“Red team” vs. “blue team” exercises have been adapted into cybersecurity from the military and intelligence realms. As a means to simulate real-life threats and attack scenarios, organizations have been putting this methodology into play, either with internal resources, or by hiring outside experts to help find system issues and prepare for actual cyber events.
The “red team” is goaled with playing “offense,” looking for risks and exposures to exploit. This is the hacker group. The “blue team,” on the other hand, is tasked with protection of the organization’s infrastructure and shutting down any attack: the defenders and mitigators of incidents.
In the video interview below shot during Black Hat 2016, David Kennedy, Founder and Principle Security Consultant of TrustedSec, explains the differences between the two teams, and shares his thoughts on how red and blue teams can (and should) work together—effectively forming a “purple team”—so that the attackers and defenders start learning more from one another. The risk in keeping teams separate, on their respective sides of the issues, is that each gets really good at its own job…while the real-life attackers grow their skills by the minute.
Kennedy also introduces the concept of “hunt teaming” and shares the benefits of an organization incorporating these exercises into traditional red team/blue team activities.