That's part of the reason why the tools that blue teams need is determined by their environments. "They need to ask 'What is this program doing? Why would it try to format your hard drive?' and then add technology that blocks unanticipated actions. The tools to test whether that technology was successful come from the red team," said Michael Angelo, chief security architect, Micro Focus.
Just because a child climbs on a jungle gym doesn't mean he is going to fall and break his leg. The same is true for security vulnerabilities. "Just because you have a vulnerability doesn't mean it's going to be exploited," said Angelo.
"Red teams can use tools like Nessus to find any open ports or vulnerabilities associated with some of the things on that machine. Then they can determine how to get in and test to see if it works. You might have a vulnerability, but is it realizable? Try to do the exploit," Angelo said.
Red teams first look to see what information is available, and then they do passive analysis. Angelo said, "They are not really engaging, they are just watching to see the traffic coming from there without rattling the doorknob. Then they walk over and do active analysis."
For the blue team, what is most valuable is the knowledge that people have in addition to tools. Angelo said, "As you get used to doing these things, you start to think, I’ve seen that, I’ve seen that, they do this, they do that, but I wonder if there isn’t a hole. If you only prepare for the things that are known, then you won't be prepared for the unknown."
Asking questions is an invaluable tool that will encourage exploration into the unknown. Angelo said, "Don’t stop at preparing for the things that exist today. Assume there will be failures in your infrastructure."
That assumption, that there will be failures, that nothing is 100 percent secure, that we can no more create perfect children than we can perfect security might be the greatest tool anyone can find.
Sign up for CIO Asia eNewsletters.