Blog Posts
Dealing with Noisy Behavioral Analytics in Detection Engineering
This post discusses a process for tuning and related work you can do to make behavioral analytics more viable in your environment, without sacrificing analytic coverage.
• By Sean Hutchison
In Situational Awareness
Netflow in the Era of EDR and Cloud: Helicopter Parenting for Your Network
Despite well-defined security policies, technical safeguards, and extensive user education, people still make mistakes and adversaries still succeed. A similar situation exists in raising children.
• By Daniel Ruef
In Situational Awareness
How Situational Awareness Informs Cybersecurity Operations
Situational awareness (SA) helps decision makers throughout an organization have the information and understanding they need to make sound decisions about cybersecurity operations. In this blog post, I review and …
• By Nathaniel Richmond
In Situational Awareness
Pandemic Home Security for Your Enterprise
The COVID-19 pandemic has greatly increased remote work among enterprise employees. Home-network environments are not professionally managed, so they are an appealing target for attackers. In this post, we advise …
• By Phil Groce, Harry Caskey
In Situational Awareness
Remote Work: Vulnerabilities and Threats to the Enterprise
How has this change in the way we work altered our security posture? How has it changed our attack surface, and what should we be doing to defend it? In …
• By Phil Groce
In Situational Awareness
Is Your Organization Using Cybersecurity Analysis Effectively?
This SEI Blog post explores how organizations can effectively use cybersecurity analysis and discusses the importance of an effective incident response plan.
• By Angela Horneman
In Situational Awareness
Situational Awareness for Cybersecurity Architecture: 5 Recommendations
In this post on situational awareness for cybersecurity, we present five recommendations for the practice of architecture in the service of cybersecurity situational awareness (SA)....
• By Phil Groce
In Situational Awareness
COVID-19 and Supply-Chain Risk
Managing supply-chain risks from the new coronavirus outbreak is personally important to me. While my first concern--like everyone else's--is mitigating the direct public-health risk....
• By Nathaniel Richmond
In Situational Awareness
Situational Awareness for Cyber Security Architecture: Tools for Monitoring and Response
Visibility into the activities within assets enables network security analysts to detect network compromises. Analysts monitor these activities directly on the device....
• By Timothy J. Shimeall
In Situational Awareness
Situational Awareness for Cybersecurity Architecture: Network Visibility
Network compromises cannot be detected without visibility into the activities within assets. Network security analysts can view these activities in one of two places....