Introduction and overview on Red teaming Blue Teaming
Introduction and overview on Red teaming | Blue Teaming | Other Teams In Cybersecurity Global Cybersecurity Mentoring Episode #10 1/24/2022 Created by Noureen Njoroge | Cybersecurity Consulting Engineer Cisco Systems | Global Mentoring Ep#10 Slides
Cybersecurity is a team sport 1/24/2022 by Noureen Njoroge | Cybersecurity Consulting Engineer Cisco Systems | Global Mentoring Ep#10 Slides Created
• Independent OPFOR “opposing force” • (0 rganic groups that challenge the org to improve its effectiveness by pretending to be the opposing force) The RED Teaming 1/24/2022 • They are also known as Alternative analysis: Ø Where the team test the assumptions of the org and potentially expose the weaknesses. Ø They are experienced security professional that often perform pen testing in accordance of rules of engagement of the organization. Created by Noureen Njoroge | Cybersecurity Consulting Engineer Cisco Systems | Global Mentoring Ep#10 Slides
1/24/2022 Created by Noureen Njoroge | Cybersecurity Consulting Engineer Cisco Systems | Global Mentoring Ep#10 Slides
The BLUE Team 1/24/2022 What makes a Blue Team vs. just doing defensive things is the mentality. The distinction is as follows • • A proactive vs. reactive mindset Endless curiosity regarding things that are out of the ordinary Continuous improvement in detection and response It’s not about whether someone is a self-taught tier-1 SOC analyst or some hotshot former Red Teamer from Carnegie Mellon. It’s about curiosity and a desire to constantly improve. Created by Noureen Njoroge | Cybersecurity Consulting Engineer Cisco Systems | Global Mentoring Ep#10 Slides
The BLUE Team • What makes a blue team different is that once a red team imitates an attacker and attacks with characteristic tactics and techniques, a blue team is there to find ways to defend, change and re-group defense mechanisms to make incident response much stronger. • The BLUE Team needs to be aware of the same malicious tactics, techniques and procedures in order to build response strategies around them. And blue team activity isn’t exclusive to attacks. They’re continuously involved to strengthen the entire digital security infrastructure, using software like an IDS (intrusion detection system) that provides them with an ongoing analysis of unusual and suspicious activity. • Some tasks include: DDOS Testing, tabletop exercises, Reverse engineer, events logs analysis, security audits etc. . 1/24/2022 Created by Noureen Njoroge | Cybersecurity Consulting Engineer Cisco Systems | Global Mentoring Ep#10 Slides
1/24/2022 Created by Noureen Njoroge | Cybersecurity Consulting Engineer Cisco Systems | Global Mentoring Ep#10 Slides
The Purple Team v They are a hybrid of both the BLUE and RED teams. v They the defensive tactics and controls from the Blue Team with the threats & vulnerabilities found by the Red Team into a single narrative that maximizes both. v The size of this team does not matter BUT you need a mature team. v In order to be effective this team work on a v Goal ( What do they want to achieve)? v Background (what triggered this event)? v Timeline ( What's the estimated timeline for this task)? v Provide results/ outcome/ findings Reconnaissance > Threat Mapping > Execution > Impact Analysis > Detection > Reporting 1/24/2022 Created by Noureen Njoroge | Cybersecurity Consulting Engineer Cisco Systems | Global Mentoring Ep#10 Slides
For example, if testing Antivirus, you might want something like the example shown below. Antivirus is easy to bypass and everyone can test it, which makes it a good example to get thoughts and ideas flowing. 1/24/2022 Created by Noureen Njoroge | Cybersecurity Consulting Engineer Cisco Systems | Global Mentoring Ep#10 Slides
1/24/2022 Created by Noureen Njoroge | Cybersecurity Consulting Engineer Cisco Systems | Global Mentoring Ep#10 Slides
1/24/2022 Created by Noureen Njoroge | Cybersecurity Consulting Engineer Cisco Systems | Global Mentoring Ep#10 Slides
Thank you 1/24/2022 Created by Noureen Njoroge | Cybersecurity Consulting Engineer Cisco Systems | Global Mentoring Ep#10 Slides
- Slides: 12