What Is Cybersecurity Situational Awareness And Why Should It Be A Critical Part Of Your Security Strategy?

By Eric Vanderburg

We are swimming in an ocean of data and just like the ocean, most of this data is not in a form we can consume without first processing it. Companies and their customers are generating so much data these days that some are drowning in it. For these companies, it costs them more than they realize to keep their data around. Not only are companies incurring an opportunity cost for not using the data, but they are also missing key cybersecurity information and the situational awareness insight it could provide. However, it is not too late to harness your data for cybersecurity situational awareness.

Why is Situational Awareness Important?

Like many cybersecurity terms, situational awareness comes out of traditional warfare and it is an understanding of threats and how those threats can change over time or with the fluctuation of environmental variables. For cybersecurity teams, situational awareness means understanding the current threats to your company’s data and the data it has of others, as well as possible future threats.

In a recent Dell Luminaries podcast, Dr. Gregory Edwards, director of infrastructure services at NATO, discussed how NATO has integrated decision support systems and business analytics with artificial intelligence and machine learning so that data can be visualized and given greater context.  He says, “situational awareness is there’s so much information out there, how do you make sense of it all, is what we’re saying, and how do you give a visualization of some context to that?  You know, two people at various levels, for what purpose?  For decision making — and so now decision support systems talk to business analytics, artificial intelligence, and machine learning.”

“Situational awareness is there’s so much information out there, how do you make sense of it all…and how do you give a visualization of some context to that?

— Dr. Gregory Edwards, director of infrastructure services at NATO

How can technology solve this problem?

As the pace of technology and technological threats continues to advance, we need better technical solutions and processes to keep up. For example, the data mining of the last decade is now being augmented with machine learning to understand data better and to gain greater insights from it.

Situational awareness requires inputs from a large number of systems, both internal and external to the company. Technical systems aimed at the organization might include network management, asset inventory, security information and event management (SIEM), intrusion prevention systems (IPS), endpoint agents, configuration management, vulnerability assessment systems. External systems may include vulnerability and threat databases, data breach notices, hacker data dumps, hash data sets, and exploit details.

Machine learning can be used in situational awareness to experiment with hypothetical threat models to identify the likelihood and impact of such threats. This provides the information necessary to assign a risk value so that companies can determine if controls should be implemented to guard against the threat. Additionally, machine learning can be used to identify new hypotheses from the data.

Many risk management programs are reactive in that they are responding to threats that have already been realized in the wild, but situational awareness protects against threats that have yet to be realized. As the environment changes, threats can be reevaluated with the new data. Even when a company decides not to implement protection against a threat, the analysis of the threat can be useful in quickly remediating a threat if it is later realized.

Situational awareness can help your company properly prioritize cybersecurity spending to achieve better results, but companies need to harness the data from many internal and external systems to accomplish it. It is important, therefore, to choose the underlying technologies wisely so that they can interact well and provide reliable performance and security.

This post was sponsored by Dell, but the opinions are my own and do not necessarily represent Dell Technologies’ positions or strategies.