What’s More Important, the Red Team or the Blue Team

January 4, 2018 | Kate Brew

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.
I ran a poll before the holidays, to understand the InfoSec community's thoughts and attitudes on Red Teaming versus Blue Teaming a bit better. As you likely know, Red Teamers are those who non-maliciously "attack" a company, and Blue Teamers are the defenders. We've had some interesting blogs on this topic, and for a very positive perspective on Red Teaming, check this guest blog out.

However, it was a trick question! Both are necessary, as pointed out in this reply.

I gave the third option for those unwilling to choose sides. However, given the choice of only one, the majority of people chose Blue Team. It does make sense, if you only have one or the other, you had better have the defenders rather than more challengers than the already-existent bad guys attacking your company on a regular basis. If you're a small company, you might have only one person or one person part-time in the role of InfoSec, so when constrained - Blue Team is where you'll invest. Marcus Carey, a noted Blue Teamer, summed it up nicely. 

The fact that both are necessary was a consistent theme in the replies. There were several very specific comments around Purple teaming. It made me go back and re-read Haydn Johnson's blog on Purple Teaming from early 2017. Haydn makes the excellent point that Red Teamers benefit greatly by using some Blue Team tricks. Blue Teamers tend to know what really works, and the Red Team benefits from learning the Blue Team's Defense - Security Controls / Applications / Response.

Here's a sampling of the Purple Team themed responses:

Holiday Cheer!

Since the poll was right before the holidays, I even got a lttle holiday cheer in one of the replies. 

The Existential Approach

So, there are some strong feelings in the InfoSec community on the Red Team / Blue Team / Purple Team issue. it was a fun poll, provoking all kinds of thoughts in great replies. Twitter didn't let me vote in the poll. If it had I would have voted Blue Team. Red Team is tempting - far sexier and Red Teamers always have great stories and interesting fodder for talks. However, Blue Team works so hard and under pressure every day, often with little praise. So I would have voted Blue Team.

If you have any other ideas for neat polls, please let me know on Twitter!

Kate Brew

About the Author: Kate Brew
Kate has over 15 years experience in product management and marketing, primarily in information security.
Read more posts from Kate Brew ›


Watch a Demo ›