Security Jersey Colors

I realized after my previous post that not everyone may be familiar with the "color" system used to designate various military security teams. I referenced a "red team" in my post NSA IAM and IEM Summary, for example.

I thought it might be helpful to post my understanding of these colors and to solicit feedback from anyone who could clarify these statements.


  • Red Team: A Red Team is an adversary simulation team. The Red Team attacks the asset to meet an objective. This activity is called penetration testing in the commercial world.

  • Blue Team: A Blue Team is a security posture assessment and evaluation team. The Blue Team determines the vulnerabilities and exposures of an enterprise. This activity is called vulnerability assessment in the commercial world.

  • White Team: A White Team (or usually a "White Cell") controls the environment during an exercise. The White Cell provides the framework in which the Red Team attacks friendly forces. (Note that in some situations the friendly forces are called the "Blue Team." This is not the same Blue Team that conducts vulnerability assessments and evaluations. Blue in this case is simply used to differentiate from Red.)

  • Green Team: The Green Team is usually a training group that helps the asset owners. Alternatively, the Green Team helps with long-term vulnerability and exposure remediation, as identified by the Blue Team. These descriptions are open for discussion because I haven't seen too many green team activities.


Did I miss any colors?

Comments

Clint Laskowski said…
And, in fact, this is why I called my company 'BlueHat Security", because I was helping clients defend and assess their security (meets both of your definitions), and because there is also a book about the six thinking hats (and the blue hat is kind of the 'big picture' hat or the meta hat).

Obviously, there is also the Microsoft BlueHat Security Conference. But I think I was using the name officially before they did.

www.bluehatsecurity.com
(this site is currently under re-development).

-- Clint
clint@bluehatsecurity.com
Marcin said…
Nice choice of color (Polish) for the jersey... :)

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics