Skip main navigation

What Is a Blue Team?

In this video, you will learn about the counterpart to the Red Team – the Blue Team.
6
In this video we’re going to be talking about, what is a Blue Team? Now in the previous video, we talked about Red Teams. Well, the counter to a Red Team is called the Blue Team.
20.6
Now typically, Red Team and Blue Teams will work in opposition to each other. While the Red Team’s job is to attack a network, a Blue Team’s job is to help protect it.
35.8
So some things a Blue Team’s job entails are, they are a security team tasked with protecting the network. They will have an understanding of the business and policy. A Blue Team is going to be a group that works within the organisation, so they’re going to need to be familiar with everything on that network. Not only just what services are running, what servers are there, what operating system they’re running, the type of security updates, when to run the updates, the OS versions and whatnot. They need to understand policy. They need to understand the physical layout of the building, they need to understand where the security cameras are, how many security cameras there are, who’s monitoring them, whatnot.
87.8
They also are tasked with protecting critical assets of the company. So protecting critical assets not only means protecting the servers, protecting the users. It also means protecting the information within that. Protecting the building itself. It could be - again, it doesn’t necessarily mean just files on a file server. It could also be critical paperwork, critical paper files. So anything related to that is going to be - typically fall under a Blue Team. They also gather data. They gather data for things like network attacks, vulnerabilities, things that they find that needs improvements, and whatnot. And then they’re going to take that information, they’re going to document it. They’re going to document well. We could do this and this better.
142.7
This is a vulnerability that we need to address. This door lock on this building is faulty, it doesn’t always lock. That needs to be addressed. A network attacker tried to attack the network on this time and date. This is the information that we found on it, this is the measures that we took to prevent and mitigate it, and also investigate. So documentation is going to be very important for Blue Teams. And also, they are going to be making recommendations again. Things like, well, we should update our servers on this date. We should get this other intrusion detection system and replace this other one we have. And so on. So Blue Team is more than just a basic network security.
200.7
Again, you’re protecting potentially more than just your network final structure. You’re protecting the building, you’re protecting users, or protecting the physical assets that affect the network also. And again, gathering data, documentation, is going to be huge. And recommendations. So they need to know the company inside and out, both operations and policy.
231.4
So this is essentially why the two teams worked in opposition to each other. Again, Red Team’s trying to break in, Blue Team is trying to protect them. So the Blue Team is really based on your organisation structure and size. So should your Blue Team be in-house or outsource? Again, it’s going to be just like the Red Team. A Blue Team could be housed in-house or outsourced. But again, it’s going to depend on how large your organisation is. If you have an organisation of say, 10 people on your IT team, probably not going to make a lot of sense to have a Blue Team, because you probably won’t have the actual staff to protect it.
278.1
Blue Teams can be an incredible asset, especially for larger networks. A Blue Team is an asset that can protect your network. Because again, they know your policies, they know your objectives, they know your network, and whatnot. And even though Red Teams are designed to break into your network and Blue Teams are designed to protect it - they have different objectives, but they both are designed to protect your overall network by looking at it from two different areas.
313.7
So Blue Teams, again, should have a solid understanding of the company’s policies. They should understand the company’s goals, have a solid understanding of the network topology, be good at documentation and communication with management. Because after all, a Blue Team is most likely going to be talking with some sort of manager about what’s going on. Issues, things that were mitigated, and whatnot. They should understand networking and security practises, and also they should be working with the Red Team in some capacity. Because after all, they are going after the same overall goal of protecting the network, and the users, and the company’s goals, and whatnot.
362.6
So this was about Blue Teams, and in the next video, we’re going to be talking about whether it should be in-house or contract. Thank you for watching. I’ll see you in the next video.

There is a counterpart to the Red Ream called the Blue Team. The Blue Team’s role is to protect the network from the Red Team’s simulated attacks.

In the last video, you learned about how the Red Team will try to attack a network in order to identify its vulnerabilities. An organization simulates these attacks to see if they are adequately prepared for an actual attack. To assess how well they could defend themselves, they can also have a Blue Team in place. This team’s role is to respond as though these are actual attacks and defend against them. The Blue Team will try to prevent the Red Team from being successful.

This article is from the free online

Advanced Cyber Security Training: Network Security

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education