© 2021 www.richardwalz.com
Richard Walz
All rights reserved.

What cyber security team are you on… blue, red or purple?

What is Red team?

Red Team in cyber security means that you are on the attacker’s side. You play the role of being the adversary to the organization or situation. This means you are trying to break or bypass physical or logical security controls but in a safe manner. Red teams generally employ a wide assortment of tools and will copy real-world attacks to get into systems.

Red Teamers in cyber security

  • In some organizations, this is a dedicated role(s)
  • In most organizations, this is a third party company
  • Pentesters
  • Develop new techniques to bypass or breakthrough security controls, both physical and logical.

What do Red teamers use?

  • Open Source/Public Information
  • Vulnerability Scanners
  • Web Application Testing Tools
  • C2 Emulation Software
  • Social Engineering
  • Custom development / scripts
  • Virtual Cloud Servers

What is Blue team?

Blue Team in cyber security means that you are on the defender side. You play the role of being the defender of the organization or situation. This means you are trying to stop an attack or improve security controls. Many defenders will utilize a defense-in-depth strategy; if one control fails, another may prevent the action. Blue teams also have various tools at their disposal.

Blue teamers in cyber security

  • In most organizations, this is a dedicated role(s)
  • Security Analysts
  • Security Responders
  • Security Operation Centers

What do blue teamers use?

  • Open Source/Public Information
  • EDR Tools
  • Vulnerability Scanners
  • Capturing Logs and Correlation of SIEM data
  • Incident Review
  • Creating Alerts / Automatic Orchestration
  • Proactively blocking new attacks through configuration or building new controls
  • Threat Hunt in the environment

What is Purple team? (I am on this team)

Purple Team in cyber security means that you are both the attacker and the defender. However, it also means that you set a strategy and oversee the big picture. This means you may be working with different functional teams in your organization as well as external resources to ensure the team can respond during a crisis. Since cyber security is an evolution, it is vital to perform continuous security validation in your environment.

Purple teamers in cyber security

  • Combination blue and red team
  • Chief Information Security Officer (CISO)
  • Chief Security Officer (CSO)
  • Information Security Officer

What do purple teamers use?

  • Perform Table Top Exercises (TTX) – company wide incident response simulation
  • Attack simulation software
  • Risk Management to identify gaps
  • Track and analyze Third-Party Vendor Management
  • Vendor Security Reviews and Assessments
  • Contract with external expertise organizations
  • Security Awareness Training