Skip to content

VIDEO

Without a Blue Team, Am I Screwed?

Today’s episode focuses on current events between Ukraine and Russia. Cyber war is at an all-time high, and you need to take precautions to remain safe. But the question remains… If I don’t have a Blue Team, am I screwed?

Category: Blue Teaming, Red Teaming, Thought Leadership

   BACK TO VIDEOS

Transcript

Welcome to A Cup of Joe Espresso Shot, a small yet highly caffeinated shot of tips and tricks to make your business run smoothly and keep your employees happy. Now, today today I want to talk about preparing for war. And if not having a Blue Team means you’re screwed with the current tragedy of war in the Ukraine and at least one ransomware group promising retaliation for any American aggression in cyberspace, things are going to be dicey for a while, and your priorities should probably be reexamined. Now, my advice, as I’ve said before, is to get a pen test team in there now. And don’t bother wasting money on an elite covert exercise. There is a time and place for adversarial simulation, but the outbreak of war is not the time. Usually, a pen test objective is to find one or two initial vectors and then chain those together towards whatever data you’re targeting.

Now, however, what we should shoot for is thoroughness. Don’t play the usual cat and mouse games with your pen testing team. Give the team as much information as possible. I mean, give them everything you know, then insist on them doing Ocean to validate and improve your picture of what you have exposed. This is where many breaches have occurred. Organizations think they have a good picture of their Internet footprint, but then it turns out one or two systems were stood up and maybe not properly documented, and they’re hanging out there unpatched, putting the entire organization at risk. Then give the team a decent amount of time to find the initial attack vectors and all the attack chains and stay out of their way until they’re done.

If they get blocked, release the blocks and let them move on. You want them to find as many exploitable vectors as possible. Then, when you’re done, have them work with your Blue Team so you can identify every action they took. Now, this is where some of you have responded. Hold up. We don’t have a blue team. Are we screwed? No, you’re not screwed.

But to be honest, you do have a lot of work in front of you. You can’t put a security operations center with world class Blue Teamers together overnight, but you can give your sysadmins and network engineers time to prepare for the oncoming storm by readjusting their priorities and giving them time to get up to speed.

Now, one of the best resources I can think of for quickly becoming well versed in defense would be the Blue Team Field manual. Available on Amazon for $15, this 127 page booklet has distilled down the essential Blue Team procedures in an easy to consume and implement steps. You don’t have to have a fully staffed sock to get value out of the information in this book. Customers of PlexTrac can take the information they’ve learned and create run books for the basic Blue Team categories of Preparation, Identification, Protection, Detection, Response and Recovery. Using Runbooks to build an incident response checklist alone would be time well spent. You can also reach out to our customer success team for assistance or watch the Run book mini demo posted to our YouTube channel and linked below in the description.

Hey, I’m not trying to sell security products during these messed up times, but I am trying to use them as a reminder to be prepared, suggesting ways to use your existing resources most effectively. That’s all the time we have today. My name is Joe Perini and I am PlexTrac’s product evangelist wishing you happy hacking.