What is Red Team/Blue Team Training?
Security aware and knowledgeable users serve as the “front line” of your overall security posture. As such, training is one of the most essential components of your risk mitigation strategy and overall cybersecurity program. However, without learning cybersecurity from the “hacker’s” perspective and gaining a true understanding of how adversaries attack and compromise networks, systems, and assets, you’re only getting half of the picture. Without that other half, you’re essentially blindly deploying generic security controls and “best practices”. In order to have an efficient and cost-effective risk mitigation strategy, you must understand not only where your vulnerabilities are, but also the tactics that attackers will use to exploit these vulnerabilities. Think of it like sports. If a team went into a match without knowing how the other team's offense was going to attack, the defense would be severely out matched. Red Team/Blue Team Training provides the opportunity to learn these adversarial tactics in conjunction with the defensive methods; and then students get to apply the skills they learn as they face off in a head-to-head competition, Blue Team (the defenders) against Red Team (the attackers).
What is ThreatGEN™ Red vs. Blue?
ThreatGEN™ Red vs. Blue is the industry's first multi-player strategy computer game where players compete against each other, head-to-head, to take control/maintain control of a computer network. This is not a fiction-based game like those found on the consumer gaming market. This is a live, player vs. player "gamified" training simulator, designed to teach cyber security skills in an immersive and interactive applied learning environment.
You Don't Have to Be a Hacker
Traditionally, red team/blue (or red team vs. blue team) training has been a significant time commitment, often upwards of five days or more. This can be taxing on constrained schedules and budgets. There is also a steep technical learning curve to be able to play the part of the red team. As a result, most training requires someone with existing "hacking" or advanced cybersecurity skills to take part in the class to act as the red team. ThreatGEN™ Red vs. Blue was developed by authors of “Hacking Exposed: Industrial Control Systems” and uses cutting edge computer gaming technology, to offer all the best aspects of red team/blue team training, but in a fraction of the time and without a technical learning curve. Students of all levels can even play the part of the red team, regardless of experience or skill level.
Additionally, less than 10% of cybersecurity professionals need to have the hands-on skills to actually exploit a system in order to know how to secure systems and networks. The majority of the up front value for most organizations is understanding the attack vectors, the strategies and methods (at a high-level) adversaries will use to attack those vectors, and what security controls and vulnerability remediation are needed to protect against such methods. ThreatGEN™ Red vs. Blue allows players of all skill levels to see "the big picture". It offers the unique ability to provide a practical application aspect in subjects such as mitigation strategy, cybersecurity program management, and policies and procedures development, where practical, "hands-on" training has traditionally been difficult to do.
Layered Defense vs. Limited Resources
"Layered defense" is a sound concept and great security practice... if you have the resources to do it effectively. The truth is that almost every organization is resource constrained, in terms of budget, skilled staff, and time, when it comes to cybersecurity. As a result, only a limited number of security layers (security controls) can be applied. ThreatGEN™ Red vs. Blue teaches the skills and strategies necessary to formulate an efficient, targeted, and cost-effective risk mitigation strategy with constrained resources. One of the most unique and effective aspects of ThreatGEN™ Red vs. Blue is that it teaches how to do all of this against a live adversary (the red team) strategizing against you, adjusting to and countering your efforts. Just as it is in the real world, effective cybersecurity takes more than just implementing "best practices" and "layered defense".
ThreatGEN™ Red vs. Blue Versions:
- Red vs. Blue
- Red vs. Blue Corporate
- Red vs. Blue CTF
- Red vs. Blue Tabletop
- Red vs. Blue Instructor Led Training