Red Team & Blue Team
When I describe how Sytec operates and what makes Sytec different, I usually talk about how we developed an approach of continuous improvement.
Continuous improvement brought the concept of the Red Team and the Blue Team which is at the core of Sytec and how we operate, so here’s a brief overview, please contact us if you’d like to know more.
In any organisation, the objective of the Red Team is to improve the Blue Team.
Being in Red Team is not about winning or losing, it is the equivalent is playing a sports match against a coach (and hopefully you play lots of matches).
Red Team Objectives
In summary the Red Team will challenge an organisation to improve its effectiveness by adopting an adversarial role, in IT security this is sometimes called ethical hacking.
Always with explicit client permission, yet often without the full knowledge of the staff, the Red Team will use penetration tools and techniques to evaluate and report on the security profile of an organisation, resulting in intelligence and insight that presents a realistic picture of security readiness.
Red Team Skills
Sytec’s Red Team have been described as a well informed and independent group of individuals who have demonstrated particular talents for thinking about problems.
The Red Team excel at identifying patterns, spotting trends, asking questions, and generally using these skills to identify issues that haven’t yet become a problem.
Blue Team Objectives
In summary the Blue Team uses a combination of best practice and documented policies to improve and protect systems.
The Blue Team works on the basis that ‘waiting until something is broken before fixing it’ will always result in an unexpected failure, and usually at the most inconvenient time.
Blue Team Skills
The Blue Team are friendly, knowledgeable, and professional. Blue Team skills are aligned with maintaining systems, so they are proactive, good at solving problems and pride themselves on completing tasks in a timely manner.
When calling the service desk (or when the help desk call you) it is pretty likely that you will be speaking with an engineer or technician from the Blue Team.
When you engage Sytec to complete a vulnerability assessment or a penetration test, it will be Red Team member who leads the tasking. There is a clear difference between these two assignments, therefore it is prudent to understand what outcomes you are seeking, let’s begin by describing some differences between a vulnerability assessment and a penetration test.
What is a Vulnerability Assessment?
A vulnerability assessment always includes a scope of work and is always specific in the objective.
Vulnerability assessments almost always involve the use of automated testing tools such as network security scanners, these are usually noisy on the network. The scan results are assessed and escalated to an operations team member for resolution. In summary, a vulnerability assessment involves target evaluation to identify specific system weaknesses which are actionable by remediation to remove or reduce the risk.
What is Penetration Testing?
Often incorrectly interchanged with a vulnerability assessment, a penetration test (or a pentest), also involves the use of automated tools to find vulnerabilities, whilst in theory, penetration testing should therefore be loud and therefore detectable on the network, the Red Team prefers to operate much more stealthily to avoid detection.
When scans have completed and vulnerabilities determined these are assembled in specific sequences called the weakness chain to demonstrate that an opportunity for attack exists.
The weakness chain can include social engineering, gaining physical access, triggering alarms and then monitoring any resulting activities. The objective of the pentest is to prove that sufficient weakness exists which could be exploited.
Mixing Red & Blue?
Everyone at Sytec is dedicated to providing a professional level of service, and without any exception when individuals from different teams work together they are mightily impressive; naturally we deliver projects using a blend of engineering skills from both teams.
One of my favourite parts of working at Sytec is watching normally opposing team members collaborating.
It is a normal day for me to see information flowing and ideas being shared between individuals within the Red and Blue Teams. Sometimes it does feel a little more competitive, yet everyone accepts this is how we maintain and deliver our promise of continuous improvement.
So when you hear me next time talking about complex projects, and in particular minimising risk, keep in mind Sytec brings this approach made up from 2 super teams. Working with smart people is certainly hard work, but in my experience hard work and a talented team makes a good organisation, great.
Why choose to work with Sytec?
- We focus on reducing risk
- Our work and checks are seperated independent processes
- We consider compliance and security checks as the default
- You will know which engineer has access and when they took action
- You will have phone, email and face to face access to certified engineers
- We maintain priority escalation to Microsoft’s Premium support
In summary, Sytec use a blend of skills to handle the management and security of systems, we’re good at this.