More than one-third of organizations surveyed say their defensive blue teams fail to catch offensive red teams, and 68% overall agree red team exercises have proved more effective.
A survey conducted by Exabeam at Black Hat USA 2019 found red teams, which are made up of internal or hired security experts who imitate cybercriminals' behavior to test a business' security defenses, are also more popular. Seventy-two percent of respondents conduct red team exercises, with 23% performing them monthly, 17% quarterly, 17% annually, and 15% biannually.
Sixty percent conduct blue team exercises, intended to test a defensive team's ability to stop cyberattacks. Thirty-five percent of companies polled say the blue team never or rarely catches the red team; 62% say the red team is caught occasionally or often. They say communication and teamwork (27%) are skills that blue teams need to work on, followed by knowledge of attacks and tactics (23%), threat detection (20%), and incident response time (17%).
Nearly three-quarters of IT security professionals say their companies have increased security infrastructure investment as a result of red and blue team testing, and 18% say these budget changes have been significant. Only 25% say this testing has had no effect on budget.
Read more details here.