Several use cases for anomaly detection don’t fit typical signature detections of typical industry-wide trends involving ransomware, data exfiltration, or command and control signatures, IBM’s Shriner says. These include insider threats, fraud detection, IT systems management, and more.
But, before doing anything else, CISOs must first recognize they need the insights they can gain from more bespoke anomaly detection. “With a basic understanding of how that data knowledge can be used, in use cases like data exfiltration, compromised credentials, malware beaconing, and insider threats, organizations can then create a strategy for anomaly detection that fits their specific business case,” says Shriner.
Potter thinks organizations should seek balance when devising their custom anomaly detection programs. “For most organizations, you don’t have time to tinker yourself to come up with some anomaly detection capability on your own,” he says. “That’s where I think organizations get into trouble. You’re all in on signature detection, so if anything new happens, you’re blind to it.”