Network Security
Anomaly-Based Detection
Also known as: Behavioural detection, Heuristic detection
Definition
A detection approach that builds a baseline of normal activity and flags deviations from it as potentially malicious.
Examples
- A UEBA flagging a service account that suddenly authenticates from a new country at 02:00.
- An NDR alerting on outbound traffic volume from a database server that triples without a deployment change.
Related terms
Signature-Based Detection
A detection method that compares observed traffic, files, or behaviour against a database of known-bad patterns (signatures) to flag malicious activity.
Intrusion Detection System (IDS)
A passive security control that monitors network or host activity for malicious behaviour and raises alerts without blocking traffic.
NDR (Network Detection and Response)
A network security technology that analyses traffic — including decrypted, metadata and flow data — using behavioral analytics and ML to detect threats and orchestrate response.
UEBA (User and Entity Behavior Analytics)
A security analytics approach that profiles normal behaviour of users and entities, then flags statistical deviations that may indicate compromise or insider misuse.
Threat Hunting
Threat Hunting — definition coming soon.
Indicator of Attack (IoA)
Indicator of Attack (IoA) — definition coming soon.