SOT

SOT

SOAR
Security Orchestration, Automation and Response

Automation of response to information security incidents using dynamic playbooks and information security tools, building an attack chain and with an object-oriented approach

NG SOAR
Next Generation SOAR

Automation of response to information security incidents with built-in basic correlation (SIEM), vulnerability Scanner (VS), collection of raw events directly from information security tools, dynamic playbooks, building an attack chain and an object-oriented approach. AM and VM are included

AM
Asset Management

Description of the IT landscape, detection of new objects on the network, categorization of assets, inventory, life cycle management of equipment and software on automated workstations and servers of organizations

VS
Vulnerability Scanner

Scanning information assets with enrichment from any external services (additional scanners, The Data Security Threats Database and other analytical databases) to analyze the security of the infrastructure.

VM
Vulnerability Management

Building a process for detecting and eliminating technical vulnerabilities, collecting information from existing security scanners, update management platforms, expert external services and other solutions

FinCERT
Financial Computer Emergency Response Team

Bilateral interaction with the Central Bank, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

GovCERT
Government Computer Emergency Response Team

Bilateral interaction with the state coordination center for computer incidents, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

Mail us to sales@securityvision.ru or get demo presentation

SDA

SDA

TIP
Threat Intelligence Platform

Cybersecurity threat data collection, analysis, enrichment, infrastructure detection, investigation and response.

UEBA
User and Entity Behavior Analytics

Building behavior models and detecting deviations from them using several dozen built-in static analysis rules.

AD + ML
User and Entity Behavior Analysis

Dynamic behavioral analysis to search for anomalies using machine learning and to search for possible incidents.

Mail us to sales@securityvision.ru or get demo presentation

GRC

GRC

RM
Risk Management

Formation of a register of risks, threats, protection measures and other control parameters, assessment using the chosen methodology, formation of a list of additional measures to change the level of risk, control of execution, periodic reassessment.

ORM
Operational Risk Management

Accounting and recording of operational risk events, monitoring of key risk indicators and self-assessment/control

CM
Compliance Management

Audit of compliance with various methodologies and standards

BCM
Business Continuity Management

Automation of ensuring continuity and restoration of activities after emergencies.

OTS
Operational Technology Security

Operational Technology Security

Mail us to sales@securityvision.ru or get demo presentation

DEMO
presentation

SOT

Technology
SOAR

Security Orchestration, Automation and Response
NG SOAR

Next Generation SOAR
AM

Asset Management
VS

Vulnerability Scanner
VM

Vulnerability Management
FinCERT

Financial Computer Emergency Response Team
GovCERT

Government Computer Emergency Response Team

GRC

Processes
RM

Risk Management
ORM

Operational Risk Management
CM

Compliance Management
BCM

Business Continuity Management
OTS

Operational Technology Security

SDA

Analytics
TIP

Threat Intelligence Platform
UEBA

User and Entity Behavior Analytics
AD + ML

User and Entity Behavior Analysis

All products

SOT

Technology

SOAR

Security Orchestration, Automation and Response

NG SOAR

Next Generation SOAR

AM

Asset Management

VS

Vulnerability Scanner

VM

Vulnerability Management

FinCERT

Financial Computer Emergency Response Team

GovCERT

Government Computer Emergency Response Team

GRC

Processes

RM

Risk Management

ORM

Operational Risk Management

CM

Compliance Management

BCM

Business Continuity Management

OTS

Operational Technology Security

SDA

Analytics

TIP

Threat Intelligence Platform

UEBA

User and Entity Behavior Analytics

AD + ML

User and Entity Behavior Analysis
All products
Clients FAQ

Situational awareness in cyber security

Situational awareness in cyber security
13.09.2021

|   Listen on Mave  |   Listen on Yandex Music  |     


Ruslan Rakhmetov, Security Vision


Situational awareness is a model for assessing the environment. One of the most famous researchers in this field is Mika Endsley, where she formed the following definition: situational awareness is the perception of elements and events of the environment in relation to time or space, understanding their significance and projecting their status in the near future.


The purpose of situational awareness is to actively detect and analyse information relevant to immediate operational stability and safety, and to coordinate such information across the enterprise to ensure that all organisational units are operating within a common operating picture.


Situational awareness enables the organisation to understand the operational environment of critical services and the environment of impact on their performance. This understanding provides stakeholders with a reasonably accurate and relevant understanding of the past, current and projected future state of such services and supports effective decision making within the context of the overall operating environment.


The situational awareness process establishes a common operating picture by collecting, fusing, and analysing data to support automated or human decision-making in implementing cybersecurity incident response actions. Such data must necessarily be communicated in a timely manner and in a form that allows a human to quickly understand the key elements needed to make the right decisions.


The overall operational picture must be accurate and actionable (suitable for decision support and action). However, different participants in the enterprise need different and not necessarily complete knowledge of the operating environment. Depending on how it is presented, a complete picture may contain too much information and overwhelm the decision maker. Operators should also not be presented with a massive amount of data; rather, operators should only see what is important, as determined by the risk strategy and the overall risk picture.


