Learn More about the role of gamification in incident response planning All Hands on Deck for Incident Response Training In addition to educating staff on both sides on the fence, the valuable insight and learning outcomes from participating in such cybersecurity training programs can influence an organization’s overall investments, resources and policies in cybersecurity. This experience can also be critical in helping SOC teams identify potential attacks earlier and make better decisions within their defensive systems. This can help the security staff understand how attackers think and operate, thereby better equipping them to deal with incidents. When engaging in a red on blue exercise, ensure that your organization’s SOC team assumes both its usual defense role and the attacking role. Offerings include everything from half-day lightning sessions to week-long comprehensive training programs to help organizations understand what happens before, during and after a cybersecurity incident. While training in both red and blue is ideal, the cyber range may also provide additional in-house staff to operate one side or the other should a company wish to focus its resources solely on one aspect.
The red scenario is performed via a combination of the latest automated attack tools and manual penetration testing techniques.Ĭyber ranges offer organizations a variety of flexible, customizable experiences, enabling companies to focus on attack, defense or a balance of both.
Meanwhile, on the red side, a series of real-world attacks mimic cybercriminals seeking to infiltrate or disrupt the organization’s network and computer systems. This blue setup typically incorporates the organization’s network monitoring and incident response solutions of choice. To facilitate the blue scenario, the cyber range sets up a system that simulates a company’s network being monitored by the security operations center (SOC) team. The cyber range houses production or production-like systems for use in both the blue (defensive) and red (attack) settings. How Does Red on Blue Training Work?Ī red on blue incident response training session typically takes place in a cyber range, an environment designed for cybersecurity upskilling and simulation exercises. More and more companies are looking to cyber exercises and capture the flag events to improve their incident response effectiveness, upskill staff and tackle the cybersecurity talent gap.Ī red on blue experience provides a safe sandbox environment for participating companies to stress test their business processes and challenge their capabilities in responding to real-world cyber incidents through a realistic simulation.