HOME

TheInfoList



Click Here for Items Related To - Blue Team (computer Security)
OR:
Blue Team (computer Security) on:   [Wikipedia]   [Google]   [Amazon]

A blue team is a group of individuals who perform an analysis of information systems to ensure security, identify security flaws, verify the effectiveness of each security measure, and to make certain all security measures will continue to be effective after implementation.


History

As part of the United States computer security defense initiative, red teams were developed to exploit other malicious entities that would do them harm. As a result, blue teams were developed to design defensive measures against such red team activities.


Incident response

If an incident does occur within the organization, the blue team will perform the following six steps to handle the situation: #Preparation #Identification #Containment #Eradication #Recovery #Lessons learned


Operating system hardening

In preparation for a computer security incident, the blue team will perform hardening techniques on all operating systems throughout the organization.


Perimeter defense

The blue team must always be mindful of the network perimeter, including traffic flow, packet filtering, proxy firewalls, and intrusion detection systems.


Tools

Blue teams employ a wide range of tools allowing them to detect an attack, collect forensic data, perform data analysis and make changes to threat future attacks and mitigate threats. The tools include:


Log management and analysis

* AlienVault * FortiSIEM (a.k.a. AccelOps) *
Graylog Graylog, Inc is a log management software company based in Houston, Texas. Their main product is a log management software which is also called Graylog (styled as ''graylog''). History Graylog, formerly Torch, was founded in 2009 by Lennart Koo ...
* InTrust *
LogRhythm LogRhythm, Inc. is an American security intelligence company that specializes in Security Information and Event Management (SIEM), log management, network and endpoint monitoring and forensics, and security analytics. LogRhythm is headquartered ...
*
NetWitness NetWitness is a network security company that provides real-time network forensics automated threat detection, response, and analysis solutions. The company is based in Bedford, Massachusetts. In 2011, NetWitness was acquired by EMC Corporation a ...
* Qradar ( IBM) * Rapid7 * SIEMonster * SolarWinds * Splunk


Security information and event management (SIEM) technology

SIEM Siem is a surname. Notable people with the surname include: * Charlie Siem (born 1986), British violinist * Kjetil Siem (born 1960), Norwegian businessperson, journalist, author and sports official * Kristian Siem (born 1949), Norwegian businessman ...
software supports threat detection and security incident response by performing real-time data collection and analysis of security events. This type of software also uses data sources outside of the network including indicators of compromise (IoC)
threat intelligence Threat intelligence is the "cyclical practice" of planning, collecting, processing, analyzing and disseminating information that poses a threat to applications and systems. Threat intelligence collects information in real-time to showcase the thre ...
.


See also

* List of digital forensics tools * Vulnerability management * White hat (computer security) * Red team


References

{{reflist Computer security