CSOonline: how to run an effective red/blue team exercise

In the arsenal of cybersecurity defenses is the series of exercises that go by the name of red team/blue team simulated attack. These simulations are purposely designed to closely mimic actual real-world conditions. For example, one of the red team members would take on the role of an employee clicking on a phishing link that deposits malware on the network. The defending team members must then find this malware before it spreads across their network and infects web servers and other applications. To make things more realistic, the simulation replays real network traffic to obscure the attacks, just like in the real world.

In this piece for CSOonline, I discuss the difference between the various colored designations, why you would want to conduct these exercises, and some recommended steps to take to pull this off.

Linode has published an excellent series of red team exercises that is worth looking at.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.