IT disaster recovery, cloud computing and information security news

Research shows that red team exercises are more effective than blue

A new survey-based study from Exabeam showed that 68 percent of respondents find that red team exercises are more effective than blue team testing, and more companies are practicing red over blue team testing. The survey, conducted at Black Hat USA 2019, also found that more than one-third of security professionals’ defensive blue teams fail to catch offensive red teams.

As cyber attacks become increasingly sophisticated and hack techniques become more highly targeted,  organizations must learn how digital adversaries think to help identify gaps in their security programs. Red teams consist of internal or hired external security professionals that emulate cybercriminals’ behaviours and tactics and gauge the effectiveness of the company’s current security technologies. Blue teams consist of the organization’s internal security personnel, tasked with stopping the simulated attacks. In these test scenarios, the blue team must react without preparation, to give the company the most realistic picture of its defensive capabilities. 

The study showed that 72 percent of respondent organizations conduct red team exercises, with 23 percent performing them monthly, 17 percent quarterly, 17 percent annually, and 15 percent bi-annually. Sixty-percent conduct blue team exercises, with 24 percent performing them monthly, 12 percent quarterly, 13 percent annually, and 11 percent bi-annually. The fact that so many organizations practice these exercises monthly speaks volumes about their maturity and dedication to fortifying their security posture. 

Not only do more organizations practice red team testing, but 35 percent of respondents claim that the blue team never or rarely catches the red team, while 62 percent say they are caught occasionally or often. Only 2 percent say they always stop the red team, emphasising that organizations must constantly evaluate and adjust their security investments to keep up with today’s adversaries. 

Promisingly, the study found that 74 percent of IT security professionals have seen their companies increase security infrastructure investment as a result of red and blue team testing, with 18 percent calling the budget changes significant. Only 25 percent claimed that their company has never upped its security budget after performing these tests. 

The survey also identified communication and teamwork (27 percent) as the top skill blue teams need to work on, followed by knowledge of the attacks and tactics (23 percent), threat detection (20 percent), incident response time (17 percent) and persistence (8 percent). 

About the survey

Exabeam surveyed 276 IT security professionals in August 2019 at Black Hat USA 2019.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.