Red and Blue teams ideally work in perfect harmony with each other, as two hands that form the ability to clap.
Like Yin and Yang or Attack and Defense, Red and Blue teams could not be more opposite in their tactics and behaviors, but these differences are precisely what make them part of a healthy and effective whole.
Red Teams attack, and Blue Teams defend, but the primary goal is shared between them: improve the security posture of the organization.
Some of the common problems with Red and Blue team cooperation include:
- The Red Team thinks itself too elite to share information with the Blue Team
- The Red Team is pulled inside the organization and becomes neutered, restricted, and demoralized, ultimately resulting in a catastrophic reduction in their effectiveness
- The Red Team and Blue Team are not designed to interact with each other on a continuous basis, as a matter of course, so lessons learned on each side are effectively lost
- Information Security management does not see the Red and Blue team as part of the same effort, and there is no shared information, management, or metrics shared between them
Organizations that suffer from one or more of these ailments are most likely to think they need a Purple Team to solve them. But “Purple” should be thought of as a function, or a concept, rather than as a permanent additional team. And that concept is cooperation and mutual benefit toward a common goal.
So perhaps there’s a Purple Team engagement, where a third party analyzes how your Red and Blue teams work with each other and recommends fixes. Or perhaps there’s a Purple Team exercise, where someone monitors both teams in realtime to see how they work. Or maybe there’s a Purple Team meeting, where the two teams bond, share stories, and talk about various attacks and defenses.
The unifying theme is getting the Red and Blue team to agree on their shared goal of organizational improvement and not to introduce yet another entity into the mix. Think of Purple Team as a marriage counselor. It’s fine to have someone act in that role in order to fix communication, but under no circumstances should you decide that the new, permanent way for the husband and wife to communicate is through a mediator.
Feel free to contact E-SPIN for the solution for your system and operation to reduce risk of your businesses and organization. We can secure and protect your businesses with our various software security technology, as well as handling of your red team operation requirements.