A recent survey of firms that conducted blue team/red team
testing offered up some mixed results with about a third saying blue teams
rarely catch their attackers, but it also found these exercises lead to more
budget being allocated for security.The survey results indicate that red teams are successful
more often than not with 35 percent of those asked stating that their blue
teams either rarely or never catch the intruders. Only 2 percent said they were
always caught and 68 percent noted occasional success in defending their
organization.However, these tests have resulted in companies reexamining their budget allocations with 56 percent saying some budget increases were made in the wake of such an exercise and an additional 18 percent describing the new investment as significant. In 25 percent of the cases no additional investment was made, and 1 percent of the time security spending actually shrunk."There is generally a negative correlation between increased spend and maturity of the security organization. Typically, a significant budget increase means the exercise identified many opportunities for the blue team to improve," Exabeam VP Product Marketing Trevor Daughney told SC Media.Another positive take away was the fact that most, 60 percent of the companies asked said they do conduct such tests. The regularity of these tests was a bit spread out with 24 percent saying tests are run monthly, 13 percent annually, 12 percent quarterly and 11 percent bi-annually.Daughney noted organizations with more established and proficient security teams tend to run these exercises more consistently.Other results red/blue team testing revealed were areas that
needed improvement. The most prominent was communication and teamwork, cited by
27 percent of the respondents; 23 percent indicated their defenders needed to
brush up on their knowledge of threats and tactics and threat detection
improvement was noted 20 percent of the time. Incident response time and persistence
was called out 17 percent and 8 percent of the time, respectively.The survey was conducted by Exabeam during Black Hat earlier
this month.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds