It is generally accepted in the information security
community that a good way to identify threats is
to look for “anomalous behavior.”
That’s all well
and good, but we have discovered that
seemingly normal behavior has led to successful
security breaches and massive data loss for many
companies out there.
How do you know what to
look for? How does one actually pinpoint potentially
dangerous activity in your systems, even if it appears
normal?