BLUE TEAM

What is a “Blue team”?
A blue team is similar to a red team in that it also assesses network security and identifies any possible vulnerabilities.

But what makes a blue team different is that once a red team imitates an attacker and attacks with characteristic tactics and techniques, a blue team is there to find ways to defend, change and re-group defense mechanisms to make incident response much stronger.

​

Like a red team, a blue team needs to be aware of the same malicious tactics, techniques and procedures in order to build response strategies around them. And blue team activity isn’t exclusive to attacks. They’re continuously involved to strengthen the entire digital security infrastructure, using software like an IDS (intrusion detection system) that provides them with an ongoing analysis of unusual and suspicious activity.

​

Some of the steps a blue team incorporates are:

• Security audits, such as a DNS audit

• Log and memory analysis

• pcap anlalysis

• Risk intelligence data analysis

• Vulnerability management

• Digital footprint analysis

• Reverse engineering

• DDoS testing

• Developing risk scenarios