More than One-third of Security Professionals’ Defensive Blue Teams Fail to Catch Offensive Red Teams, According to Exabeam Study - Exabeam

More than One-third of Security Professionals’ Defensive Blue Teams Fail to Catch Offensive Red Teams, According to Exabeam Study

August 15, 2019

Reading time
4 mins

Research from Black Hat USA 2019 also shows that more companies are practicing red team testing than blue, and 68% find red team exercises more effective


SAN MATEO, Calif., Aug. 15, 2019 – A new study from Exabeam, the Smarter SIEM™ company, revealed that more than one-third of security professionals’ defensive blue teams fail to catch offensive red teams. The survey, conducted at Black Hat USA 2019, also showed that 68% find red team exercises more effective than blue team testing, and more companies are practicing red over blue team testing.

As cyberattacks become increasingly sophisticated and hack techniques become more highly targeted, organizations must learn how digital adversaries think to help identify gaps in their security programs. Red teams consist of internal or hired external security professionals that emulate cybercriminals’ behaviors and tactics and gauge the effectiveness of the company’s current security technologies. Blue teams consist of the organization’s internal security personnel, tasked with stopping the simulated attacks. In these test scenarios, the blue team must react without preparation, to give the company the most realistic picture of its defensive capabilities.

The study showed that 72% of respondent organizations conduct red team exercises, with 23% performing them monthly, 17% quarterly, 17% annually, and 15% bi-annually. Sixty-percent conduct blue team exercises, with 24% performing them monthly, 12% quarterly, 13% annually, and 11% bi-annually. The fact that so many organizations practice these exercises monthly speaks volumes about their maturity and dedication to fortifying their security posture.

Not only do more organizations practice red team testing, but 35% of respondents claim that the blue team never or rarely catches the red team, while 62% say they are caught occasionally or often. Only 2% say they always stop the red team, emphasizing that organizations must constantly evaluate and adjust their security investments to keep up with today’s adversaries.

Promisingly, the study found that 74% of IT security professionals have seen their companies increase security infrastructure investment as a result of red and blue team testing, with 18% calling the budget changes significant. Only 25% claimed that their company has never upped its security budget after performing these tests.

The survey also identified communication and teamwork (27%) as the top skill blue teams need to work on, followed by knowledge of the attacks and tactics (23%), threat detection (20%), incident response time (17%) and persistence (8%).

“Adversaries’ offensive tactics evolve more rapidly than the majority of security technologies on the market today. It’s abundantly clear that regular and relevant red/blue team testing helps companies develop their security capabilities,” said Stephen Moore, chief security strategist, Exabeam. “The study also demonstrates that while having technical knowledge is a necessary foundation for all security professionals, interpersonal skills are highly sought after to promote more cohesive teams and better cooperation, especially during an incident or intrusion. We encourage companies to employ these types of testing exercises to find and fill security gaps, which, over time, become methods to evaluate the strengths and weaknesses of their cybersecurity defenders.”

About the Survey

Exabeam surveyed 276 IT security professionals in August 2019 at Black Hat USA 2019, the world’s leading information security event.

About Exabeam

Exabeam is the Smarter SIEM™ company. We help security operations and insider threat teams work smarter, allowing them to detect, investigate and respond to cyberattacks in 51 percent less time. Security organizations no longer have to live with excessive logging fees, missed distributed attacks and unknown threats, or manual investigations and remediation. With the modular Exabeam Security Management Platform, analysts can collect unlimited log data, use behavioral analytics to detect attacks, and automate incident response, both on-premises or in the cloud. Exabeam Smart Timelines, sequences of user and device behavior created using machine learning, further reduce the time and specialization required to detect attacker tactics, techniques and procedures. For more information, visit

Exabeam, the Exabeam logo, Smarter SIEM, Smart Timelines and Security Management Platform are service marks, trademarks or registered marks of Exabeam, Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2019 Exabeam, Inc. All rights reserved.

Press Contacts:

Touchdown PR
Emily Gallagher/Alyssa Pallotti
Touchdown PR
[email protected]
Recent Press Releases
Exabeam Named on the Inc. 5000 for the Fifth Consecutive Year

Foster City, Calif and New York, August 24, 2022 –  I...

Exabeam Spotlight22 to Debut Product Innovations Live from New York at NASDAQ MarketSite

Exclusive look at what’s next from the SIEM and behavioral...

Exabeam Certified as a Most Loved Workplace

Most Loved Workplaces employees are happiest and most satisf...