Some history may be helpful to understand why some duplicate terminology exists, why things are named a certain way in VECTR, how cybersecurity language has changed as Purple Team exercises become more popular, and how to make use of VECTR.
Prior to VECTR, SRA conducted engagements similar to what are now called Purple Team exercises and recorded results in Excel spreadsheets. Recording data this way is challenging and difficult to maintain over time.
Before the terminology of Purple Teaming became popular, we referred to these activities as a type of in-depth Threat Modeling or Threat Modeling and Simulation. Initial development of VECTR's Threat Modeling precursor tool began in 2014 and first use occurred in 2015.
The reporting and results from this activity and tool were immediately popular with our clients. The software application was converted to a web application and VECTR was released publicly in 2016 as a free cybersecurity tool. Development continues as Purple Teaming, Adversary Emulation, and Cybersecurity in general becomes more important.
Methods of Purple Teaming¶
Different approaches to Purple Teaming can be seen in industry publications, continuing education courses, and vendor products. Some methods like Atomic Testing and Adversary Emulation will be described in later VECTR documentation.