July 2013: Normal traffic on your company’s network means smooth hopping ahead. But what about when something unusual happens? Should your IT team ignore it? No way!
Your network communicates with a few locations regularly — like local servers, mail servers, Google, cloud apps and others — so detecting something different is critical. Anomalies may be attempts to infiltrate your network or infect it with malware or viruses. Here are the top three ways anomaly detection helps keep your data safe:
1) Detects emails coming from people not your whitelist or that contain certain keywords (i.e., spam filters)
Kaspersky reports that spam accounted for 66.65% of all email traffic for the first quarter of 2013. While that’s down from all-time highs, spam that targets the U.S. is up 13.5% from last year. The anomaly approach to fighting spam looks at how closely the email content in new messages matches the content in old (and legitimate) emails. This technique, alongside traditional spam filtering techniques like whitelisting and blacklisting, is very effective at keeping malware and phishing schemes out of your pond.
2) Detects activity with a network in an unusual location
Do you usually do business with people in China? Maybe. How about Nigeria or Cameroon? Paying attention to where activity is coming from can be an immediate indicator of foul play. Especially if it comes in bursts rather than in random occurrences. For example, if there’s suddenly a lot of activity from a computer network in the Philippines and you’ve never done business with anyone in the Philippines before, that’s an anomaly. And that could be a problem.
3) Detects activity at unusual times of day
It’s the middle of the night so everyone from your office is probably sleeping and the only sounds on your network should be the digital equivalent of chirping crickets. But instead, your system administrator hears the grass rustling. That’s an anomaly, and it needs to be checked out. And possibly stopped right away. Whether you call it an anomaly, outlier, deviation, peculiarity, intrusion or any other scary word, your IT team needs to be looking for it 24/7 to outsmart the fraudsters!