Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Red team versus blue team: How to run an effective simulation

Doug Drinkwater and Kacy Zurkus | July 27, 2017
Playing the role of an attacker can make your team better at defense. Learn how in our step-by-step guide to war gaming your security infrastructure — from involving the right people to weighing a hypothetical vs. live event.

“I will have a few other gadgets like GSM bugs and Wi-Fi Micro cameras charged up and ready to be deployed. I will also have a small Raspberry Pi dropbox that I can use to attack Wi-Fi from a distance and leave on-site for remote access during and after the test,” De Vere adds. “I believe 90 percent of the work is in preparation.”

Taylor adds, “Make sure you understand what the end goal is, make sure that all people involved know what they should be doing and what the parameters of the test are. Make sure that you have a contact point in case something goes wrong / you need verification. Essentially, understand what you are going to get and how it will help you become more secure.”


6. Rinse and repeat

Finally, it’s vital that teams learn continually throughout the exercise, and repeat as often as they deem necessary. “From the perspective of the red team, constant learning is required to keep up to date with the latest attacks,” adds Shapland. “Because it's based on real-world threats, we need to be current on what attacks the real threat actors are using. From the perspective of the organization commissioning the red team, it's very important to learn from each exercise, implement new defenses and processes, and then test again. This should be a constant cycle.”

“If you're a small SME that really hasn't got the budget for this, maybe you can do this once every two years and get some cheaper work and training to fill in-between,” says De Vere. “If you're a multinational this should be a constant task - a bit like painting the golden gate bridge. Test can be repeated, but you should try and recreate different attacks each time, different MO's, different skill sets - even different testers.”


Blue team

In many ways, parenting and security have a lot in common. No book exists that provides all of the answers. There is no silver bullet, and both roles can be overwhelmingly stressful. Getting into the mind of the enemy, though, might be a little easier done than understanding the inner workings of the teenage mind.

Parents are the blue teams that want to know how susceptible their children are to life's many temptations and pitfalls. The red teams, all of the possible dangers that could hurt a child, are those who want to get in. The greater challenge is for the blue team to protect their domain by finding that one vulnerability that can be exploited without putting too many limitations and restrictions on users. 

There is only so much preparation a blue team can do without defeating the purpose of running a simulated attack. It should, however, do the following ahead of the exercise.


Previous Page  1  2  3  4  5  Next Page 

Sign up for CIO Asia eNewsletters.