Warning: vocabulary intensive
To brighten our discussions, let’s talk about three teams that work to keep us safe: the blue, red, and purple teams. I am giving a very brief explanation of these teams. Their workloads are immense and fundamental to keeping our networks up and running.
We’ll start with the blue team. A blue team is the defensive side. Their goal is to protect their system from the red team and from real attackers. Blue teams work on mechanisms within their network to protect it. They use the firewall to control what traffic comes into and goes out of the network. They set-up an intrusion detection system (IDS) and/or intrusion prevention system (IPS). (We’ll dive deeply into these another day.) The blue team keeps software up-to-date and patched. There are dozens of patches released daily making this more than enough to keep them busy.
The red team is the offensive side. Their goal is to penetrate their own system the way bad actors would. They use adversarial thinking to help them attack like a black hat hacker would. The purpose for having a red team is to find the weaknesses in the system so that they can be hardened. Hardening a system is the process of identifying and fixing vulnerabilities. A vulnerability is a flaw in the system and can be in the software, hardware, or processes of the system. One type of vulnerability is from software, in particular operating systems. It is not uncommon for a flaw in the programming of an operating system to be discovered after it has been released. Once it is discovered, a patch (snippet of code that corrects the original code) is created and distributed. Installing the patch is a hardening practice.
The purple team, as the color suggests, plays both sides, defense and offense. The blue and red teams collaborate and share information to help harden and protect their system. When the two teams meld, analytics across all segments of the system becomes easier. The results from the blue team’s log analysis are paired with the red team’s vulnerability reports. This provides a more holistic view of the system. With this perspective, the system can be protected more efficiently and more effectively. This translates into the system having a longer uptime. That makes everyone happy.
Comments