The origins of this type of tests are related to military. Right there was invented a reliable method to evaluate the security system from a new point of view, which in turn allows to find gaps and shortcomings that were unnoticed up to this point.
The idea is simple: Red team of experienced pentesters attacks a given object, for example, a web application or network infrastructure. The task of Blue team (to which can also be invited people responsible for safety policy in a given company) is to effectively defend against Red team. The advantage of this method over traditional penetration tests consists of, among other things, examination of operation of the whole security system; aside from the hardware part, this covers the actions of IT specialists, their vigilance, and ability to solve a crisis. The attractive form of tests and competition make these tests to be even more effective and lessons learned from them – even more permanent.