The Red, Blue and Purple Team and What’s Between Them

CybeRiskBlog, Cybersecurity

Purple Team

With a tradition stemming from military training exercises, the idea of pitting a “Red Team” of trained attackers against a “Blue Team” defending the organization has been taken up over the years by a diverse set of institutions. These include government bodies like the U.S. National Security Agency and the Government Accountability Office and corporate enterprises in which war-gaming exercises are used to test the security infrastructure of active businesses. The concept has also been used to test the physical security measures deployed at places like nuclear facilities, or the Department of Energy’s National Laboratories and Technology Centers. It’s an adversarial technique that can too often lead to the same outcome as many a sporting event: Two opposing sides give … Read More

Red Team – Pros and Cons of In-House vs Outsourced Penetration Testing

CybeRiskBlog, Cybersecurity

red team penetration testing

There’s a growing consensus in some circles that a cyber security strategy based solely on hardware, software, and policy-setting simply isn’t enough to ensure the safety and integrity of enterprise data and networks. This school of thought holds that, for a fully comprehensive security stance to be maintained, enterprise resources, infrastructure, and personnel have to be tested under fire – so as to gain experience of the actual conditions surrounding a cyber-attack or security breach, and to establish the state of weakness or readiness of enterprise defenses as a whole. Penetration testing is the necessary element which must be added to the cyber security mix. But there’s still some debate as to whether the “red teams” conducting these exercises should … Read More