As Blue Team must respond at the time of the attack or within shortest time, it should be located apart from standard security team in organizations.
Red Team’s aim in organizations is to ensure Blue Team is improved by following up to date attack techniques/tactics.
Blue Team adds products and technologies human intelligence and presents a proactive at the same time reactive approach.
Methods used could be listed as follows;
- Survey and analysis of log information.
- Active use of security information and event management (SIEM) platform for visibility, detection of live attacks and real time triggering of alarms.
- Collecting new threat intelligence information and prioritizing proper actions within the context of risks.
- Anomaly analysis in traffic and data flow.