Context-aware security definition
Context-aware security is a category of cybersecurity tools and practices that consider the circumstances of security events to determine whether they are potential threats. Context-aware security aims to understand the who, what, when, where, and how of an activity to determine whether it is legitimate or malicious.
See also: critical security parameter, cybersecurity ecosystem, cybersecurity framework, cybersecurity mesh, data-centric security, endpoint security, enterprise security architecture, infrastructure security, network security architecture, perimeter security, security automation, security event management, security perimeter, system security
Context-aware security example
Alice is attempting to access sensitive company data from a new device outside of normal working hours. In traditional security models, any of these three circumstances — the sensitivity of the data, the fact that the device is unfamiliar to the network, and the fact that the access attempt is happening outside of business hours — may run afoul of the organization’s strict security policy and prevent Alice from getting the data she needs.
However, in a context-aware security framework, the system considers these additional factors together with other information, such as Alice’s typical work patterns and the location of the new device. If the access request aligns with Alice's usual behavior and is consistent with legitimate business needs, it may be granted without further intervention.
On the other hand, if the request deviates significantly from established patterns or poses a higher risk based on contextual factors, context-aware security may require Alice to take additional authentication steps or impose access restrictions to mitigate the potential threat.