From the course: Cybersecurity Awareness: Cybersecurity Terminology
Red vs. blue vs. purple teams
- [Instructor] What makes up a security team, and how are the people categorized? Oftentimes there is a red team, a blue team, and sometimes even a purple team. Let's take a deeper dive into the makeup of a security team and how they may be categorized. Typically, one will hear red team versus blue team when threat exercises are being conducted within their organization or their environment. Let's break down exactly what red and blue teams look like, as well as what a newer group, labeled purple team, means as well. In the most simplest of terms, a red team is the group that attacks. Usually, this is done via third-party penetration test, or via social engineering, or even vulnerability scanning. This is conducted without the blue team being aware that the test is even occurring. The purpose of the red team is to find vulnerabilities in areas that are susceptible to attack, should a real one occur. The findings from such tests are then leveraged to harden the environment along with bettering any existing policies and technologies to create a higher level of security within the organization. Since the red team's job is to attack, the duty of the blue team is to defend. The blue team understands the company's network, tools, and policies, and works to ensure they all work together to protect the company and its assets. The blue team constantly monitors for abnormalities, and if/when they are detected, they work to mitigate the presented issues. The blue team also focuses on the human element of security by conducting social engineering simulations to test users. Many people have heard the term red versus blue team, but did you know there's a newer definition of a purple team? while the red team attacks and the blue team defends, the purple team is a combination of both red and blue coming together to work as one team. The red team needs to disclose their methods of infiltrating a network or company to the blue team so they can be better prepared for potential future attacks, and the blue teams can divulge how they defended against any vulnerabilities they discovered. This is a true lessons learned exercise that aligns practices from both sides to share their findings, and in turn strengthen the security of the team and its security tactics.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.