The idea behind these teams is simple: test the IT security of your business based on real world simulations. In theory, a business has done everything correctly (following best practice principles) by rolling out their IT infrastructure and implemented all the security protocols correctly.
The question now is: Did everything go according to plan? Well the truth is, the only way to find out is to test it. What we usually find is that most people are not good at testing their own implementations. Further, that an external perception is almost always needed to highlight glaring gaps.
The Blue Team are dedicated to ensuring everything is setup correctly, and that hardware is doing what it needs to do. Their SEIM is reporting any irregularities and their software is blocking and alerting what it needs to.
The Blue Team believe they are safe without someone else telling them otherwise. In most organizations it is important to have a dedicated Blue Team member and not rely on the current IT team. This is because a Blue Team member plays the dedicated role of someone who needs to be constantly vigilant, proactive with IT Security culture and reactive with incident reports and fixed.
Red is good
Enter the Red Team. This is usually an outsourced team whose task is to emulate an attack and test the Blue Teams safe guards and security implementation.
The Red Team could find issues and exploit them and dangle the information in front of the Blue Teams face daily and let them chase their tails for months.
It is important to outsource Red Teaming and not hire an internal team who will be very difficult to manage and retain due to the nature of the business and then also will lose their edge over time due to not working on multiple environments and may be bogged down with internal procedures and polices. External Red Team consultants usually are exposed to more and have no restraints when performing their roles.
Welcome the Purple Team, who will bring out the best of Blue and Red together and ensure that Red Teams results move into actions on the Blue Team and vice versa.
Purple teams are needed when the Red and Blue teams are not getting along, they simply ensure that issues picked up by the Red Team are resolved by the Blue Team and that both teams are doing the best they can.
When Red, Blue and Purple teams work in harmony, they ensure business stability and security and constantly work towards mitigating a breach or attack. Without these teams in place, a business is simply burying their heads in the sand and hoping for the best. This is like building ones own super car and then driving it at full tilt on a track without checking the brakes; you know you connected them, they should work, but they dont.