Blue Team
The defensive security team responsible for detecting, responding to, and mitigating security incidents. Operates the SOC, investigates alerts, maintains security tools, and participates in exercises against red team engagements.
More from Penetration Testing
Penetration Testing
An authorized simulated attack against an organization's systems to evaluate security by actively attempting to exploit vulnerabilities. Distinct from vulnerability scanning in that penetration testing is manual, attempts real exploitation, and chains vulnerabilities into realistic attack paths.
Vulnerability Assessment
Systematic identification of known vulnerabilities in systems, typically using automated scanners. Identifies CVEs and known misconfigurations but does not attempt exploitation. Required alongside penetration testing by PCI DSS 4.0 (Requirement 11.3 for vulnerability scans, 11.4 for penetration testing).
Red Team
An offensive security engagement that simulates an advanced persistent threat. Longer duration than a penetration test (weeks to months), broader scope including social engineering and physical security, and typically evaluates the blue team's detection and response capability rather than just finding vulnerabilities.
Purple Team
A collaborative exercise between offensive (red) and defensive (blue) teams where attacks and defenses are coordinated in real time to improve detection coverage. More educational than adversarial. The goal is to tune detections against real attacker tradecraft.
Bug Bounty
A program where researchers receive monetary rewards for reporting vulnerabilities in an organization's systems. Complements penetration testing by providing ongoing, crowdsourced security testing. Major platforms: HackerOne, Bugcrowd, Intigriti.
Vulnerability Disclosure Program (VDP)
A formal channel for external researchers to report security vulnerabilities. Unlike bug bounty, VDPs do not offer monetary rewards. CISA Binding Operational Directive 20-01 required federal agencies to have a VDP. Increasingly standard for enterprises.
Apply this to your environment
Our engagements address concepts like blue team in practice — not just definitions, but how the attack patterns apply to your stack and how to remediate.