IT Brief US - Technology news for CIOs & IT decision-makers
United States
Group-IB launches purple teaming service for cyber defences

Group-IB launches purple teaming service for cyber defences

Tue, 14th Jul 2026 (Today)
Sean Mitchell
SEAN MITCHELL Publisher

Group-IB has launched a Purple Teaming service designed to test whether an organisation can detect and respond to cyber attacks.

The service brings together offensive and defensive security teams in live exercises instead of relying on a post-engagement report. Group-IB's red team simulates attacker behaviour while a client's defenders monitor activity, investigate alerts, and adjust detection rules and response procedures during the exercise.

The launch reflects growing scrutiny over whether spending on cyber security tools translates into operational performance. Many companies have invested heavily in detection and response products, but some have not tested how well those systems and teams perform under conditions meant to mirror an active attack.

Unlike traditional penetration testing, the service is structured as a collaborative process with immediate feedback. Engagements can run from one to eight weeks and can be delivered on site, remotely, or through a hybrid model.

Threat scenarios

Exercises are based on scenarios mapped to the MITRE ATT&CK framework and tailored to an organisation's environment. These can include ransomware simulations, Active Directory attacks, supply chain compromise, and data exfiltration, conducted in a way intended to avoid disrupting day-to-day business operations.

The scenarios draw on intelligence from more than 1,600 cybercrime investigations carried out since Group-IB was founded in 2003. The company says this approach helps shape tests around the tactics and techniques of threat actors relevant to a client's sector and geography rather than applying a standardised set of attack steps.

The wider cyber security market has increasingly focused on validation as boards and senior executives ask whether defensive investments are effective in practice. Purple teaming has become one way to answer that question because it combines adversarial testing with coaching for internal security teams.

Dmitry Volkov, Chief Executive Officer of Group-IB, framed the issue as one of accountability for cyber spending.

"Organisations today face a fundamental accountability question: they have invested heavily in detection and response capabilities, but many have never tested whether those capabilities actually work when it matters," said Dmitry Volkov, Chief Executive Officer of Group-IB. "Purple Teaming answers that question honestly. It is not a checkbox exercise; it is a structured, intelligence-driven process that reveals exactly where detection fails, where response breaks down, and where training has not kept pace with the threat. The goal is not to expose weakness for its own sake but to convert that knowledge into a measurable improvement in resilience."

Service expansion

The new service adds to Group-IB's security resilience work alongside its threat intelligence, managed detection and response, and incident response activities. It will be available globally through the company's network of Digital Crime Resistance Centres across Asia-Pacific, Europe, the Middle East and Africa, the Americas, and Central Asia.

For customers, the practical outcome is likely to centre on identifying blind spots in monitoring and weaknesses in response processes. Group-IB says clients complete engagements with broader detection coverage, updated response procedures, and experience gained from working through realistic attack scenarios under pressure.

Konstantin Damotsev, Global Head of Group-IB's Red Teaming Practise, said the value of the exercises depends on how closely they reflect the behaviour of real attackers already tracked by the company.

"The most important thing we bring to a Purple Teaming engagement is not just our offensive toolkit, but the intelligence behind every scenario we run. When we simulate a ransomware intrusion or an Active Directory attack, we are not working from generic playbooks," said Konstantin Damotsev, Global Head of Group-IB's Red Teaming Practise. "We are replicating the specific behaviour of threat actors Group-IB has tracked, investigated, and attributed across thousands of real incidents. That specificity is what makes the exercise genuinely useful: defenders learn to detect the adversaries that are actually targeting them, not a theoretical composite. The difference shows immediately when a detection rule catches something it has never been tested against before."

Headquartered in Singapore, Group-IB operates across several regions and works with customers in sectors including government, retail, healthcare, gaming, and financial services. The company has built much of its profile around cybercrime investigation and threat intelligence, which it is now using to expand further into services aimed at testing the readiness of in-house security teams.