Please let us know where you are, or where you would like to be in the world so we can point you in the right direction.

Sometimes attack is the best form of defence and that’s the concept behind red teaming in cyber security. Red teaming pits two security teams against each other (an attacker and a defender). The attacker is a team of ethical hackers – the defender is an organisation’s team of cyber security personnel.

The point of the exercise is to assess blue team’s response to an attack and identify weak points. It’s a way to determine security maturity. Often, it’s the only way to see what the outcome of a cyber-attack would be in real-world situations. This is achieved by deploying red team without giving blue team any prep. Think unplanned fire drill.

The teams

Red team

Red team consists of ethical hackers. They’re formed to identify and assess any vulnerabilities in security. Their attack will reveal the security limitations and risks in an organisation, so that the organisation can act on them. The process is repeatable periodically, using different hackers, so that new, alternate options for attack are created and implemented. This keeps the test current and up to date.

Blue team

Blue team consists of an organisation’s cyber security personnel. Depending on the organisation’s structure, these personnel may include a security analyst, security engineer, security architect or security administrator. Some organisations have people in specialised roles, such as security incident responders. Whatever the case, blue team is made up of the people who would likely respond to an attack in real-time.

How teams are formed

Red team

Red team is formed by review. It can be a team within the organisation, but most teaming sees an external force brought in. This brings new ideas into the fray and can expose personnel to hackers of a higher calibre than they’ve experience before. Red team is formed to offer a tough challenge.

Blue team

Blue team is formed by bringing together the least and most experienced cyber security personnel in an organisation. This mix of cyber security boffins creates realistic conditions for the attack. Some logistics may be required to bring everyone together without giving up the game. Reassignment may be needed.

When to deploy a red team

A red team can be set loose in your environment at any time. However, most tests are reactive and will be carried out when:

  • A new security software or program is deployed. Deploy a red team here to see how the software fairs against real attackers.
  • When a new type of cyber-attack becomes known. Deploy a red team here to give your blue team real-world experience of the unknown.
  • When a security team changes (such as the addition of new personnel). Deploy a red team here to assess blue team’s new members.

The effectiveness of red teaming

Red teaming is highly effective at ensuring you have the appropriate measures in place to secure your organisation. Without prior warning to blue team, your organisation will come under cyber-attack. This’ll force blue team to kick into action, just like a squadron under fire, and it can be very interesting to see how they react.

Will they follow protocol and neutralise the threat? Or will they lose their heads?

The members of blue team are evaluated in addition to the organisation’s security infrastructure, helping to create a true security picture and a complete risk profile. This can then be used to improve cyber security before the next test.

Share