Detect and Investigate DNS Tunneling with Security Analytics

To a leading global food and beverage company, cyber security is the lifeline for all information security functions including security strategy, security consulting, risk assessment, security detection and incidence response.

Read More

Prioritizing IT Monitoring Alerts with Anomaly Severity Scores

As IT environments grow in scale and complexity, IT operations teams often struggle to keep up with the resultant explosion of monitoring alerts. Since alerts are a critical early warning system, finding a way to reduce false positives and prioritize alerts becomes a critical success factor. Many IT organizations are successfully addressing this challenge by adding behavioral analytics to their arsenal - most notably in the form of machine learning anomaly detection. This post explores an approach to effectively deal with the issue of overwhelming alert "noise" using a customer success story.

Read More

Anomaly Scoring

I often get questions about our product’s “anomaly score” and how it relates to the “unusualness” of individual occurrences within a data set. It can be very helpful to understand how the anomaly score is manifested, what it depends on, and how one would use the score as an indicator for proactive alerting. This article, while perhaps not the full definitive guide, will serve as a practical overview of the way that Prelert does anomaly scoring.

Read More

Partitioning vs. "Split By" Clause in Anomaly Detection

In a previous blog, I promised I would explain the differences between "partition field" and "by field" because while they seem very similar at first, there is a subtle but important difference in the way individual anomalies influence the overall anomaly score over time. So, if you like these detailed, configuration-based articles I occasionally write, read on!

Read More

Splunk search quirks and edge cases

We've been developing Prelert Anomaly Detective® for Splunk for around 3 years now, and in that time have learnt a lot about the rarely-visited parts of the Splunk search language.

If you're planning to write any complex custom search commands of your own then here are a few insights you might find helpful.

Read More

Optimizing Anomaly Detection LookBack with maxSearchBuckets

A handy feature of Anomaly Detective’s real-time search configuration is the option to invoke “LookBack” - a capability that will “backfill” historical data to help build some historical baseline analysis before deploying anomaly searches ongoing. You can use the following method to optimize the speed at which LookBack runs and completes.

Read More

Your next digital security guard should be more like RoboCop

As originally published by Network World.

Humans are clearly incapable of monitoring and identifying every threat on today’s vast and complex networks using traditional security tools. We need to enhance human capabilities by augmenting them with machine intelligence. Mixing man and machine – in some ways, similar to what OmniCorp did with RoboCop – can heighten our ability to identify and stop a threat before it’s too late.

Read More

Data interchange formats and performance

When two programs need to exchange data they need to agree a common format for the data in transit.  This could be a binary format, or it could be some sort of human readable text.

The binary format could be defined by one of numerous pieces of middleware, or a public format such as Google Protocol Buffers.  The text format could be one of the titans of data formats: XML or JSON.  Or it could be something more old-fashioned, like comma separated values (CSV).

Read More

Bringing Alert Management into the Present with Advanced Analytics

As originally published by APMDigest.

We have smart cars on the horizon that will navigate themselves. Mobile apps that make communication, navigation and entertainment an integral part of our daily lives. Your insurance pricing may soon be affected by whether or not you wear a personal health monitoring device. Everywhere you turn, the very latest IT technologies are being leveraged to provide advanced services that were unimaginable even ten years ago. So why is it that the IT environments that provide these services are managed using an analytics technology designed for the 1970s?


Read More

Excluding Frequent from Analysis for Smarter Anomaly Detection

A new feature with v3.5 of Anomaly Detective is the ability to automatically exclude frequently observed entities from analysis. In this article, we’ll discuss the rationale behind this setting and it’s applicability as an alternative to “whitelisting."

Read More

Subscribe to updates

Data-Driven Security Analyst Research

why all IT Security professionals should be using anomaly detection software

New Call-to-action

Free Whitepaper: 3 Ways that Anomaly Detection Software Improves Your IT Operations and Performance Issues

New Call-to-action
Anomaly Detection: A Look Under the Hood - Watch the technical video now
New Call-to-action
New Call-to-action
New Call-to-action