sb-eu logo
Story image

More than 60% of security 'blue teams' struggle to stop the 'red'

19 Aug 2020

Red teams and blue teams are common ways of exploring cyber adversary simulation exercises, but it seems that the red teams may still end up on top.

New research from Exabeam found that 62% of blue teams (defenders) have trouble stopping their red team (attacker) counterparts, while only 37% are successful in catching the red team. Further, 7% say they never catch the red team at all.

According to the 307 respondents, there are three key reasons for this lack of defence, including threat detection, incident response and flexibility/openness to change while working remotely.

On average, organisations run red team simulation exercises every five months. Some 26% of organisations conduct exercises once a month, another quarter conduct exercises every 2-6 months, 32% conduct exercises every 7-11 months and 8% conduct exercises once a year.  Seven percent don’t utilise red teams at all. Blue team exercises reflected similar percentages and averaged out to every six months.

This year, Exabeam found that many companies use the ‘purple team’ approach, in which the red and blue teams come from their own staff and work together to determine security preparedness. One-third run these simulations every 2-6 months, while 50% perform them every 7-11 months, and 12% report yearly tests. Only 7% do not have purple teams in place.

But are red and blue teams effective? According to the report, 92% of organisations leverage external red teams without prior knowledge of their internal security systems. This is to help their teams prepare for genuine attacks. Despite external contracting, 54% of respondents found internal and external red teams equally effective.

Organisations should take heed of warnings that they should constantly evaluate and adjust their security investments, particularly as today’s digital adversaries evolve at a rapid pace.

“These red team/blue team exercises can be valuable proof points when presenting budgetary and technological needs to the C-suite and board to help keep up with these changes. While there is always room for teams and security postures to mature, it is extremely encouraging that so many companies are regularly performing these tests to identify their weak spots and shore up their defences,” comments Exabeam chief security strategist Steve Moore.

Only 50% of polled organisations say they are increasing security investment and 30% are adding to their security infrastructure as a result of these exercises. Further, 17% are undertaking both measures, and only 2% say they have not changed their security tools or budget in response. 

Story image
Sophos announces collaboration with Qualcomm for PC security
This unification enables a connected, interactive computing environment that combines smartphone and PC technology to deliver security capabilities and opportunities, the company states.More
Story image
Akamai named leader for DDoS mitigation solutions in The Forrester Wave
“As opposed to other 'all in one' solutions that can be vulnerable to platform outages, our distinct, purpose-built DDoS solutions are architected to ensure multiple levels of resilience."More
Story image
2021 global salary guide: Cybersecurity, data analytics professionals in high demand
"Technology has been one of the most successful sectors throughout 2020 and that looks set to continue for the foreseeable future.”More
Story image
Y Soft adds to identity verification solution portfolio
Y Soft is adding to its portfolio of identity verification solutions with the release of a new secure identity verification for networked printers.More
Story image
Veeam reports growth as demand for modern data protection increases
“Even with the unforeseen challenges and circumstances that began in early 2020, Veeam continued its rapid growth with its second consecutive year of bookings over $1 billion."More
Story image
Creating a strong culture of security within organisations
CISOs worldwide are inherently aware of how significant investment in cybersecurity strategies and technologies can bolster an organisation’s protection against cyberattacks. However, many overlook the importance of culture when it comes to cybersecurity.More