Question 1

What is continuous purple teaming?

Accepted Answer

Continuous purple teaming is a subset of Adversarial Exposure Validation (AEV) that combines offensive attack simulation with defensive validation in one ongoing process. Instead of a once-a-year test, you run realistic attacks on a regular basis and check whether your controls block or detect them. The result is a current view of how your defenses hold up against real attacker behavior.

Question 2

How is Offensys different from penetration testing?

Accepted Answer

A penetration test is a point-in-time engagement that shows where you were exposed during a fixed window. Environments and attacker behaviors change quickly, so the results of a penetration test are only accurate for a brief time. Offensys runs continuously, so you catch gaps as your environment changes rather than months later. It also validates attacker techniques rather than specific tools, so your detections keep working when attackers change their implementation.

Question 3

How is Offensys different from Breach and Attack Simulation (BAS)?

Accepted Answer

Traditional BAS tools often replay known indicators or pre-recorded traffic patterns. That shows whether a specific signature fired, but not whether your detections still work when an attacker inevitably changes their tools. Offensys simulates the underlying technique, including in-memory execution and endpoint-level behavior, then correlates both prevention and detection outcomes. This prepares your defenses for future attacks by adapting to evolving threats.

Question 4

What security controls can Offensys validate?

Accepted Answer

Offensys validates the efficacy of EDR, antivirus and other endpoint controls, hardening settings, and SIEM detection rules. For each simulated technique it confirms whether the attack was blocked by your tooling, detected, or missed entirely. You can also hunt for isolated simulation telemetry in your SIEM, allowing you to target the controls that matter most to your environment.

Question 5

How does Offensys produce evidence for security teams?

Accepted Answer

Each simulation records detailed execution traces and telemetry, then correlates them with what your defenses actually caught. The output maps to the MITRE ATT&CK® framework, and it gives you evidence you can use for control validation and regulatory reporting as required by e.g. DORA or NIS2. You get a clear record of what was blocked, what was detected, and what slipped through.

Question 6

Can Offensys support a continuous security validation program?

Accepted Answer

Yes. You can schedule simulations to run on a recurring basis and re-test after changes to catch regressions early. Over time this builds a trend of how your detection and prevention coverage shifts, which helps you decide where to invest next.

Question 7

Does Offensys run safely in production environments?

Accepted Answer

Simulations are built to run in representative, production-like environments without disrupting live workloads. Execution can happen in-memory using the same tradecraft real adversaries use, and in regulated setups results can be processed locally so data stays inside your network.

Continuous Purple Teaming that proves your security controls work

How Offensys validates your security controls

Curated threat library

Continuous regression testing

Custom simulation builder

Seamless integrations

Detection engineering

Compliance-ready reporting

Why security teams choose Offensys

Behavior over tools

Advanced tradecraft

Zero-noise validation

European engineering

How it works

Offensys Packages

Flex

Features:

SaaS

Features:

On-Premise

Features:

Founding team

Sander Maas

Cas van Cooten

Cor Verhoeven

Request a demo

Frequently asked questions