Role and linkages of situational awareness


Situational awareness has a close and bidirectional relationship with all other processes in the cybersecurity division, such as asset management, vulnerability management, incident management, and risk management. Yes, situational awareness is also a process that must be integrated into the overall cybersecurity operations.


Asset management processes lay the foundation for situational awareness by identifying the critical services and related assets (with a link also to risk management) that the situational awareness process should focus on.


Risk management is the basis for identifying situational awareness requirements and the lens through which situational awareness information is interpreted and communicated. Risk management also involves several processes. Vendors, the vulnerability management team or other sources may report the existence of a vulnerability to the organisation. The situational awareness process provides this information to asset management, which determines which assets are vulnerable and the potential risks to critical services. This information is used for the situational awareness process, which passes it on to the risk management team. With this information, the risk management team can prioritise vulnerability risks over other risks and, if necessary, increase the urgency of corrective actions, such as requesting a patch or workaround from a vendor.


The situational awareness process feeds data to the incident management process, which can correlate it with information from other external CERTs and, if necessary, declare an incident and communicate it to the appropriate stakeholders.


The aligned situational awareness process has four steps through which the organisation plans, collects and analyses, shares information and improves the situational awareness process itself to improve operational efficiency and ensure the required level of cyber security for the organisation.


Figure 1 - Situational awareness process


1. Situational awareness planning


Planning is essential to the successful implementation of a situational awareness programme. The plan documents the objectives of the programme, the strategy to achieve those objectives, and the infrastructure and resources required to execute the plan. When planning for situational awareness, it is important to implement the following actions:

  • Obtain management support in the form of resources
  • Develop a strategy for the situational awareness programme
  • Develop an approach to collecting and analysing situational awareness data
  • Develop an approach to communicating situational awareness
  • Develop a situational awareness plan.

2. Collect and analyse situational awareness data


Data collection and analysis is the main process that needs to:

  • Establish the requirements for collecting and analysing situational awareness data
  • Develop an approach to collecting and analysing situational awareness data
  • Establish an infrastructure to support situational awareness monitoring activities
  • Collect, record and analyse information.

3. information sharing


Information gathered through situational awareness activities must be effectively shared with stakeholders who need the information to make informed decisions about the cyber security of the organisation.


To build information sharing processes, it is necessary to:

  • Establish requirements for situational awareness communication
  • Establish standards and guidelines for information sharing
  • Establish infrastructure to support situational awareness actions
  • Communicate situational awareness.

4. Improve situational awareness processes and technologies


Successful risk management for critical services depends heavily on the effectiveness of the organisation's situational awareness processes and technologies. In an environment of increasing threats, it is particularly important for an organisation to continuously improve its situational awareness capabilities.


Situational awareness process and technology improvement activities include:

  • Reviewing the overall effectiveness of the situational awareness programme
  • Identifying updates and improvements to the situational awareness programme
  • Making improvements to processes and technology.

Conclusion


Situational awareness involves the collection, analysis and communication of information that provides a broader and richer perspective of an organisation's operating environment. Situational awareness supports an ever-changing picture of the environment in which day-to-day operations take place. Being included in the overall process of evaluating economic, social, political and geographical factors, events that may not seem noteworthy in themselves may be identified as suspicious or even malicious. This context is required at the local or internal organisational level (organisational events such as redundancies, special high-profile events, etc.) as well as at the external, national or global level to observe, evaluate and correlate events and information.

Recommended

Review of NIST SP 800-150 "Guide to Cyber Threat Information Sharing"
Review of NIST SP 800-150 "Guide to Cyber Threat Information Sharing"
information security

05.07.2022

IT and IS processes
IT and IS processes
information security

04.04.2024

Artificial intelligence in information security
Artificial intelligence in information security
information security

23.08.2021

Interaction module with NCCI on the Security Vision platform
Interaction module with NCCI on the Security Vision platform
information security

30.08.2022

MITRE's publication ‘11 World-Class SOC Strategies. Strategy #6 ‘Use Cyber Intelligence to Combat Attackers’
MITRE's publication ‘11 World-Class SOC Strategies. Strategy #6 ‘Use Cyber Intelligence to Combat Attackers’
information security SOC MITRE

13.06.2023

Visualisation: best practices
Visualisation: best practices
information security

30.11.2023

IRP/SOAR by law. Finance
IRP/SOAR by law. Finance
information security

18.10.2021

Review of NIST Publication SP 800-61 "Computer Security Incident Handling Guide". Part 2
Review of NIST Publication SP 800-61 "Computer Security Incident Handling Guide". Part 2
information security IRP SOAR

12.12.2022

Review of the Bank of Russia Standards. Security of financial (banking) operations
Review of the Bank of Russia Standards. Security of financial (banking) operations
information security

12.10.2021

FSTEC certification
FSTEC certification
information security

08.04.2024

SGRC by law. Finance
SGRC by law. Finance
information security

08.11.2021

Information security tools review: data and incidents
Information security tools review: data and incidents
information security TIP SIEM

