Blue Teaming

< >

BLue Teaming is a practise for defenders in security to increase their security posture against a team of attackers (usually called the Red Team). This page discusses the case for Blue Teaming as a practise for Dev teams.

-- Playbook --

Dev team sees their appication is attacked, and tries as fast as possible to defend it. This can entail tuning logging, fixing configuration errors, fixing vulns in source code or 3rd party lib,

- priorities

- monitoring - is monitoring available ? do we log the right data ? do we have enough context ?

- CI/CD solution - is the automated build solution working and how quickly can it be deployed ?

- admin console - is there an admin console ? can it be used to protect the application/data ? Or be used by the attacker to shut us out ?

- backups - are backups available ? how do we make a snapshot of the data ?

- procuedures - do we know how to escalate problems ? how to restore backed-up data ? how to get Ops to help out ?