faradaysecBy faradaysec|March 12, 2024|6 Minutes

Good practices in Cybersecurity – Part 2

Different approaches, one common goal: what kind of hacker do I need?

Nowadays, we can distinguish various branches within a security team Red Teams, Blue Teams, Purple Teams & Bug Hunters

But what does each team do? 

Let’s start from the basics.

This difference in colors, adding a new category related to bug bounty, makes us think about common tasks that all these approaches can have within a company; and the truth is, they have a lot. First, let’s talk about the definition of each one.

Red Teams

This concept is focused on teams with extensive knowledge in offensive security since they are the ones responsible for identifying and exploiting security flaws. In jargon, they are known as the ‘attackers’.

Blue Teams

Unlike the former, these teams are known as the ‘defenders’, who are responsible for implementing and applying security controls to prevent security breaches.

Purple Teams

This designation is used for individuals who fulfill both functions of the teams mentioned above, where they have enough knowledge to abuse security flaws and propose and implement their solution.

Bug Hunters

This community of individuals comes from bug hunting platforms, where in most cases they are independent people who identify and report vulnerabilities in different companies in exchange (in many cases) for monetary rewards. These platforms are highly recognized today for bridging the gap between hackers and companies looking to improve their security posture.

Understanding the common points

A key concept in security today is to have these teams within the company with the aim of improving its security both internally and externally. The common point is always the same: providing security.

As part of a company, it is essential to have people specialized in identifying and exploiting vulnerabilities, obviously before they are found by third parties; that’s why it is vital to have a technical team in red teaming. On the other hand, when identifying flaws, we need specialized resources to mitigate them, and that’s where the blue team branch comes in, implementing the best security practices.

The moment when both paths cross and both tasks can be carried out is called the purple team; carrying out tasks of analysis as well as countermeasures against possible threats.

Finally, in many cases, it is normal for companies not to have these types of teams, or they prefer to have an external view of what is happening. For this, we have bug hunters; people who have a profile similar to a red teamer and who are responsible for reporting vulnerabilities in different companies in exchange for a salary reward or prestige within bug bounty platforms.

With the different approaches and profiles in sight, it is possible to create a kind of nexus between all these worlds: being more protected. It is clear that each of these has its pros and cons, but it is possible to understand that everything has the same end goal.


Faraday: Bringing these approaches together on a single platform

At Faraday, we understand this need to combine all these approaches, respecting each of their tasks, so we seek to adapt the needs of each one while keeping it unified.

In summary, our platform allows the execution of multiple security tools, thus helping the red teamer to have organization and control over all vulnerabilities that may be identified.

The fact of performing vulnerability management tasks, as well as implementing and retesting vulnerabilities, is something we know is of paramount importance within a company. That’s why everything identified, for example by the red team, needs to be analyzed and remediated. With Faraday, it’s possible to work with these vulnerabilities and provide personalized follow-up; either by a blue team or by the developers themselves.

Sometimes it’s necessary to streamline repetitive tasks, for example, launching a series of tools, where upon obtaining their respective results, they are directed to the corresponding area. Again, Faraday allows the automation of tasks regardless of the team responsible for them, and this is where we can exemplify a workflow of a purple team. Here’s a basic use case that can serve as a model for any type of company:

–  Performing a weekly scan on a set of assets.

–  Reporting anomalies, such as new services and identified vulnerabilities.

–  Reporting vulnerabilities to the development teams.

–  Taking actions based on the results obtained (e.g., decommissioning a service).

Trainings, red teaming services, or continuous scanning? We’ve got you covered. Reach out for more information.