How to Use Tech to Better Your Situational Awareness Program
Shawn Murphy | February 19, 2020
Situational Awareness5 min read
As we head into the new decade, the buzz has been increasing about how Bluescape customers are leveraging our solution to gain a competitive edge with regards to the ability to understand, plan, and react to situational awareness.
Whether it be part of an ongoing command and control program, or simply managing planned or even unplanned events, the ability to collaborate as a unified team in numerous situations demands a solution that can scale to each type of event.
For security and risk management (SRM) teams, a technology solution, like Bluescape, helps SRM leaders respond to a situation in a variety of ways. Let’s take a look at some of the most common ways this is accomplished within a Bluescape workspace. We’ll begin with the concept of situational scalability and then examine the three areas of situational awareness directly supported by Bluescape: continual monitoring, planned events, and unplanned events.
Throughout this post, I reference Bluescape workspaces. Workspaces are virtual and hold all content that gives you a view into everything you need to anticipate the unanticipated as it relates to a potential threat. This helps you respond swiftly to whatever threat you are monitoring.
Situational scalability refers to the concept that no matter the event, incident, or program, your security work can always be performed securely within a given Bluescape workspace. The benefit of this is it allows continued collaboration from all team members.
Furthermore, situational scalability is agnostic to the size of the team required to collaborate at any given time. The audience and participants of the workspace can be very small in the case of an insider threat or as broad of an audience as your entire company with regards to security policies and procedures.
No matter whether you are managing a Business Continuity, Disaster Recovery, or Incident Response Program, Bluescape provides you the ability to implement situational scalability to align with your organizational directives, policies, and procedures.
It goes without saying that no matter the size of an organization, continual monitoring of the situational awareness is essential. In the event of a security issue, the situation’s diagrams, logs, and other sensitive documentation are all within reach in a Bluescape workspace. It’s critical for a Physical Security, Network Security, and a Security Operations Center (SOC) to have immediate access to assess and decide how best to respond to a security threat.
One example of a continual monitoring workspace within Bluescape is our “Ethical Hacking Town Hall” workspace. This collaborative team process allows Bluescape employees to identify any scenario that they deem to be a potential threat and could be exploited by an attacker. This workspace serves two functions for the Bluescape security program: it identifies previously unknown threats, thereby improving our Threat Modeling Program. Additionally, it provides new security tests to be incorporated into our ongoing ethical hacking/pen-testing program.
In the world of Cyber Security, the vast landscape of an organizational attack surface provides a target-rich environment for a Bluescape workspace. Periodic Application or Network Penetration Tests, Security Team Meetings, Red Team Exercises, and Table-Top Exercises are just a few examples of prime real estate for a Bluescape workspace.
As an example of a planned event, Bluescape Security uses a workspace dedicated to Security Incident Response Table-Top Exercises. This workspace is designed to contain information only limited to just a few people, thereby limiting the “need to know” as various scenarios are proposed, discussed, and approved.
While no one can predict the future, Bluescape workspaces help security professionals prepare for many scenarios. What if your US-based or worldwide teams were able to collaborate in numerous workspaces to handle an unpredictable threat: a natural disaster, a terrorist attack, or a World Health Organization alert, for example?
In another example of “practicing what you preach”, the Bluescape HQ office in San Carlos, California, has developed a Bluescape Business Continuity (BC) and Disaster Recovery (DR) workspace to plan for and react to various scenarios. Quarterly meetings are held by the BC/DR team within the workspace. All members contribute in real-time and plan for annual BC/DR exercises and training.
As in the case of Bluescape workspaces, there is no longer a need to search through emails, shared drives, IMs, to find content. Once your team is in the workspace, everything can be organized however you want. It, then, is always at your fingertips. Think of it as a “one-stop-shop.” To illustrate this, here’s an example.
In order to make this scenario a reality, Bluescape is working with Cisco to expand the power of Webex by enhancing meeting experiences. Under this scenario, a leader needs to create a workspace to manage a given situation. The leader creates the workspace, invites key members or groups, enters the workspace and fires off a Webex invite and waits for team members to join the call.
As the team members join the call, they can see the workspace and begin virtually collaborating: writing notes and uploading various documents, for example. Once the meeting is over, the project space for the situation is always available for continuous work from any interactive touchscreen, laptop or mobile device.
The dynamic reality of any situational awareness issue is best overcome when the intersection of technology, process, and people facilitates fast decisions and a quick resolution of the threat. Bluescape helps bring together people and processes in an efficient manner.
In conclusion, our new and existing customers continue to realize the power of Bluescape as it provides a solid foundation to support their Situational Awareness Programs. No matter if it is continually monitoring a given situation, planning a future event, or reacting to an unplanned incident, the freedom to scale up or down as events dictate helps our customers work as a unified team across the globe within one single location.
RSA Conference 2020
To learn more about how Bluescape can help develop, enhance, and support your Situational Awareness Program, come visit us at booth #2165 in Moscone South at theRSA Conference USA 2020, February 24-27 or contact us athttps://www.bluescape.com/contact/ to schedule a private, C-Suite Level presentation just a few blocks away from the RSA Conference at our local showroom.
Author: Mark Willis is Bluescape’s Chief Information and Security Officer. Prior to joining Bluescape, Mark has led international Application Security Programs, Mergers, Acquisitions and Integration, IT Project Management, Enterprise IT Security, Third Party Risk Governance, DevSecOps, Incident Response teams.