Red, Green, Blue and Purple

No, I’m not talking about video signals.

I listen to a lot of security podcasts. I’d been hearing them talk about “red teams” and “blue teams.” I didn’t know what they were talking about.

So off to Google and I came up with this.

These terms refer to teams that participate in penetration tests.

Red Teams are external entities brought in to test the effectiveness of a security program. This is accomplished by emulating the behaviors and techniques of likely attackers in the most realistic way possible.

Blue Teams refer to the internal security team that defends against both real attackers and Red Teams. Blue Teams should be distinguished from standard security teams in most organizations, as most security operations teams do not have a mentality of constant vigilance against attack, which is the mission and perspective of a true Blue Team.

Purple Teams exist to ensure and maximize the effectiveness of the Red and Blue teams. They do this by integrating the defensive tactics and controls from the Blue Team with the threats and vulnerabilities found by the Red Team into a single narrative that ensures the efforts of each are utilized to their maximum. When done properly, 1 + 1 will equal 3.

So what are Green Teams?

Green Teams behave as common users of the services provided by the Blue Team.

Reminds me of the old joke.

End users are there to create a test workload.

Leave a Reply

Your email address will not be published. Required fields are marked *