Any deviation from what’s considered normal is an anomaly. Not all anomalies are bad, though! For example, it’s an anomaly when a retail company that has never sold much on Sundays breaks its all-time daily sales record on a Sunday, or when the pitcher has the highest runs batted in on their baseball
It would also be anomalous if an organization’s employee accessed a sensitive file server for the first time ever and deleted major chunks of data. That’s the kind of anomaly that can signal a major security breach—and that’s the kind of anomaly that this book is all about.
About This Book
One of the best ways to defend against both internal and external attacks is to integrate anomaly detection, a.k.a. user and entity behavior analytics (UEBA) capabilities, into your security analytics solution.
In this book, we make a strong case that anomaly detection is essential for effective cybersecurity defense. We compare the different types of security anomalies—time, count, and pattern— and explain what each one looks like in real-life situations. You discover how to create baselines using techniques such as Robust Principal Component Analysis (RPCA) and Markov chains, and we explain how to determine your risk appetite and calculate your risk score. There are many risk types, and we break them down for you, and then show how to use two different methods to score risks more accurately: peer group analysis and seasonality.