Red team vs blue team

In security it’s common to categorize the people involved in an attack under the attackers and the defenders. These two groups are referred to as the “red team” and the “blue team”, respectively.

Difference with “attackers vs defenders”

These terms, “red team” & “blue team”, are meant to be used when you have both sides of the spectrum at the same time. Such as in competitions.

When using those terms, you also imply that you will write reports after the event, both from the blue teams and red teams perspectives. Which means it’s considered invalid to use the terms “red/blue” when being attacked by an unknown hacker. You don’t have a dedicated “blue team” department in your company.

“Attackers” and “defenders” are more generic and do not imply any final reports.

Red team

The attackers.

Red team career paths

  • Penetration tester

Red team tools

  • nmap
  • Wireshark
  • scripting

Blue team

The defenders.

Blue team career paths

  • Security analyst,
  • Incident responder, or
  • Malware analyst

Blue team tools

  • Splunk
  • Volatility