http://www.sei.cmu.edu/feeds/topic/Updates on changes and additions to the SEI Blog for posts matching Situational Awarenessen-usMon, 15 Dec 2025 00:00:00 -0500https://www.sei.cmu.edu/blog/analyzing-partially-encrypted-network-flows-with-mid-encryption/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesEncrypted traffic has come to dominate network flows, which makes it difficult for traditional flow monitoring tools to maintain visibility. In this blog post we take a closer look at a new feature added to CERT’s Yet Another Flowmeter tool (YAF) to capture the attributes of encryption when it occurs after the start of the session. We call this mid-encryption.Steven Ibarra, Mark ThomasMon, 15 Dec 2025 00:00:00 -0500https://www.sei.cmu.edu/blog/analyzing-partially-encrypted-network-flows-with-mid-encryption/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/dealing-with-noisy-behavioral-analytics-in-detection-engineering/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post discusses a process for tuning and related work you can do to make behavioral analytics more viable in your environment, without sacrificing analytic coverage.Sean HutchisonMon, 30 Oct 2023 00:00:00 -0400https://www.sei.cmu.edu/blog/dealing-with-noisy-behavioral-analytics-in-detection-engineering/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/netflow-in-the-era-of-edr-and-cloud-helicopter-parenting-for-your-network/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesDespite well-defined security policies, technical safeguards, and extensive user education, people still make mistakes and adversaries still succeed. A similar situation exists in raising children.Daniel RuefMon, 14 Aug 2023 00:00:00 -0400https://www.sei.cmu.edu/blog/netflow-in-the-era-of-edr-and-cloud-helicopter-parenting-for-your-network/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/how-situational-awareness-informs-cybersecurity-operations/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSituational awareness (SA) helps decision makers throughout an organization have the information and understanding they need to make sound decisions about cybersecurity operations. In this blog post, I review and provide examples of how to use SA in cybersecurity operations.Nathaniel RichmondMon, 08 Feb 2021 00:00:00 -0500https://www.sei.cmu.edu/blog/how-situational-awareness-informs-cybersecurity-operations/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesNetwork Situational Awarenesshttps://www.sei.cmu.edu/blog/pandemic-home-security-for-your-enterprise/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe COVID-19 pandemic has greatly increased remote work among enterprise employees. Home-network environments are not professionally managed, so they are an appealing target for attackers. In this post, we advise how to mitigate these risks to regain a security footing.Phil Groce, Harry CaskeyMon, 25 Jan 2021 00:00:00 -0500https://www.sei.cmu.edu/blog/pandemic-home-security-for-your-enterprise/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesNetwork Situational AwarenessBest Practices in Network Securityhttps://www.sei.cmu.edu/blog/remote-work-vulnerabilities-and-threats-to-the-enterprise/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesHow has this change in the way we work altered our security posture? How has it changed our attack surface, and what should we be doing to defend it? In this blog post, I explore the answers to these questions.Phil GroceMon, 18 Jan 2021 00:00:00 -0500https://www.sei.cmu.edu/blog/remote-work-vulnerabilities-and-threats-to-the-enterprise/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesNetwork Situational AwarenessBest Practices in Network Securityhttps://www.sei.cmu.edu/blog/is-your-organization-using-cybersecurity-analysis-effectively/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post explores how organizations can effectively use cybersecurity analysis and discusses the importance of an effective incident response plan.Angela HornemanMon, 31 Aug 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/is-your-organization-using-cybersecurity-analysis-effectively/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesNetwork Situational AwarenessCybersecurityhttps://www.sei.cmu.edu/blog/situational-awareness-cybersecurity-architecture-5-recommendations/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn this post on situational awareness for cybersecurity, we present five recommendations for the practice of architecture in the service of cybersecurity situational awareness (SA)....Phil GroceMon, 13 Jul 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/situational-awareness-cybersecurity-architecture-5-recommendations/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesNetwork Situational AwarenessSituational Awarenesshttps://www.sei.cmu.edu/blog/covid-19-and-supply-chain-risk/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesManaging supply-chain risks from the new coronavirus outbreak is personally important to me. While my first concern--like everyone else's--is mitigating the direct public-health risk....Nathaniel RichmondMon, 08 Jun 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/covid-19-and-supply-chain-risk/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesResilience Management Model (RMM)Supply Chainshttps://www.sei.cmu.edu/blog/situational-awareness-for-cyber-security-architecture-tools-for-monitoring-and-response/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVisibility into the activities within assets enables network security analysts to detect network compromises. Analysts monitor these activities directly on the device....Timothy ShimeallMon, 11 May 