Red Teaming – sometimes casually referred to as ‘Red Team Penetration Testing’ – is primarily aimed at subjecting companies to an attack simulation that is as realistic as possible. This is used to answer specific questions and focus on issues: Can my most sensitive systems be attacked, and my most valuable data stolen? If so, how? Can my team detect attacks at all, or would we be ‘blind’ in an emergency? If we do detect attacks correctly, how quickly and how effectively do we respond? What security aspects have we not yet considered?
Purple Team Exercises, on the other hand, focus not on reality, but on improving all the skills and capabilities of the defense (i.e., the Blue Team) as quickly and as strongly as possible. During a Purple Team engagement, sometimes called Purple Team Training, the Red Team plays through the various phases of a hacking attack, gradually increasing the severity and skill level of the attacks.