A Study on the State of Practice in Security Situational Awareness

We present the results of an interview study on the state of practice for Situational Awareness (SA) in the cybersecurity industry. Representatives from four global companies providing cybersecurity monitoring and analysis services and products were interviewed to get a view into the current state of practice in SA. The interviews were performed as a form of thematic interview, resulting in the classification of the results in three main areas of SA, i.e., how security is modelled, what information is collected, and how the data is analyzed. We describe the topics covered by the interviews, the common issues and methods, their differences, and provide a summary view on the current state of security monitoring and analysis in the cybersecurity industry. We also describe potential future work in terms of identified challenges in the area. The results help understand various aspects of cybersecurity situational awareness, to identify gaps between research and practice, and to build holistic SA solutions.