Blue Team
Definition
A blue team is the defensive security team of an organisation that is engaged in detecting, preventing and responding to cyberattacks. It stands opposite the offensive red team.
Blue team activities include managing SIEM and EDR tools, analysing logs, incident response, threat hunting and implementing security measures. The goal is to protect systems and data against attacks.
In a red team vs. blue team exercise, the blue team does not always know exactly when the attack will take place. This tests their detection and response capabilities under realistic conditions.
Blue teams improve their skills through continuous monitoring, threat intelligence and regular collaboration with red teams in purple team exercises.