68% of Companies Say Red Teaming Beats Blue Teaming68% of Companies Say Red Teaming Beats Blue Teaming
The majority of organizations surveyed find red team exercises more effective than blue team testing, research shows.
August 16, 2019
More than one-third of organizations surveyed say their defensive blue teams fail to catch offensive red teams, and 68% overall agree red team exercises have proved more effective.
A survey conducted by Exabeam at Black Hat USA 2019 found red teams, which are made up of internal or hired security experts who imitate cybercriminals' behavior to test a business' security defenses, are also more popular. Seventy-two percent of respondents conduct red team exercises, with 23% performing them monthly, 17% quarterly, 17% annually, and 15% biannually.
Sixty percent conduct blue team exercises, intended to test a defensive team's ability to stop cyberattacks. Thirty-five percent of companies polled say the blue team never or rarely catches the red team; 62% say the red team is caught occasionally or often. They say communication and teamwork (27%) are skills that blue teams need to work on, followed by knowledge of attacks and tactics (23%), threat detection (20%), and incident response time (17%).
Nearly three-quarters of IT security professionals say their companies have increased security infrastructure investment as a result of red and blue team testing, and 18% say these budget changes have been significant. Only 25% say this testing has had no effect on budget.
Read more details here.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023