Red Team analysis is useful in a scenario where an offensive and a defensive force can be clearly demarcated. Many security specialists who produce a defensive system are often the same individuals who test the systems they just produced. This approach “results in simple and incomplete tests, because system designers are naturally biased towards proving that their system works,” (pp. 1).
The Defense Advanced Research Projects Agency funds studies in order to encourage systematic testing, especially when the testing procedures involve Red Team vs. Blue Team exercises. In Red Team analysis, rules of engagement are established. Sometimes, analysis is done in phases. First, the Blue Team makes an offensive action. Then, the Red Team responds while the Blue Team is frozen. In other analysis or testing scenarios, the Red and Blue teams make simultaneous actions and developments.
This study used Red Team analysis to test the security of a new software from a denial of services attack. First, rules of engagement were established. For example, the Red Team could only attack the software through means in which the software would normally be used. Administrators of the study considered the Red Team successful only if the Blue Team did not notice any intrusions or odd behavior. Normally, denial of service attacks require coordinate from hundreds, or sometimes thousands, of several bot machines. This study reduced the scope tremendously, actually making it easier for the Red Team to be successful.
After testing at least seven different tactics hackers could use to perpetrate a denial of service attack, the analysis showed that while the software was effective in protecting against attacks it was designed to handle, it had “significant vulnerabilities,” (pp. 14). As a result, both the Red Team and Blue Team learned a considerable amount of the security of the software and of various denial of services attacks (pp. 14).
Red Team analysis is a valuable tool for greater understanding of the issue from both a protagonist and antagonist point of view. Judging from this study, it appears that Red Team analysis is more enlightening when members of either team can have no stake on the success or failure of the other team.
One of the biggest strengths of Red Team analysis also appears to be a weakness. Red Team analysis provides a simplified scenario in which theories, tactics, or analysis can be tested or simulated. However, the simplification can create blind spots once those theories, tactics, or analysis is applied in the real world. There may be instances that occur that were forbidden by the rules of engagement in the test scenario.
Mirkovic, J., Reiher, P., Papadopoulos, C., Hussain, A., Shepard, M., Berg, M., & Jung, R. (n.d.). Testing A Collaborative DDoS Defense In A Red Team/Blue Team Exercise (pp. 1–14). California: University of Southern California. Retrieved from http://www.isi.edu/~mirkovic/publications/redteam.pdf