SEI Blog | Situational Awareness

SEI Blog | Situational Awarenesshttp://www.sei.cmu.edu/feeds/topic/situational-awareness/atom/?utm_source=blog&utm_medium=rss2025-12-15T00:00:00-05:00Updates on changes and additions to the SEI Blog for posts matching Situational AwarenessAnalyzing Partially Encrypted Network Flows with Mid-Encryption2025-12-15T00:00:00-05:002025-12-15T00:00:00-05:00Steven Ibarra, Mark Thomashttps://www.sei.cmu.edu/blog/analyzing-partially-encrypted-network-flows-with-mid-encryption/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Encrypted traffic has come to dominate network flows, which makes it difficult for traditional flow monitoring tools to maintain visibility. In this blog post we take a closer look at a new feature added to CERT’s Yet Another Flowmeter tool (YAF) to capture the attributes of encryption when it occurs after the start of the session. We call this mid-encryption.

Dealing with Noisy Behavioral Analytics in Detection Engineering2023-10-30T00:00:00-04:002023-10-30T00:00:00-04:00Sean Hutchisonhttps://www.sei.cmu.edu/blog/dealing-with-noisy-behavioral-analytics-in-detection-engineering/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This post discusses a process for tuning and related work you can do to make behavioral analytics more viable in your environment, without sacrificing analytic coverage.

Netflow in the Era of EDR and Cloud: Helicopter Parenting for Your Network2023-08-14T00:00:00-04:002023-08-14T00:00:00-04:00Daniel Ruefhttps://www.sei.cmu.edu/blog/netflow-in-the-era-of-edr-and-cloud-helicopter-parenting-for-your-network/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Despite well-defined security policies, technical safeguards, and extensive user education, people still make mistakes and adversaries still succeed. A similar situation exists in raising children.

How Situational Awareness Informs Cybersecurity Operations2021-02-08T00:00:00-05:002021-02-08T00:00:00-05:00Nathaniel Richmondhttps://www.sei.cmu.edu/blog/how-situational-awareness-informs-cybersecurity-operations/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Situational awareness (SA) helps decision makers throughout an organization have the information and understanding they need to make sound decisions about cybersecurity operations. In this blog post, I review and provide examples of how to use SA in cybersecurity operations.

Pandemic Home Security for Your Enterprise2021-01-25T00:00:00-05:002021-01-25T00:00:00-05:00Phil Groce, Harry Caskeyhttps://www.sei.cmu.edu/blog/pandemic-home-security-for-your-enterprise/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

The COVID-19 pandemic has greatly increased remote work among enterprise employees. Home-network environments are not professionally managed, so they are an appealing target for attackers. In this post, we advise how to mitigate these risks to regain a security footing.

Remote Work: Vulnerabilities and Threats to the Enterprise2021-01-18T00:00:00-05:002021-01-18T00:00:00-05:00Phil Grocehttps://www.sei.cmu.edu/blog/remote-work-vulnerabilities-and-threats-to-the-enterprise/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

How has this change in the way we work altered our security posture? How has it changed our attack surface, and what should we be doing to defend it? In this blog post, I explore the answers to these questions.

Is Your Organization Using Cybersecurity Analysis Effectively?2020-08-31T00:00:00-04:002020-08-31T00:00:00-04:00Angela Hornemanhttps://www.sei.cmu.edu/blog/is-your-organization-using-cybersecurity-analysis-effectively/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This SEI Blog post explores how organizations can effectively use cybersecurity analysis and discusses the importance of an effective incident response plan.

Situational Awareness for Cybersecurity Architecture: 5 Recommendations2020-07-13T00:00:00-04:002020-07-13T00:00:00-04:00Phil Grocehttps://www.sei.cmu.edu/blog/situational-awareness-cybersecurity-architecture-5-recommendations/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

In this post on situational awareness for cybersecurity, we present five recommendations for the practice of architecture in the service of cybersecurity situational awareness (SA)....

COVID-19 and Supply-Chain Risk2020-06-08T00:00:00-04:002020-06-08T00:00:00-04:00Nathaniel Richmondhttps://www.sei.cmu.edu/blog/covid-19-and-supply-chain-risk/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Managing supply-chain risks from the new coronavirus outbreak is personally important to me. While my first concern--like everyone else's--is mitigating the direct public-health risk....

