Purple teaming for global industrial company
Client need
Validating detection and response capabilities
A Finland-based global industrial company wanted to validate that their security operations center could detect the most critical attack techniques, while also identifying weaknesses in their environment that real-world attackers might exploit.
The company operates complex environments spanning both operational technology (OT) and traditional IT infrastructure. Given the critical nature of industrial operations, ensuring robust detection and response capabilities was essential for protecting both business continuity and safety.
We delivered
Collaborative purple teaming engagement
The purple teaming approach centered around executing real-world attacker Tools, Techniques and Procedures (TTPs) in the environment within full view of the SOC. Fraktal defined the attack scenarios together with stakeholders from the client organization. All test cases were mapped to the MITRE ATT&CK framework where applicable.
The details of testing activities in each scenario were documented in a detailed fashion and shared with both the client and their security partners, facilitating efficient information sharing and fast mitigation of identified issues. This documentation also makes it easy to re-execute scenarios or individual test cases to validate the effectiveness of implemented mitigations and improvements.
Comprehensive reporting
Fraktal delivered a detailed timeline of the executed tests along with associated detection and response information, showing the capabilities of security monitoring and highlighting possible gaps. We also delivered a report detailing weaknesses and vulnerabilities that would help real-world attackers in achieving their objectives.
Our approach
Transparent collaboration
We maintained full visibility of testing progression through our platform, enabling real-time cooperation between our specialists, the client's security team, and their SOC provider. This transparency ensured immediate knowledge transfer and skill development.
MITRE ATT&CK mapping
All attack scenarios and test cases were mapped to the MITRE ATT&CK framework, providing a standardized reference for understanding the threats tested and enabling clear communication about detection coverage and gaps.
Phased delivery
The engagement followed a structured approach: preparation and scenario planning, purple teaming execution sprint, and finally reporting with remediation guidance and a review workshop.
Working with the blue team
Our specialists worked directly with the client's security team and other stakeholders throughout the engagement, ensuring that defensive capabilities were strengthened through hands-on collaboration rather than just testing.
Key outcomes
Improved detection and response
The engagement validated and improved the client's ability to detect critical attack techniques, with clear documentation of where detection capabilities were strong and where gaps needed to be addressed.
Critical vulnerabilities identified
We identified vulnerabilities in both OT and IT environments that real-world attackers could exploit, enabling the client to prioritize remediation efforts based on actual risk to their operations.
Actionable remediation roadmap
The client received detailed guidance on mitigating identified issues, with the ability to re-run specific test cases to validate that improvements were effective.