When Is an Attack not an Attack? The Story of Red Team Versus Blue Team

Cybersecurity experts fill our days with terminology from warfare, including jargon such as red team versus blue team. The concept of ‘red team’ has its origin in wargaming. The red team plays an opposing force and attempts to bypass the barriers of the defending or blue team.  

These exercises are not about winning or losing. They help hedge against unpleasant surprises and are a safe way for organizations to test their resilience against attacks.

The exercises highlight weaknesses in defenses and reveal misconceptions or flaws in attack detection. Red team testing, or ethical hacking, does not solely focus on testing technology. It also attempts to find loopholes in processes and weaknesses in how people interact with computer systems.
Needless to say, the experts don’t kick off a red team versus blue team exercise randomly. They use a well-laid-out and designed plan. As a matter of fact, a red team engagement or ethical hacking is not just ‘executing an attack’. Teams often spend more time planning the scenarios than on the actual attack.

Red Team Versus Blue Team Pre-Engagement

In the first phase, the blue team stays in the dark. Another actor gets involved: the white team. The members of the white team are the only people that know of the red team exercise. The team includes the chief information security officer (CISO) and subject matter experts on the tested areas.

The white team referees the engagement and ensures the exercise runs fairly and does not cause operational problems. The white team agrees with the red team on the scope, the timing and the rules of engagement.

As a last step, the white team confirms the composit ..

Support the originator by clicking the read the rest link below.