Exabeam Study: Red Team vs. Blue Team Cyberattack Tests
Many security professionals are prone to performing red team security testing, aka “ethical hacking,” over blue team security assessments and analyses, according to an Exabeam survey of 276 IT security professionals conducted at this month’s Black Hat USA cybersecurity conference in Las Vegas, Nevada.
Key findings from Exabeam’s survey included:
- 72 percent of respondents said their organization conducts red team exercises regularly; comparatively, 60 percent said their organization conducts blue team exercises regularly.
- 68 percent said they find red team exercises to be more effective than blue team testing.
- 35 percent said their blue team never or rarely catches their red team.
In addition, 74 percent of IT security professionals have seen their organizations increase their security infrastructure investments as a result of red and blue team testing, according to the Exabeam survey. Meanwhile, 18 percent of survey respondents called these budget changes “significant,” and 25 percent claimed that their organization has not increased its security budget after performing red and blue team tests.
A Closer Look at Red and Blue Team Testing
Red team testing generally involves focused, controlled cyberattacks. It is performed by a team of security professionals that has specific objectives and strive to understand the level of risk and vulnerabilities against an organization’s technology and assets.
Blue team testing involves internal security teams that defend against both real cyberattackers and red teams. A blue team typically analyzes an organization’s information systems and identifies and addresses security flaws.
Ultimately, a combination of red and blue team testing may prove to be most effective for organizations. With both types of testing in place, organizations are well-equipped to combat cyber threats both now and in the future.