By day I carry a blue shield into the fog of conflict. By night I sharpen and hone a red sword. While I rarely take the opportunity to use a
red sword against
an opponent knowing how to use it helps me know where to best place a blue
shield. They are clashing tools that should be understood and used with coherence.
Just as red teams should use reconnaissance, scanning,
exploitation, maintaining access, etc., so should blue teams use reconnaissance,
scanning, mitigation, maintaining authorized access, etc. Why should the red team get all the credit
for finding the unlocked doors when the blue team should be finding the
unlocked doors and mitigating them first? While red teams often have the opportunity to focus on one target blue
teams must defend all targets from multiple threats at all times. The red team strikes where the blue team is
not looking.
One is not better than the other, they just have different
challenges to work with and they must work coherently to assess and mitigate
the cyber lacuna.
No comments:
Post a Comment