As RED and BLUE teaming is such a vast subject, we will be splitting this topic into a six-part series.
- InfoSec Colour Team – Red VS Blue – The Red Team
- InfoSec Colour Team – Red VS Blue – The Blue Team
- InfoSec Colour Team – Red VS Blue – The Top 5 Red and Blue Team skills
- InfoSec Colour Team – Red VS Blue – Which is more important Red or Blue?
- InfoSec Colour Team – Red VS Blue – Test, Test, Test again
- InfoSec Colour Team – Red VS Blue – The Conclusion
Which is more important, The Red or The Blue Team?
There have been numerous polls and discussions on which team holds precedence. Many security professionals are torn between the two teams, but The Red Team will generally come out as the favourite.
In our opinion, most Cyber Security professionals want to be on The Red Team.
The reality is, there is no Red without Blue or vice versa … So you will always need both. The Red team uses its tactics of attack to test the Blue team’s standard operating procedure and defensive preparations. The Red team may find security holes that the Blue team has completely overlooked, and this is the purpose of having both teams. It’s then the responsibility of the Reds to document and explain the security vulnerability and work with the Blues to remediate or mitigate. There is no benefit to picking sides or investing in only one team. The important thing is that the goal of both sides is to prevent data leakage and system exploitation.
Like with any good sports game you should always have a post analysis, with full system logging on every test and records of the relevant activities. The Red team should provide information on the performed actions and findings during the “attack” and the Blue team should document the actions they took and any Red teamer’s actions found.
With limited budgets and financial constraints (until a security breach), it will always be difficult to give the required resources required to build the teams’ skills and test them. So I would recommend starting small and work upwards, but documenting and reporting on key successes to senior management will help.
To read our other InfoSec articles please follow the link below.
Contact us at SQA Consulting to find out how we can assist you in the development and build of your team’s skills, and in the testing of your cybersecurity capability.