, Purple teaming is not a single specific technical engagement—it’s a true paradigm,” concludes DeCloss.