Introduction

In the world of Cyber Security today, there are obviously many technologies out there that one can use fortify the lines of defense for their business or corporation.  To a certain degree, depending upon how well these devices have been deployed and implemented, they should block any malicious traffic coming in into your IT Infrastructure (such as malformed Data Packets, assuming that a combination of Firewalls, Network Intrusion Devices, and Routers are being used).

Then there are those tools that scan for any unseen vulnerabilities, or “holes” in your lines of defense.  Examples of this include Port Scanners, Network Sniffing devices, etc.  But one should keep in mind that no matter how sophisticated these tools are, they will not be able to detect everything.

Thus, this is where the role of Penetration Testing comes in.  With this type of exercises being conducted, your defense perimeters will be examined in great detail from both the internal environment and the external environment.  It is only through this kind of exhaustive testing that all hidden vulnerabilities, weaknesses, and holes will be unearthed.

But in order to carry out such an exhaustive task, you a need highly qualified individuals to form what is known as a “Penetration Testing Team”.  In this regard, Pen Testing team can be defined as follows:

“Penetration testing — also known as pen testing — views your network, application, device, and/or physical security through the eyes of both a malicious actor and an experienced cybersecurity expert to discover weaknesses and identify areas where your security posture needs improvement . . . it also simulates a real-world attack to determine how any defenses will fare and the possible magnitude of a breach.”  (SOURCE:  1)

In this blog, we examine the various types of Penetration Testing teams that are structured and being used today.

How Are the Penetration Testing Teams Structured?

In today’s world of Penetration Testing, there is no set method upon how the teams are actually organized.  The number of actual Penetration Testers involved in a project will depend primarily upon key three factors:

  • The types of Penetration Tests that will be occurring;
  • The size of the business or corporation in question (this can be a direct function of employee size);
  • The complexity of the IT Infrastructure that is to be Penetration Tested.

For example, if the organization that wishes to have a Penetration Testing conducted upon its premises is a small one, with less than 20 employees, one can assume that the IT Infrastructure is relatively simple.  Thus, in this particular instance, a complete Penetration Testing team may not be needed.  Rather, just two or three Pen Testers may be needed in order to execute and complete the required tests, and compile the report(s) which will summarize both the findings and recommendations.

But, if the organization which requires Penetration Testing is a large one (such as a Fortune 500 company with greater than 10,000 employees) one can safely assume that the IT Infrastructure is much more complex, and thus, a structured Penetration Testing Team will be required.  In these instances, there are very often two types of teams that are composed and utilized:

  • The Red Team:

This is the Penetration Testing Team that actually launches the mock attack against the lines of defense against the business or the corporation.  This team actually simulates real types of Cyber attacks in order to discover any unknown Security vulnerabilities or weaknesses in all of the IT assets that are being tested. For example, this will include both the hardware and the software sides. In terms of the former, this would include such as items as servers, and the entire Network Infrastructure itself. In terms of the latter, this would involve such items as the database, and any type of web application that is either employee or customer facing.

  • The Blue Team:

This is the Penetration Testing team that actually takes on the mock role of being the IT Staff at the business or corporation. This is the team that is monitoring all alerts, anomalies, and any other forms of suspicious behavior from within the IT Infrastructure.  In the end, their job in the Pen Testing exercises is to thwart off the Cyber-attack that is being launched by the Red Team.  One of the main goals of the Blue Team is to instill upon the real IT Staff of the organization a sense constant vigilance and proactiveness.

  • The Purple Team:

This is a type Penetration Testing Team that is designed to ensure and maximize the efforts of both the Red Team and the Blue Team.  In other words, the Purple Team “. . . integrates the defensive tactics and controls from the Blue Team with the threats and vulnerabilities found by the Red Team into a single narrative.”  (SOURCE: 2).

Conclusions

Our next blog will do a deeper dive into the Red, Blue, and Purple Teams.

Sources