The Red teaming term came from the military field and means a friendly attacking team, which evaluates the defense of digital infrastructure. It is performed by white hat hackers imitating the possible actions of malefactors. Such companies as Microsoft, IBM, and SAIC together with some governmental institutions perform regular red teaming in order to ensure that their data is safe.
How red team pentesting occurs
Firstly, red team is focused on collecting information about the target. Generally, they use conventional public tools such as social media networks (Google, LinkedIn, Facebook, etc.). As a result, much can be learned from the open sources. Based on this information the tool for further engagement is built. Then, active stage of the operation (red team penetration testing) takes place. The intent is to simulate a real-world attack, using both commercial and self-developed tools. Report and remediation action plan are the main deliverables which are helping to close the security gaps.
Usually, penetration testing has a whitelist of resources that allow scanning the systems. Also, there are time and interaction limitations. Penetration Testing is aimed to find as many configuration issues as possible in the time allotted to evaluate the security level of the system. The goal of the red team pentesting is NOT to find as many vulnerabilities as possible but to test the company’s detection and response capabilities. It tries to get in and access sensitive data as quietly as possible.
Red team cyber security is not designed to look for multiple vulnerabilities but for those which will help achieve malevolent goals.
Based on the main goal of the Red Teaming, the Blue Team should detect any attempts to hack the system and stop the attack.
If the Red Team penetration testing aims to evaluate detection and response capabilities by attacking, blue team security patches any uncovered vulnerability as soon as possible. True and entire purpose of the Red Team is to raise the effectiveness of the Blue Team.
The red and blue team implementation also means regular experience and knowledge sharing for continuous improvement.
Blue Teaming is responsible for protection of the network perimeter:
Network perimeter and traffic flow
OS and application security
Security incidents if the appear (incident response)
Remediation of vulnerabilities and security flaws found