Five lessons I learned from building anomaly-based threat detection

This is a short one for inspiring those planning or already adventuring with anomaly detection as part of their use cases backlog.

Anomaly-based detection is the process of comparing definitions of what activity is considered normal against observed events to identify significant deviations.

Above definition is from Security Controls Evaluation, Testing, and Assessment Handbook (2016)…