One Team. Two Team. Red Team. Blue Team.

Like many areas in the tech industry, a lot of jargon gets used in Information Security.  You may have heard the terms ‘Red Team’ or ‘Blue Team’ or maybe even ‘Purple Team’ get thrown around, but what do they actually mean? 

Well, first some background, the terms originate in with the military where they do exercises all of the time and have, not surprisingly, lots of jargon to go along with it.  In this scenario, the ‘Blue Force’ is your military and the ‘Red Force’ is the opposing military.  We then borrow those colors to identify which side you are modeling in a penetration test, so a ‘Red Team’ assessment is conducted from the perspective of a potential attacker.

Red Team’ assessments typically includes areas that go well beyond a network penetration test and include techniques like Social Engineering, lock and access control bypass, tailgating, creating fake badges, covert data exfiltration, in addition to the live exploitation executed during a network penetration test.  This type of assessment models an aggressive first-world intelligence service and leverages everything can they can throw at you.  Ultimately, the team will attempt to exercise all of an organizations defenses.  It is an intense, thorough, and eye-opening experience for many organizations.

Conversely, a ‘Blue Team’ assessment is conducted as a friendly insider with access to engineers, designs, and documentation.  This allows the ‘Blue Team’ to cover a much larger number of potential vulnerabilities, but will not exercise the defenses of an organization and will not give an outside perspective of the security posture.  These types of assessments are also typically more driven by documentation and process, whereas a ‘Red Team’ is solely practically focused.

A ‘Purple Team’ is, not surprisingly, a mix of the two, with some exploitation as would be conducted by a ‘Red Team’ and an open look at process and design as conducted by a ‘Blue Team’.

What is right for you