Developing Situational Awareness

Today's Threats Require Network Security Pros to Broaden Skills

By Upasana Gupta, June 29, 2012.
Developing Situational Awareness

With continuous attacks on organizations' networks, it is impossible for network security analysts to mitigate them one by one. Instead, they must learn to identify and mitigate attacks on a broader level by combining and analyzing data with threat patterns across the network.

See Also: OPM Breach Aftermath: How Your Agency Can Improve on Breach Prevention Programs

It's all about network situational awareness, says Ed Stoner, a senior researcher at the Software Engineering Institute at Carnegie Mellon University. Since 1998, Stoner has researched new approaches to analyzing broad network activity. A major part of his research focuses on this concept.

Network situational awareness is essentially the ability to monitor large networks and analyze bulk data collections from various data sources, with the ultimate goal of detecting malicious activity. According to Stoner, this approach is crucial for network and security analysts in order to effectively defend networks from new level of threats and malicious activity such as Stuxnet.

"The gap we often find is that network practitioners are still very narrowly focused in looking at network flow data for signs of intrusion," he says. "But from the network traffic alone, it is not easy to distinguish malicious traffic and not malicious traffic."

For example, if there is a piece of malware in the network, it may use the ACTP protocol and transfer data back and forth just like a web browser does. This may appear normal to a network analyst.

In this case, network security analysts need to combine behavioral data about malicious artifacts with the network traffic flow data to understand malicious activity across the network.

"Without combining relevant data sets impacting the network, security professionals will fail in characterizing threats and targeted intruder activity," Stoner says.

Broadened Career Options

The bonus: By effectively targeting vulnerabilities within networks, network security professionals who embrace situational awareness also can see a positive impact on their careers.

This broadened knowledge provides practitioners with more career options in multidisciplinary areas of incident response, malware analysis, web security and data analysis. "These are all hot, in-demand job skills within the IT security industry today," says John Reed, executive director at Robert Half International, an IT staffing firm.

Organizations are heavily investing in practitioners who are entrusted with network security tasks and have a holistic view of protecting their environment to ensure their data is safe.

The number of network security-related job openings listed on, the largest IT job search site, has risen significantly in 2012. Employers have posted 13 percent more jobs for network specialists so far this year.

Reed also finds many network security specialists escalating to leadership positions in IT and information security. The key skill employer's demand is a broad understanding of protection and mitigation strategies to prevent attacks from taking place, he says.

"All they want is an individual who can keep their company's networks safe from ongoing cyber threats like malware and hacking."

But having a good situational awareness to proactively identify threats requires three key skills, Stoner says.

3 Key Skills

The must-have skills for network security pros who want to enhance their situational awareness:

  • Incident Response: From the situational point-of-view, the network analyst should be able to prioritize among incidents such as insider threat or an external breach. Practitioners should know which type of incident needs immediate attention. They also should collect and analyze information based on the prevalence of incidents with insider threat behaviors or a breach activity and accordingly act to control the most damaging ones first.
  • Malware Analysis: To be able to identify malicious activity, network security professionals must be aware of different behaviors malware exhibit. They must understand the network and host-based indicators that reveal the presence and activity of a malware.

    For instance, network security pros should be able to identify if the malware is persistent and understand the mechanism it uses to keep running after a machine is rebooted, or how far the malware has spread and what likely attacks can be expected.

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Employing Technology to Ensure Privacy

Automating the process of excising personally identifiable information when sharing data is a...

Latest Tweets and Mentions

ARTICLE Employing Technology to Ensure Privacy

Automating the process of excising personally identifiable information when sharing data is a...

The ISMG Network