Typically, an organization outsources a red team to take on the role of the attacker, devising an offensive strategy to hack into the infrastructure, systems and applications. Their goal is to improve threat hunting, monitoring and incident response.
The blue team serves as the defenders in the Security Operations Center (SOC) looking to detect an intrusion and prevent damage or loss to the organization. It is responsible for preventing attacks before they start, by using the security tools they have in place, from their security information and event management (SIEM), to incident monitoring and overall threat intelligence platforms. When a threat is detected, they properly utilize their playbooks and respond to the incident promptly.