19.09.2022

Recommended

Review of NIST SP 800-150 "Guide to Cyber Threat Information Sharing"
information security

05.07.2022

Review of NIST SP 800-150 "Guide to Cyber Threat Information Sharing"
IT and IS processes
information security

04.04.2024

IT and IS processes
Artificial intelligence in information security
information security

23.08.2021

Artificial intelligence in information security
Interaction module with NCCI on the Security Vision platform
information security

30.08.2022

Interaction module with NCCI on the Security Vision platform
MITRE's publication ‘11 World-Class SOC Strategies. Strategy #6 ‘Use Cyber Intelligence to Combat Attackers’
information security SOC MITRE

13.06.2023

MITRE's publication ‘11 World-Class SOC Strategies. Strategy #6 ‘Use Cyber Intelligence to Combat Attackers’
Visualisation: best practices
information security

30.11.2023

Visualisation: best practices
IRP/SOAR by law. Finance
information security

18.10.2021

IRP/SOAR by law. Finance
Review of NIST Publication SP 800-61 "Computer Security Incident Handling Guide". Part 2
information security IRP SOAR

12.12.2022

Review of NIST Publication SP 800-61 "Computer Security Incident Handling Guide". Part 2
Review of the Bank of Russia Standards. Security of financial (banking) operations
information security

12.10.2021

Review of the Bank of Russia Standards. Security of financial (banking) operations
FSTEC certification
information security

08.04.2024

FSTEC certification
SGRC by law. Finance
information security

08.11.2021

SGRC by law. Finance
Information security tools review: data and incidents
information security TIP SIEM

19.09.2022

Information security tools review: data and incidents

Other articles

What are Network Traffic Analysis (NTA) systems, how do they differ from NDR and IDS?
What are Network Traffic Analysis (NTA) systems, how do they differ from NDR and IDS?
information security SOAR MITRE

16.05.2024

Features of the new version of the Security Vision UEBA product
Features of the new version of the Security Vision UEBA product
information security SOAR UEBA (User and Entity Behavior Analytics)

04.04.2024

Review of the publication NIST SP 800-47 Rev. 1 "Managing the Security of Information Exchanges"
Review of the publication NIST SP 800-47 Rev. 1 "Managing the Security of Information Exchanges"
information security

21.02.2022

Logins, passwords and other authentication methods: description, features, threats
Logins, passwords and other authentication methods: description, features, threats
information security

10.06.2024

MITRE's publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #1 ‘Know what you are protecting and why’
MITRE's publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #1 ‘Know what you are protecting and why’
information security SOC MITRE

02.05.2023

Cybersecurity, cyber resilience, cyber training - what is it?
Cybersecurity, cyber resilience, cyber training - what is it?
information security

30.08.2021

Security Vision's ‘tricks’: data offloading
Security Vision's ‘tricks’: data offloading
information security

13.02.2023

Review of NIST Publication SP 800-124 Rev. 2 (Draft) "Guidelines for Managing the Security of Mobile Devices in the Enterprise"
Review of NIST Publication SP 800-124 Rev. 2 (Draft) "Guidelines for Managing the Security of Mobile Devices in the Enterprise"
information security

05.04.2022

Internet of Things and security
Internet of Things and security
information security

22.07.2024

Other articles

What are Network Traffic Analysis (NTA) systems, how do they differ from NDR and IDS?
information security SOAR MITRE

16.05.2024

What are Network Traffic Analysis (NTA) systems, how do they differ from NDR and IDS?
Features of the new version of the Security Vision UEBA product
information security SOAR UEBA (User and Entity Behavior Analytics)

04.04.2024

Features of the new version of the Security Vision UEBA product
Review of the publication NIST SP 800-47 Rev. 1 "Managing the Security of Information Exchanges"
information security

21.02.2022

Review of the publication NIST SP 800-47 Rev. 1 "Managing the Security of Information Exchanges"
Logins, passwords and other authentication methods: description, features, threats
information security

10.06.2024

Logins, passwords and other authentication methods: description, features, threats
MITRE's publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #1 ‘Know what you are protecting and why’
information security SOC MITRE

02.05.2023

MITRE's publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #1 ‘Know what you are protecting and why’
Cybersecurity, cyber resilience, cyber training - what is it?
information security

30.08.2021

Cybersecurity, cyber resilience, cyber training - what is it?
Security Vision's ‘tricks’: data offloading
information security

13.02.2023

Security Vision's ‘tricks’: data offloading
Review of NIST Publication SP 800-124 Rev. 2 (Draft) "Guidelines for Managing the Security of Mobile Devices in the Enterprise"
information security

05.04.2022

Review of NIST Publication SP 800-124 Rev. 2 (Draft) "Guidelines for Managing the Security of Mobile Devices in the Enterprise"
Internet of Things and security
information security

22.07.2024

Internet of Things and security

This website uses cookies to ensure you get the best experience.