Blue Team is a specialised Level 3 service that carries out security studies, ensuring the effectivity of security controls deployed in an organisation.
The purpose of the Tarlogic Blue Team is to carry out different threat evaluations that can affect our clients, monitor these threats and establish remediation plans to mitigate the risk until a definitive solution is reached.
Furthermore, in attempted intrusion cases, tasks are carried out in response to incidents, including forensic analysis of affected machines, traceability of attack vectors, solution proposals and establishment of detection methods for future cases.
The purpose of a Blue Team is to complement other internal or external teams who are responsible for operating security elements.
Blue team: Tasks
Some of the tasks carried out by a Blue Team service are listed below:
- Response to incidents: Supporting the identification and implementation of reactive measures with which to respond and contain a security incident.
- Threat hunting: Active threat search using SIEM or EDR solutions and creation and monitoring of Indicators of Compromise (IOCs)
- Forensic analysis: Security incident study to trace the origin of the intrusion and evaluate its impact and scale.
- Early threat detection: Through the study of the latest hacking techniques, the analysis of CVEs and 0-day vulnerabilities, the team will establish proactive alerts and deploy decoys (deception).
- Bastion host: Bastion guide creation and security control identification for computer systems.
Blue Team and Red Team
The Blue Team and the Red Team constantly carry out cyber-attack simulation exercises, which train them to respond to a real incident.
The Blue Team is the last line of defence in an organisation, since its proactive activity means that it is working tirelessly to monitor any suspicious activity and therefore prepare for future attacks and respond quickly to any intrusion.
The Blue Team’s work can be strengthened by collaborating with a Red Team, since the Red Team helps to identify security breaches with which the Blue Team optimises its defence strategy and monitoring.