Network-Wide Awareness

In this chapter we continue the theme of awareness formation started in the preceding chapter. Here, however, we focus on a particular type of CSA that deals with the holistic, network-wide view of a network. We use the term “macro” CSA to refer to the overall dynamics of the network that is seen as a single organism and where individual elements or events are perceived in aggregate. This contrasts with CSA that focuses on individual atomic elements of the network’s assets or behaviors, such as an individual suspicious packet, an alert of a potential intrusion, or a vulnerable computer. On the other hand, atomic events can have a broad impact on the operation of the entire network. This means that the scope of CSA must accommodate both “micro and “macro” perspectives. The process of gaining network-wide awareness includes discovery and enumeration of assets and of defense capabilities, along with threat and attack awareness. We argue that effective CSA must focus on improved decision-making, collaboration, and resource management, and discuss approaches to achieving effective network-wide SA.