The spectrum of cells in a red team engagement
Learn about different types of cells and their role in a red team engagement.
In the context of red team assessments, the word cell is used as a synonym for team. There are three types of cells in a red team engagement, red, blue and white. This basically means, there are three types of teams involved in a red team engagement, red team, blue team and white cell.
Now, that the terminology is clear let’s look at the role of each cell:
Red Cell - This cell or team is responsible for the offense part of the engagements. It constitutes of a red team lead, red team operators, and any other staff members that are involved in the conducting the offense. The red cell lead is responsible for handling communication with the white cell.
Blue Cell - This cell or team is responsible for the defense of the organization. It is made up of SOC members, defenders, security opeartions team and any other staff members involved in monitoring the security. Blue cell is usally involved in the announced red team engagements or purple team exercises. The blue cell is responsible for handling communication with the white cell.
White Cell - It is also known as the Control Cell. This cell or team acts like an observer during the assessment. Their primarily role is to track the asseement and ensure that red cell is conducting the engagement as per the rules of engagement. They are also tasked with co-ordination between the red cell and blue cell, as and when necessary. They are also involevd in the deconfliction process. The white cell is usually not part of the engagement, as such, but should any problems arise, they are the first contact points for both cells. Also, even though it receives information from red and blue cells, it must not pass on information received from one cell to the other cell.
Red Team Notes
- Red Cell - Offensive team led by a red cell lead, conducting attacks and coordinating with the white cell.
- Blue Cell - Defensive team comprising SOC and security operations members, responsible for monitoring and responding to attacks, often in announced engagements or exercises.
- White Cell - Neutral observers ensuring adherence to rules of engagement, coordinating between cells, and handling deconfliction without sharing information between red and blue cells.
Follow my journey of 100 Days of Red Team on WhatsApp or Discord.