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/situational-awareness-for-cyber-security-architecture-tools-for-monitoring-and-response/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesNetwork Situational AwarenessSituational Awarenesshttps://www.sei.cmu.edu/blog/situational-awareness-for-cybersecurity-architecture-network-visibility/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesNetwork compromises cannot be detected without visibility into the activities within assets. Network security analysts can view these activities in one of two places....Timur SnokeMon, 23 Mar 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/situational-awareness-for-cybersecurity-architecture-network-visibility/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesNetwork Situational AwarenessSituational Awarenesshttps://www.sei.cmu.edu/blog/engineering-for-cyber-situational-awareness-endpoint-visibility/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn this post, we aim to help network security analysts understand the components of a cybersecurity architecture, starting with how we can use endpoint information....Phil Groce, Timur SnokeMon, 10 Feb 2020 00:00:00 -0500https://www.sei.cmu.edu/blog/engineering-for-cyber-situational-awareness-endpoint-visibility/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesNetwork Situational AwarenessSituational Awarenesshttps://www.sei.cmu.edu/blog/situational-awareness-for-cybersecurity-three-key-principles-of-effective-policies-and-controls/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecurity measures are most effective when it is clear how assets are supposed to be used and by whom....Angela HornemanMon, 18 Nov 2019 00:00:00 -0500https://www.sei.cmu.edu/blog/situational-awareness-for-cybersecurity-three-key-principles-of-effective-policies-and-controls/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSituational AwarenessNetwork Situational Awarenesshttps://www.sei.cmu.edu/blog/network-traffic-analysis-with-silk-profiling-and-investigating-cyber-threats/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber threats are on the rise, making it vitally important to understand what's happening on our computer networks. But the massive amount of network traffic makes this job hard....Paul Krystosek, Timothy Shimeall, Nancy OttMon, 28 Oct 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/network-traffic-analysis-with-silk-profiling-and-investigating-cyber-threats/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesNetwork Traffic Analysis https://www.sei.cmu.edu/blog/situational-awareness-for-cybersecurity-assets-and-risk/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesWhen key business assets are not adequately protected from cybersecurity breaches, organizations can experience dire consequences....Angela Horneman, Lauren CooperWed, 16 Oct 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/situational-awareness-for-cybersecurity-assets-and-risk/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesNetwork Situational AwarenessSituational Awarenesshttps://www.sei.cmu.edu/blog/managing-the-risks-of-ransomware/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesRansomware poses a growing threat to both businesses and government agencies. Though no strategy can fully eliminate these risks, this post provides recommendations....David Tobar, Jason FrickeFri, 11 Oct 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/managing-the-risks-of-ransomware/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesNetwork Situational AwarenessCyber MissionsBest Practices in Network SecuritySituational Awarenesshttps://www.sei.cmu.edu/blog/bolstering-security-with-cyber-intelligence/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesA maxim for intelligence operators and military and special operations communities is "get off the X"....Jared Ettinger, Stephen BeckThu, 03 Oct 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/bolstering-security-with-cyber-intelligence/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updateshttps://www.sei.cmu.edu/blog/situational-awareness-for-cybersecurity-an-introduction/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSituational awareness (SA) helps decision makers throughout an organization have the information and understanding available to make good decisions in the course of their work....Angela HornemanMon, 09 Sep 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/situational-awareness-for-cybersecurity-an-introduction/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesNetwork Situational AwarenessSituational Awarenesshttps://www.sei.cmu.edu/blog/an-analyst-focused-approach-to-network-traffic-analysis/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesEarlier this year, a team of researchers from the SEI CERT Division's Network Situational Awareness Team (CERT NetSA) released an update (3.17.0) to the System for....Geoff SandersMon, 12 Nov 2018 00:00:00 -0500https://www.sei.cmu.edu/blog/an-analyst-focused-approach-to-network-traffic-analysis/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSoftware and Information AssuranceNetwork Traffic Analysis https://www.sei.cmu.edu/blog/best-practices-in-network-traffic-analysis-three-perspectives/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn July of this year, a major overseas shipping company had its U.S. operations disrupted by a ransomware attack, one of the latest attacks to disrupt the daily operation of a major, multi-national organization....Angela Horneman, Timothy Shimeall, Timur SnokeMon, 08 Oct 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/best-practices-in-network-traffic-analysis-three-perspectives/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesHuman-Machine InteractionsCyber MissionsBest Practices in Network Security