There is often confusion among executives when they want to take care of information security, as they are confronted with unclear terms.
Do they need a Purple Team now? Or a security audit? Or a penetration test?
The distinction between security audit and penetration testing can be blurred, depending on how it is interpreted. Often, the security audit includes a passive scan and verification of security-related settings. If audited according to ISO/IEC 27001, the information security management system (ISMS) is examined. According to the German Federal Office for Information Security (BSI), the goal of such an audit is “the independent verification of the ISMS according to ISO 27001 on the basis of the IT baseline protection in a firmly defined scope of an organization.”
Blue teams are an organization’s line of defense. They should be the ones to notice and defend against an attack.
To prevent such one from happening in the first place, they make sure security settings are set, identify vulnerabilities and fix them. They take car about software updates and backups.
Red teams try to attack the company. In doing so, they think like a hostile and malicious hacker group. For this purpose, they are usually given a task, such as stealing certain data or sabotaging an entity or operation. They then discuss what they have found out with the members of the Blue Team.
Such an attack scenario of a Red Team can take weeks and months.
A penetration tester differs from the Red Team in a way that the test conducted tends to be shorter in time, also they may be more likely to work alone. A typical penetration test can take hours and days.
What they have in common is that their report must be taken seriously, and the implementation of improvements is carried out and controlled with a schedule. Another thing they have in common (as distinct from IT security audits, although the lines can be blurred as is often the case) is that they are expected to think and act like external attackers. Often without prior knowledge of the system to be attacked.
As another color in our overview, there is purple. Purple teams, in short, combine the characteristics of Red teams and Blue teams (Red + Blue = Purple). While Red Teams are often contractors, the idea behind Purple Teams is that they are an integral part of the organization’s information security culture.
Red Teams and Purple Teams are terms used primarily in larger organizations and those where an attack is a daily reality and their digital and non-digital assets are particularly critical.