As RED and BLUE teaming is such a vast subject, we will be splitting this topic into a six-part series.
There have been numerous polls and discussions on which team holds precedence. Many security professionals are torn between the two teams, but The Red Team will generally come out as the favourite.
In our opinion, most Cyber Security professionals want to be on The Red Team.
The reality is, there is no Red without Blue or vice versa … So you will always need both. The Red team uses its tactics of attack to test the Blue team’s standard operating procedure and defensive preparations. The Red team may find security holes that the Blue team has completely overlooked, and this is the purpose of having both teams. It’s then the responsibility of the Reds to document and explain the security vulnerability and work with the Blues to remediate or mitigate. There is no benefit to picking sides or investing in only one team. The important thing is that the goal of both sides is to prevent data leakage and system exploitation.
Like with any good sports game you should always have a post analysis, with full system logging on every test and records of the relevant activities. The Red team should provide information on the performed actions and findings during the “attack” and the Blue team should document the actions they took and any Red teamer’s actions found.
With limited budgets and financial constraints (until a security breach), it will always be difficult to give the required resources required to build the teams’ skills and test them. So I would recommend starting small and work upwards, but documenting and reporting on key successes to senior management will help.
To read our other InfoSec articles please follow the link below.
Contact us at SQA Consulting to find out how we can assist you in the development and build of your team’s skills, and in the testing of your cybersecurity capability.
