In a proactive move to bolster cybersecurity, the Office of Information Technology (OIT) recently completed a Red Team/Blue Team (RTBT) exercise in collaboration with industry leader CrowdStrike.
UA’s Chief Information Security Officer, Taylor Anderson, explained the exercise is “designed to enhance the team’s readiness for real-world cyber threats by pitting a CrowdStrike Red Team, emulating tactics used by actual threat actors, against our defenders.”
Why We Do It: Readiness Through Realism
Cyber threats are evolving rapidly and the RTBT exercise bridges that gap by immersing defenders in scenarios where they must detect and respond to simulated attacks. This approach sheds light on blind spots in UA’s defensive capabilities and also cultivates the strategic thinking and teamwork essential for real-world incident response.
How It’s Done: Tactical Simulation Meets Strategic Analysis
The Red Team deploys a range of tactics and techniques used by adversaries, from phishing and data exfiltration to privilege escalation and lateral movement. Meanwhile, the Blue Team must rely on their detection tools, alerting systems, and internal protocols to identify and respond to the threat.
This simulation is not just a test of technical ability; it’s a diagnostic tool. It reveals blind spots in security coverage, weak detection capabilities, and misconfigurations in tools and alerting systems. These insights are then used to refine defenses, update playbooks, and improve overall security posture.