Situational Awareness for Cyber Security Architecture: Tools for Monitoring and Response2020-05-11T00:00:00-04:002020-05-11T00:00:00-04:00Timothy Shimeallhttps://www.sei.cmu.edu/blog/situational-awareness-for-cyber-security-architecture-tools-for-monitoring-and-response/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Visibility into the activities within assets enables network security analysts to detect network compromises. Analysts monitor these activities directly on the device....

Situational Awareness for Cybersecurity Architecture: Network Visibility2020-03-23T00:00:00-04:002020-03-23T00:00:00-04:00Timur Snokehttps://www.sei.cmu.edu/blog/situational-awareness-for-cybersecurity-architecture-network-visibility/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Network compromises cannot be detected without visibility into the activities within assets. Network security analysts can view these activities in one of two places....

Engineering for Cyber Situational Awareness: Endpoint Visibility2020-02-10T00:00:00-05:002020-02-10T00:00:00-05:00Phil Groce, Timur Snokehttps://www.sei.cmu.edu/blog/engineering-for-cyber-situational-awareness-endpoint-visibility/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

In this post, we aim to help network security analysts understand the components of a cybersecurity architecture, starting with how we can use endpoint information....

Situational Awareness for Cybersecurity: Three Key Principles of Effective Policies and Controls2019-11-18T00:00:00-05:002019-11-18T00:00:00-05:00Angela Hornemanhttps://www.sei.cmu.edu/blog/situational-awareness-for-cybersecurity-three-key-principles-of-effective-policies-and-controls/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Security measures are most effective when it is clear how assets are supposed to be used and by whom....

Network Traffic Analysis with SiLK: Profiling and Investigating Cyber Threats2019-10-28T00:00:00-04:002019-10-28T00:00:00-04:00Paul Krystosek, Timothy Shimeall, Nancy Otthttps://www.sei.cmu.edu/blog/network-traffic-analysis-with-silk-profiling-and-investigating-cyber-threats/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Cyber threats are on the rise, making it vitally important to understand what's happening on our computer networks. But the massive amount of network traffic makes this job hard....

Situational Awareness for Cybersecurity: Assets and Risk2019-10-16T00:00:00-04:002019-10-16T00:00:00-04:00Angela Horneman, Lauren Cooperhttps://www.sei.cmu.edu/blog/situational-awareness-for-cybersecurity-assets-and-risk/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

When key business assets are not adequately protected from cybersecurity breaches, organizations can experience dire consequences....

Managing the Risks of Ransomware2019-10-11T00:00:00-04:002019-10-11T00:00:00-04:00David Tobar, Jason Frickehttps://www.sei.cmu.edu/blog/managing-the-risks-of-ransomware/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Ransomware poses a growing threat to both businesses and government agencies. Though no strategy can fully eliminate these risks, this post provides recommendations....

Bolstering Security with Cyber Intelligence2019-10-03T00:00:00-04:002019-10-03T00:00:00-04:00Jared Ettinger, Stephen Beckhttps://www.sei.cmu.edu/blog/bolstering-security-with-cyber-intelligence/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

A maxim for intelligence operators and military and special operations communities is "get off the X"....

Situational Awareness for Cybersecurity: An Introduction2019-09-09T00:00:00-04:002019-09-09T00:00:00-04:00Angela Hornemanhttps://www.sei.cmu.edu/blog/situational-awareness-for-cybersecurity-an-introduction/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Situational awareness (SA) helps decision makers throughout an organization have the information and understanding available to make good decisions in the course of their work....

An Analyst-Focused Approach to Network Traffic Analysis2018-11-12T00:00:00-05:002018-11-12T00:00:00-05:00Geoff Sandershttps://www.sei.cmu.edu/blog/an-analyst-focused-approach-to-network-traffic-analysis/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Earlier this year, a team of researchers from the SEI CERT Division's Network Situational Awareness Team (CERT NetSA) released an update (3.17.0) to the System for....

Best Practices in Network Traffic Analysis: Three Perspectives2018-10-08T00:00:00-04:002018-10-08T00:00:00-04:00Angela Horneman, Timothy Shimeall, Timur Snokehttps://www.sei.cmu.edu/blog/best-practices-in-network-traffic-analysis-three-perspectives/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

In July of this year, a major overseas shipping company had its U.S. operations disrupted by a ransomware attack, one of the latest attacks to disrupt the daily operation of a major, multi-national organization....