R&D experts talked about the most effective Blue Team techniques on the Russian market

Modern cybersecurity organizations have begun to change their approach to protecting against hackers. Now the Blue Team (a team of information security specialists responsible for protecting against cyber attacks) identifies threats by paying attention to behavioral deviations within the infrastructure. On June 8, experts from the Russian developer of information security solutions exploitDog (R&D) reported on the most effective techniques of the Blue Team to Izvestia.

Unexpected elevation of user privileges is considered to be one of the main indicators of system compromise. In the regular regime, the rights of employees are strictly limited by their official roles. If a warehouse employee suddenly gets access to financial archives or administrative rights, this becomes an absolute signal for defenders. Such an event may be the result of a technical error, but the Blue Team runs a verification script.

Another protection tool is "honey traps" (honeypots). These are false targets that mimic customer bases, financial statements, or internal services. These facilities are equipped with alarms and monitoring tools, but they are not used in the real business processes of the company. Any appeal to the honeybot automatically means the presence of an outsider engaged in intelligence on the network.

The modern approach of the Blue Team also implies continuous monitoring of the entire digital environment. The key risk factors for such surveillance are the appearance of unknown devices on the network and the sudden shutdown of internal services. Security teams consider any technical failures as potential incidents, especially if they are accompanied by unusual user activity.

The modern approach also includes working with staff behavior through educational phishing and verification. Specialists can leave a flash drive with built-in alarms at the entrance to the office. If an employee connects media to a computer, the team fixes the vulnerability and directs the user to training. Resistance to phishing emails to work emails is checked in the same way.

Additionally, the Blue Team takes into account SMS bombing scenarios that are used to distract the attention of security personnel. While one protection circuit is dealing with a local incident, the second is analyzing the infrastructure for hidden hacker activity.

The experts' approach is based on continuous monitoring, where the appearance of unknown devices and the sudden shutdown of internal services are recognized as risk factors. Modern cybersecurity is shifting from simple perimeter protection to the search for anomalies within the network, based on the logic that an attacker may already be in the system, the research added.

The browser knows better: how AI is changing the way we work online

Experts predict a transition from manual search to dialogue with artificial intelligence

The official representative of the Ministry of Internal Affairs of Russia, Irina Volk, announced on June 5 that the head of the department, Vladimir Kolokoltsev, took part in a meeting of the Ministers of Internal Affairs and public security of the Shanghai Cooperation Organization (SCO) member states, which was held in Bishkek. During the meeting, representatives of the countries discussed cybersecurity. Kolokoltsev stressed that cybercrime is becoming more complex and international, which makes it necessary to coordinate the efforts of countries.