Situational awareness (SA) is the process of collecting information from across your organization, synthesizing it into usable intelligence, and disseminating it effectively so your employees understand how to make good decisions to keep your organization, its assets, and its employees safe and secure.

At its core, good SA gives organizations the ability to know the state of its activities and assets when the organization is functioning normally, and whether the current state of the organization matches that “norm.” If there is a discrepancy between the norm and the current state, SA allows organizations to discover it quickly, understand the reason for the discrepancy, and take appropriate action to manage it.

Effective SA, however, requires a wide scope of visibility into an organization’s activities and assets that is difficult to establish. It involves assessing the organization’s policies, governance, and business objectives; documenting systems, workflows, and processes; employing methods of analysis to detect violations or undesired events; and making sure all activities fulfill legal requirements and business interests.

Accomplishing these objectives to establish SA while finding a good balance to maintain them are challenges that most organizations struggle to implement, leaving key business assets without adequate protection. In such situations, organizations run the risk that their assets could be lost or compromised to malicious actors or through mistakes that could go undetected.

A Complete Approach to Security

The SEI has developed best practices, tools, techniques, procedures, and methodologies to help the DoD, government agencies, and commercial entities protect and secure their information systems. In addition, we have a broad portfolio of cybersecurity assessments that include a selection of assessment tools, techniques, and analytics, ranging from those that can be self-applied to those that require expert facilitation or mentoring.

The SEI can draw on its expertise and experience to provide tailored assistance in any of the following areas:

• strategic roadmap development—The SEI is available to help your organization develop strategy and architecture roadmaps. We can also assess emerging technologies, support early risk identification, and develop acquisition documentation and artifacts for on-premises, cloud, and hybrid multi-cloud environments.
• policy assistance—We can leverage our experience to support your organization in creating well-defined, comprehensive policies for various aspects of cyber assets, identifying if your controls match policy, and assessing how well your technical controls match those policies if there are gaps.
• architecture support—The SEI can help document your organization’s existing systems, find gaps in coverage, and plan for integration of appliances and processes, implementation of solutions for multi-level security, and documentation of mission threads and workflows.
• visibility design—We can help you identify which devices to use for different types of visibility, research endpoint visibility options for assets, and determine visibility strategies.
• analysis­—Thanks to our expertise, the SEI is a leader in evaluating new techniques for analysis such as AI and ML. We can also develop analytics using SEI tools, and we can document workflows and processes for application to SOC, NOC, threat intelligence, and vulnerability management.
• training—The SEI offers support for developing scenario-based training for organizations’ analysts that focus on real-world analyst workflows and go into depth on concepts and decisions, all while making use of available and relevant data sources and tools.