SH&NR Week 6 Posting - Port Security

Behavioral and Anomaly Analysis 

Behavioral and Anomaly Analysis are categories of analysis that provide cybersecurity professionals with data results to identify malware or other malicious activity. While these two categories are similar and can almost be used interchangeably, such as network behavioral anomaly analysis, they each look at network traffic and other activity in a slightly different way.  

Behavioral Analysis

The main point of Behavioral analysis is that it studies various data in an organization to establish a baseline. Network traffic, database activity, user activity, and system events are all example of data that is used to establish that baseline. Using that baseline AI or human analysts can monitor and identify any extraneous activity. Behavioral Analysis looks to see who is doing what, when they are doing it, and how they are doing it. 

Anomaly Analysis

Anomaly analysis also looks to establish a baseline. Rather than being based on organizational behavior, anomaly analysis baselines are a set baseline. Anomaly analysis focuses on measuring the deviation from this baseline and determining whether that deviation is statistically significant (Chapman, 2021, p. 263). Anomaly analysis look to identify what is different from normal or the baseline. They can be one-time anomalies or be connected in a group of anomalies. 

Reference:

Chapman, B., & Maymí, F. (2021). Comptia Cysa+ Cybersecurity Analyst Certification Exam Guide (exam CS0-002). MCGRAW-HILL EDUCATION.