sb-au logo
Story image

Security defensive blue teams failing to catch offensive red teams - Exabeam

19 Aug 2019

A new study from Exabeam has revealed that more than one-third of security professionals defensive blue teams fail to catch offensive red teams.

The survey also showed that 68% find red team exercises more effective than blue team testing, and more companies are practicing red over blue team testing.  

As cyber-attacks become increasingly sophisticated and hack techniques become more highly targeted,  organisations must learn how digital adversaries think to help identify gaps in their security programs.

Red teams consist of internal or hired external security professionals that emulate cybercriminals’ behaviours and tactics and gauge the effectiveness of the company’s current security technologies.

Blue teams consist of the organisation’s internal security personnel, tasked with stopping the simulated attacks.

In these test scenarios, the blue team must react without preparation, to give the company the most realistic picture of its defensive capabilities. 

The study showed that 72% of respondent organisations conduct red team exercises, with 23% performing them monthly, 17% quarterly, 17% annually, and 15% bi-annually.

Sixty percent conduct blue team exercises, with 24% performing them monthly, 12% quarterly, 13% annually, and 11% bi-annually.

The fact that so many organisations practice these exercises monthly speaks volumes about their maturity and dedication to fortifying their security posture. 

Not only do more organisations practice red team testing, but 35% of respondents claim that the blue team never or rarely catches the red team, while 62% say they are caught occasionally or often.

Only 2% say they always stop the red team, emphasising that organisations must constantly evaluate and adjust their security investments to keep up with today’s adversaries. 

Promisingly, the study found that 74% of IT security professionals have seen their companies increase security infrastructure investment as a result of red and blue team testing, with 18% calling the budget changes significant.

25% said that their company has never upped its security budget after performing these tests. 

The survey also identified communication and teamwork (27%) as the top skill blue teams need to work on, followed by knowledge of the attacks and tactics (23%), threat detection (20%), incident response time (17%) and persistence (8%). 

Adversaries’ offensive tactics evolve more rapidly than the majority of security technologies on the market today.

“It’s abundantly clear that regular and relevant red/blue team testing helps companies develop their security capabilities,” says Exabeam chief security strategist Stephen Moore.

“The study also demonstrates that while having technical knowledge is a necessary foundation for all security professionals, interpersonal skills are highly sought after to promote more cohesive teams and better cooperation, especially during an incident or intrusion.”

“We encourage companies to employ these types of testing exercises to find and fill security gaps, which, over time, become methods to evaluate the strengths and weaknesses of their cybersecurity defenders.”

Exabeam surveyed 276 IT security professionals in August 2019 at Black Hat USA 2019.

Story image
Cyber Security Cloud launches WafCharm on Microsoft Azure
Already available to more than one million Amazon AWS users around the world, this launch provides Azure users with AI operation of Web Application Firewall (WAF) rules, expanding WafCharms availability to 60% of the world's cloud users. More
Story image
Video: 10 Minute IT Jams - Vectra AI exec discusses cybersecurity for Office 365
In Techday's second IT Jam with Vectra AI, we speak again with its head of security engineering Chris Fisher, who discusses the organisational impact of security breaches within Microsoft O365, why these attacks are on the rise, and what steps organisations should take to protect employees from attacks.More
Link image
Where is your data? You'll find out in 2021
Next year, we will start to realise exactly how much intellectual property was stolen by attackers during the 2020 remote working shift, writes Forcepoint global CTO Nicolas Fischbach.More
Story image
DigiCert revamps PKI management capabilities for remote work
The revamp provides new ways of delivering certificate automation that can authenticate employees and devices, and encrypt data over networks.More
Story image
Facial recognition control solution hits A/NZ
The facial recognition reader scans users’ faces to identify them before providing access.More
Story image
Cyber-attackers target COVID-19 vaccine supply chain in sweeping phishing campaign
IBM’s Security X-Force, a task force created in the early days of the pandemic with an aim to combat cyber-attacks related to potential vaccines’ supply chains, released details on a coordinated effort to disrupt the COVID-19 ‘cold chain’.More