What is Red, Blue and Purple Teaming?

Chances are you’ve read our piece on penetration testing and want to get into the field. It’s certainly exciting and full of intrigue. Now that you’re going to go for it, it is very important that you know the different sub divisions in it. Those areas are red, blue and purple. Each very distinct from the other, or in the case of purple, a hybrid of both. To note, the skills used between them are not too different. What really changes between them is the desired result and how that result is obtained. Red teaming at a base level is a more offensive approach to security, while blue teaming is the more defensive side. Purple teaming on the other hand is more of a marketing term. Where the person performing the attack is simply well rounded in terms of attack and defense. To begin, we dive into a red team. 

As mentioned before, red teams are the offensive attackers. More often than not, a red team tester does not work for the company who is conducting the exercise as they tend to conduct black box testing (mentioned in our “Penetration Testing” piece). The most interesting part of red teaming is that their attack is not necessarily digital. Red teams use a very varied arsenal such as social engineering or physical perimeter penetration in order to get their job done. Every single attack vector is tested. Whether it is digital or physical. When a red team attack is conducted, the requestor can be safely assured that their infrastructure is safe. 

On the other side, we have our blue team. Blue teams are the light to a red team’s dark. People who are on the blue team tend to be outside contractors or employees. Often sometimes one and the same. Blue team members are the ones securing the infrastructure and anything else the internal IT team has set up. Got Office 365 at work? Chances are, there’s a team ready to fix your access in case someone gets breached through an email. During live exercises, blue teams tend to also actively search for red team members if the engagement is of the active testing sort. 

Finally, we have our Purple team champions. Those on the purple team can break into a network in one day and then be fighting back against intruders the next. What makes a purple team member, a purple team member? A varied skill set in both attacking and defending. Whereas a red team member can easily break into a network, they can’t really defend it well. The opposite describes the same thing with a pure blue team member. While there is a clear distinction between a red, blue and purple team member, it is notable that most people find themselves in the middle on the purple team due to the hybrid nature of cyber security education these days. 

If you’re a manager or executive and are reading this, chances are you’re wondering what you should look for when it comes to assembling your internal security team. The answer is all three. Each side brings an advantage through their methods of operation that lend value to any organization. In any environment, you always want your security to take first, second and third priority as most organizations are only a breach away from filing for bankruptcy.

Contact LIFARS today and learn more about our Cybersecurity solutions.