Design & Implementation of a
Blue Team Program
Assessments Performed Annually
Annual Sustainment Costs
Vulnerabilities Identified Monthly
Total Time in Months to Design & Implement
The client requested assistance in taking their three Vulnerability Testing Programs to the next level. A quick assessment of their Vulnerability Testing Programs reveled many gaps in their People, Processes and Technologies and efficiency in consolidation. Recommendation was to transform and collapse all their current Vulnerability Testing Programs into a holistic Blue Team Program.
Context / Action
We Designed and Implemented a Blue Team Program (People, Processes and Technologies) which performs technical and non-technical Independent Verification & Validation (IV&V) assessment mission of the customer’s and its tenets Information Technology (IT) and Cybersecurity assets.
In accordance with NIST SP 800-161 and CNSSI 4009, a DoD Blue Team is a group of individuals that conduct operational network vulnerability evaluations and provide mitigation techniques to customers who have a need for an independent technical review of their network security posture. The Blue Team identifies security threats and risks in the operating environment, and in cooperation with the customer, analyzes the network environment and its current state of security readiness. Based on the Blue Team findings and expertise, they provide recommendations that integrate into an overall community security solution to increase the customer’s cyber security readiness posture. Often times a Blue Team is employed by itself or prior to a Red Team employment to ensure that the customer’s networks are as secure as possible before having the Red Team test the systems.
We designed the client’s Blue Team Program to be able to “Assess Anything At Any Time!”. In a Cyber domain where technology evolves rapidly, we knew this program had to morph with technology and business operations. Additionally, not knowing what processes and technologies customers possessed; this program had to be ready to assess whatever assets they came across.
Our Blue Team Program assessed using automated and manual, examined, scanned, interviewed, and discovery techniques to identify, validate, and assess vulnerabilities. After a few successful missions and hundreds of vulnerabilities discovered; the customer utilized this program as an Enterprise Service to offer to all of its customer base.