## <span style="color:red">Red Team</span> vs. <span style="color:blue">Blue Team</span>
Something I mentioned in the last session, was referring to <spanstyle="color:red">**Red**</span> and <spanstyle="color:blue">**Blue**</span> teams. In the security space <spanstyle="color:red">**Red**</span> teams and <spanstyle="color:blue">**Blue**</span> teams work as attackers and defenders to improve an organisation's security.
Both teams work toward improving an organisation's security posture but in different ways.
The <spanstyle="color:red">**Red**</span> team has the role of the attacker by trying to find vulnerabilities in code or infrastructure and attempting to break through cybersecurity defences.
The <spanstyle="color:blue">**Blue**</span> team defends against those attacks and responds to incidents when they occur.
***[image from this source](https://hackernoon.com/introducing-the-infosec-colour-wheel-blending-developers-with-red-and-blue-security-teams-6437c1a07700)***
### The Benefits
A very good way to understand and better a company's security posture is to run these exercises between the <spanstyle="color:red">**Red**</span> and <spanstyle="color:blue">**Blue**</span> teams. The whole idea is that this scenario is there to mimic a real attack. Some of the areas that this approach will help are the following:
- Vulnerabilities
- Hardening network security
- Gaining experience in detecting and isolating attacks
- Build detailed response plans
- Raise overall company security awareness
### <span style="color:red">Red Team</span>
NIST (national institute of standards and technology) describes the <spanstyle="color:red">**Red**</span> Team as:
“a group of people authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture.”
They are playing the bad actor in the scenario or simulation of the attack.
When we speak about both <spanstyle="color:red">**Red**</span> and <spanstyle="color:blue">**Blue**</span> team it is possibly wider than the DevSecOps process and principles of a software lifecycle but knowing this is not going to hurt and practices from DevSecOps will ensure overall that you have a better security posture.
The <spanstyle="color:red">**Red**</span> team, is tasked with thinking like the attacker which we covered in the last session. Think about social engineering and including the wider teams within the business to manipulate and gain access to the network and services.
A key fundamental of the <spanstyle="color:red">**Red**</span> team is understanding software development. Understanding and knowing how applications are built, you are going to be able to identify possible weaknesses, then write your programs to try and gain access and exploit. On top of this though you may have heard the term "penetration testing" or "pen testing" the overall aim for the <spanstyle="color:red">**Red**</span> team is to identify and try to exploit known vulnerabilities within an environment. With the rise of Open Source software, this is another area that I want to cover in a few sessions time.
### <span style="color:blue">Blue Team</span>
NIST (national institute of standards and technology) describes the <spanstyle="color:blue">**Blue**</span> Team as:
“the group responsible for defending an enterprise’s use of information systems by maintaining its security posture against a group of mock attackers.”
The <spanstyle="color:blue">**Blue**</span> team is playing the defence, they are going to be analyse the security posture currently in the business and then take action on improving that to stop those external attacks. In the <spanstyle="color:blue">**Blue**</span> team you are also going to be focused on continuous monitoring (something we covered in the end of 2022 regarding DevOps) monitoring for breaches and responding to them when they occur.
As part of the <spanstyle="color:blue">**Blue**</span> team you are going to have to understand the assets you are protecting and how to best to protect them. In the IT landscape today we have lots of diverse options to run our workloads, applications and data.
- Assessing Risk - through the form of risk assessments is going to give you a good understanding what are the most critical assets within the business.
- Threat Intelligence - What threats are out there? There are thousands of vulnerabilities out there possibly without a resolution how can you mititgate risk of those services without damaging the use case and the business need?
### Cybersecurity colour wheel
As Cybersecurity grows in importance with all the big brands getting hit there is a need for more than just the <spanstyle="color:red">**Red**</span> and <spanstyle="color:blue">**Blue**</span> teams when it comes to security within a business.
***[image from this source](https://hackernoon.com/introducing-the-infosec-colour-wheel-blending-developers-with-red-and-blue-security-teams-6437c1a07700)***
- The <spanstyle="color:yellow">**Yellow Team**</span> are our builders, the engineers and developers who develop the security systems and applications.
"We have our <spanstyle="color:red">**Red**</span> and <spanstyle="color:blue">**Blue**</span> Teams just as we always have, but now with the introduction of a <spanstyle="color:yellow">**Yellow**</span> Team, we can have secondary coloured teams (Orange, Green and Purple) dedicated to mixing skills between attackers, defenders and coders—making code more secure and the organisation more secure."
The above abstract was taken from the top resource listed at the end of the post.
<spanstyle="color:red">**Red**</span>, <spanstyle="color:blue">**Blue**</span>, <spanstyle="color:yellow">**Yellow**</span> are primary colours, combine them and we start to understand where the other colours or secondary colours come into play, again a really great explanation in that first link.
-<spanstyle="color:purple">**Purple Team**</span> - The special team! If you take <spanstyle="color:blue">**Blue**</span> and <spanstyle="color:red">**Red**</span> you get <spanstyle="color:purple">**Purple**</span>. If you integrate defence with offence and you collaborate and share knowledge between the teams you overall provide a better posture throughout.
-<spanstyle="color:green">**Green Team**</span> - Feedback loop, the <spanstyle="color:green">**Green**</span> team are going to take insights from the <spanstyle="color:blue">**Blue**</span> team and work closely with the <spanstyle="color:yellow">**Yellow**</span> team to be more efficient. Mix <spanstyle="color:blue">**Blue**</span> and <spanstyle="color:green">**Green**</span> and what do you <spanstyle="color:purple">**get**</span>?
-<spanstyle="color:orange">**Orange Team**</span> - Much like the <spanstyle="color:green">**Green**</span> team working with the <spanstyle="color:blue">**Blue**</span> team for feedback, the <spanstyle="color:orange">**Orange**</span> team works with the <spanstyle="color:red">**Red**</span> team and pass on what they have learnt to the <spanstyle="color:yellow">**Yellow**</span> team to build better security into their code.
When I got into researching this I realised that maybe I was moving away from the DevOps topics but please anyone in the DevSecOps space is this useful? correct? and do you have anything to add?
Obviously throughout we have the plan to dive into more specifics around DevSecOps and the different stages so I was being mindful that I did not want to cover those areas that will be covered in future sessions.
Also please add any additional resources.
## Resources
- [Introducing the InfoSec colour wheel—blending developers with red and blue security teams.](https://hackernoon.com/introducing-the-infosec-colour-wheel-blending-developers-with-red-and-blue-security-teams-6437c1a07700)
