Security Strategy, Plan, Budget

Red/Blue team exercises show defensive shortfalls: Survey

Share

A recent survey of firms that conducted blue team/red team testing offered up some mixed results with about a third saying blue teams rarely catch their attackers, but it also found these exercises lead to more budget being allocated for security.

The survey results indicate that red teams are successful more often than not with 35 percent of those asked stating that their blue teams either rarely or never catch the intruders. Only 2 percent said they were always caught and 68 percent noted occasional success in defending their organization.

However, these tests have resulted in companies reexamining their budget allocations with 56 percent saying some budget increases were made in the wake of such an exercise and an additional 18 percent describing the new investment as significant. In 25 percent of the cases no additional investment was made, and 1 percent of the time security spending actually shrunk.

"There is generally a negative correlation between increased spend and maturity of the security organization. Typically, a significant budget increase means the exercise identified many opportunities for the blue team to improve," Exabeam VP Product Marketing Trevor Daughney told SC Media.

Another positive take away was the fact that most, 60 percent of the companies asked said they do conduct such tests. The regularity of these tests was a bit spread out with 24 percent saying tests are run monthly, 13 percent annually, 12 percent quarterly and 11 percent bi-annually.

Daughney noted organizations with more established and proficient security teams tend to run these exercises more consistently.

Other results red/blue team testing revealed were areas that needed improvement. The most prominent was communication and teamwork, cited by 27 percent of the respondents; 23 percent indicated their defenders needed to brush up on their knowledge of threats and tactics and threat detection improvement was noted 20 percent of the time. Incident response time and persistence was called out 17 percent and 8 percent of the time, respectively.

The survey was conducted by Exabeam during Black Hat earlier this month.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.