Back to glossary

Blue Teaming

The group of security professionals responsible for maintaining internal network defenses against all cyber threats and attackers.

Categorysecurity

Overview

The Blue Team is the defensive side of a security simulation. Their goal is to detect, oppose, and remediate the activities of the Red Team (or real-world attackers).

Responsibilities

  • Monitoring logs and alerts (SIEM).
  • Incident response and forensics.
  • Hardening systems and networks.
  • Vulnerability management.

Key Tools

  • SIEM/SOAR
  • IDS/IPS
  • EDR/MDR

Related Terms

Red TeamingPurple Teaming