sb-eu logo
Story image

More than 60% of security 'blue teams' struggle to stop the 'red'

19 Aug 2020

Red teams and blue teams are common ways of exploring cyber adversary simulation exercises, but it seems that the red teams may still end up on top.

New research from Exabeam found that 62% of blue teams (defenders) have trouble stopping their red team (attacker) counterparts, while only 37% are successful in catching the red team. Further, 7% say they never catch the red team at all.

According to the 307 respondents, there are three key reasons for this lack of defence, including threat detection, incident response and flexibility/openness to change while working remotely.

On average, organisations run red team simulation exercises every five months. Some 26% of organisations conduct exercises once a month, another quarter conduct exercises every 2-6 months, 32% conduct exercises every 7-11 months and 8% conduct exercises once a year.  Seven percent don’t utilise red teams at all. Blue team exercises reflected similar percentages and averaged out to every six months.

This year, Exabeam found that many companies use the ‘purple team’ approach, in which the red and blue teams come from their own staff and work together to determine security preparedness. One-third run these simulations every 2-6 months, while 50% perform them every 7-11 months, and 12% report yearly tests. Only 7% do not have purple teams in place.

But are red and blue teams effective? According to the report, 92% of organisations leverage external red teams without prior knowledge of their internal security systems. This is to help their teams prepare for genuine attacks. Despite external contracting, 54% of respondents found internal and external red teams equally effective.

Organisations should take heed of warnings that they should constantly evaluate and adjust their security investments, particularly as today’s digital adversaries evolve at a rapid pace.

“These red team/blue team exercises can be valuable proof points when presenting budgetary and technological needs to the C-suite and board to help keep up with these changes. While there is always room for teams and security postures to mature, it is extremely encouraging that so many companies are regularly performing these tests to identify their weak spots and shore up their defences,” comments Exabeam chief security strategist Steve Moore.

Only 50% of polled organisations say they are increasing security investment and 30% are adding to their security infrastructure as a result of these exercises. Further, 17% are undertaking both measures, and only 2% say they have not changed their security tools or budget in response.