In a proactive move to bolster cybersecurity, the Office of Information Technology (OIT) recently completed a Red Team/Blue Team (RTBT) exercise in collaboration with industry leader CrowdStrike
UA’s Chief Information Security Officer, Taylor Anderson, explained the exercise is “designed to enhance the team’s readiness for real-world cyber threats by pitting CrowdStrike’s Red Team, emulating tactics used by actual threat actors, against our defenders.”
Why We Do It: Readiness Through Realism
Cyber threats are evolving rapidly, and traditional training methods often fall short of preparing teams for the dynamic nature of modern attacks. The RTBT exercise bridges that gap by immersing defenders in a live-fire scenario where they must detect, respond to, and mitigate simulated intrusions. This approach not only sharpens technical skills but also cultivates the strategic thinking and teamwork essential for real-world incident response.
How It’s Done: Tactical Simulation Meets Strategic Analysis
The Red Team deploys a range of tactics, techniques, and procedures commonly used by adversaries, from phishing and lateral movement to privilege escalation and data exfiltration. Meanwhile, the Blue Team must rely on their detection tools, alerting systems, and internal protocols to identify and neutralize the threat.
This simulation is not just a test of technical ability; it’s a diagnostic tool. It reveals blind spots in security coverage, weak detection capabilities, and misconfigurations in tools and alerting systems. These insights are then used to refine defenses, update playbooks, and improve overall security posture.
The Impact: Strengthening Our Cyber Shield
The value of the RTBT exercise lies in its ability to turn theoretical knowledge into actionable intelligence. By exposing vulnerabilities in a safe setting, the OIT Security team can address issues before they become real threats. The exercise also fosters cross-functional collaboration, bringing together security analysts, system administrators, and incident response teams in a unified effort to protect the university’s digital assets.
The exercise plays a critical role in identifying potential gaps in security coverage, weak detection capabilities, and misconfigurations in tools and alerting systems. These insights are invaluable for strengthening our overall security posture.