As RED and BLUE teaming is such a large topic, I have decided to split this SQA article into six-parts over the next six weeks.
- What is a Red Team
- What is a Blue Team
- Top 5 Red and Blue Team skills
- Which is more important Red or Blue?
- Test, Test, Test again
Which is more important Red or Blue?
There have been numerous polls and discussions about which is more important Red or Blue. Many security professionals are torn between the two teams, but the Red team will generally come out as the favourite.
In my opinion, most Cyber Security professionals want to be on the Red team.
The reality is, there is no Red without Blue or vice versa … So you will always need both.
The Red team uses its tactics of attack to test the Blue team’s standard operating procedure and defensive preparations. The Red team may find security holes that the Blue team has completely overlooked, and this is the purpose of having both teams. It’s then the responsibility of the Reds to document and explain the security vulnerability and work with the Blues to remediate or mitigate.
There should be no “red team is better than blue,” no benefit to picking sides or investing in only one. The important thing is that the goal of both sides is to prevent data leakage and system exploitation.
Like with any good sports game you should always have a post analysis, with full system logging on every test and records of the relevant activities. The Red team should provide information on the performed actions and findings during the “attack” and the Blue team should document the actions they took and any Red teamer’s actions found.
With limited budgets and financial constraints (until a security breach), it will always be difficult to give the required resources required to build the teams’ skills and test them. So I would recommend starting small and work upwards, but documenting and reporting on key successes to senior management will help.
Contact SQA on how we can assist your company to develop and build your team’s skills or how we can test your defensive capability.