Cybersecurity professionals know and love Kali Linux for all its offensive capabilities. Kali Purple is a distro on the opposite end of the spectrum, designed to offer defensive capabilities.Â
Released in 2023, Kali Purple is a relatively new distro based on the NIST Cybersecurity Framework. It has several security features and tools to fortify your machine’s defenses.
In this brief guide, we break down the basics of Kali Purple so you can start using it.
How is Kali Purple Different from Kali Linux?
The Kali Linux ecosystem’s newest member, Kali Purple, is designed for ethical hackers and other security professionals who wish to focus on defensive security strategies.
Since it is based on the NIST Cybersecurity Framework, this new distro is uniquely tailored to its target audience.
The distro features extensive resources and tools that allow you to identify security threats proactively. Furthermore, Kali Purple also enables you to respond to and mitigate these threats effectively.
That being said, Kali Purple is best used alongside Kali Linux. Kali Purple shouldn’t be viewed as a replacement for Kali Linux, as it comes loaded with a distinct assortment of security tools and layouts. You will be surprised to note the differences in the design philosophy and overall architecture of Kali Purple vs. Kali Linux.
Perhaps the biggest noticeable difference between Kali and Kali Purple is the new tool categories focused on defensive security. This change marks this distro’s departure from being a primarily offensive-oriented system.
Like Kali, Kali Purple is built using the newest Debian kernel, ensuring the distro performs optimally on modern hardware. Additionally, this new distro integrates the latest desktop environments to deliver a refined, user-friendly experience.
Kali Purple works on a SOC-in-a-box architecture, which means it comes integrated with a suite of Security Operations Center components. Kali Purple makes for a modular and interconnected platform that can streamline workflows and allow easy collaboration between cybersecurity professionals.
Using this distro as a SOC-in-a-box allows you to set up several machines and monitor a single network in many different ways. Furthermore, you can also use the machines integrated in this way to carry out red team/blue team exercises.
Besides, Kali Purple comes with the Kali Autopilot feature, enabling you to build powerful attack scripts while automating many steps in the process. This makes Kali Purple versatile – it’s not just a simple defense-oriented OS.
The New Features and Tools in Kali Purple
As mentioned earlier, Kali Purple is built according to the NIST Cybersecurity Framework. In other words, it includes tools that align with the five domains prescribed in the framework.
These domains are identify, protect, detect, respond, and recover. Having tools aligned with this framework enables a cybersecurity professional to perform a wide range of defensive cybersecurity tasks.
For this reason, many professionals believe in Kali Purple’s potential. They are betting on the distro becoming a comprehensive solution for security professionals a few years down the road.
However, it’s noteworthy that many of the tools announced for Kali Purple weren’t available on the distro during the initial release. You are required to download and install the tools you want according to the instructions supplied in Kali Purple’s Community Wiki.
Additionally, some of these tools don’t work smoothly, and many users report having trouble executing them on Kali Purple.
Considering the age of the project and the fact that it will receive regular updates, we’re hoping these issues will get resolved sooner rather than later.
Now that you know about the basics of Kali Purple’s tools, let’s discuss the tools domain-wise in further detail:
#1 Identify
Greenbone Vulnerability Management is one of the tools included in this domain. It allows you to identify and assess potential gaps in an organization’s infrastructure.
The GVM tool scans networks and systems without a break, giving security teams a chance to manage a security threat optimally when it transpires. This tool can singlehandedly allow an organization to have a strong security posture.
#2 Protect
Kali Purple’s defensive capabilities are primarily through tools such as Elastic Security.
It is a popular Security Information and Event Management tool that can grab and analyze security data from several sources. With it, you can facilitate quick detection and mitigation of threats.
But bear in mind that some users run into issues when setting up Elastic Security on Kali Purple.
#3 Detect
Monitoring and detecting security threats on a network is easy to achieve with network forensics tools, such as Arkime, which are typically included in this domain.
The tool can offer comprehensive insights into a network’s traffic and alert you if it detects any malicious activity. There are similar tools that can complement what Arkime can accomplish, such as Malcolm.
But bear in mind, many users report running into issues when setting up Malcolm.
#4 Respond
Responding to security threats effectively and at the right time is crucial for every organization’s security. This is where tools like TheHive come into play.
The forensic and incident response tool allows cybersecurity teams to manage their response and track progress and response processes.
#5 Recover
The final domain of the NIST framework involves restoring systems to their regular operational capability. Kali Purple isn’t a distro focused on forensics and incident response, but with tools like TheHive, it’s easy to devise effective recovery strategies.
The complete adherence to the NIST framework makes Kali Purple a valuable component of any security professional’s toolkit. The distro has and will continue to influence how many professionals approach cybersecurity.
