August 4, 2017 By George Moraetes 3 min read

It’s common to hear the phrase “never leave security to chance” in business. Given the rapid advancement and persistence of cybercrime, chief information security officers (CISOs) need the ability to deploy offensive security measures to protect their networks. One way to do this is to employ a team of hackers to proactively protect the organization’s data and infrastructure.

A capable offensive hacking team can conduct advanced penetration testing and bug discovery within the organization and deliver technical leadership when executing tactical, comprehensive assessments. Members of this team of hackers should have an affinity for advanced attack techniques and a passion for spotting vulnerabilities.

Encouraging Information Sharing

In organizations that have a security operations center (SOC), a red team is deployed to continually prod the organization’s security posture. This can also be a specialized third-party entity tasked to emulate cybercriminal behaviors and techniques as realistically as possible. In return, the red team shares intelligence with the blue team, which defends against these mock attacks.

Due to the attitudes and practices inherent to each role, there are many challenges surrounding the relationship between red and blue teams. Here are a few examples:

  • Red and blue teams have ideological differences. Often, neither team is properly trained to share information with the other, thus defeating the purpose of the exercise. Moreover, blue teams tend to be risk-averse, while red teams are typically more reckless.
  • Red teams are absorbed within the organization and limited in their ability to conduct assessments, which diminishes their charter and value considerably.
  • Red on blue exercises are not always seen as integral to the organization’s ability to combat vulnerabilities. As a result, metrics are commonly not shared between the teams and management.

To address these challenges, security leaders should consider installing a purple team to act as a crucial bridge and facilitate information sharing between the red and blue teams.

Listen to the podcast: The Value of Red On Blue Cyber Training

Assembling the Right Team of Hackers

When building red and blue teams, it’s important to ensure that candidates are willing to work in harmony and share ongoing metrics related to their activities. It is not enough to simply conduct routine penetration testing in lieu of hiring a red team to go against your blue team defenses. CISOs should take the following steps to overcome these obstacles:

  1. Chose teams members carefully. Candidates should be highly skilled in discovering vulnerabilities and defending against attacks. Above all, these team members must be willing to share information with their counterparts.
  2. Get the teams together. At the onset, gather the team members to get consensus and buy into the overarching strategy. Instruct them to conduct a thorough analysis of risks and vulnerabilities and then devise a response plan. The overall goal is for the teams to practice discovering vulnerabilities and reporting metrics to management.
  3. Spread awareness. People are the weakest links in any security program. Even with the strictest controls over your data, adversaries can exploit employees’ behaviors. Red teams should conduct unannounced exercises, such as staging phishing email campaigns to determine which users might click on a malicious link or open a malware-laden document.
  4. Go beyond your perimeter. Cloud solutions introduce additional security challenges. It’s important to consider all the legal implications, such as service-level agreements (SLAs), to determine whether the red team has the right to test against the provider’s defenses.

Seasoned CISOs understand that information security is always a moving target. Adversaries are extremely sophisticated and will stop at nothing to breach your organization. Moreover, the organization’s network infrastructure, applications and employees are always changing and adding complexities to your security program. Each one of those changes presents a far different attack footprint, and teams of hackers are well-equipped to discover those vulnerabilities and predict unintended consequences before they can damage the organization.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today