Seasonality in product sales: Numerous products such as chocolates, summer clothes, workout gear, and Halloween costumes belong to seasonal markets. The demand for these products typically peaks for a few days or months and then tapers off. Depending upon the market, the sales that can be attributed to seasonality can vary. For instance, the sales of winter clothes during the winter months may actually eclipse the sales during the rest of the year.
Seasonality in water consumption: This is an easy example to understand: People usually consume a lot more water during the summer months.
Seasonality in the stock market: Historically, stocks have underperformed between the months of May and October but have done well from November to April. There is a popular saying that goes, "Sell in May and go away."
Is there an example of seasonality when it comes to an organization's computer network? Yes, there is...
The three examples above involve relatively rare occurrences that are seasonal in nature, but, they're not anomalies.
An anomaly, by definition, is something that deviates from what's expected. These three activities (and others like it), though rare, aren't anomalies because they start to become accepted as normal after they occur a few times. They're normal activities that follow a seasonal trend.
It's important for organizations to detect anomalies that happen in the network to ward off potential cyberattacks. To do this, organizations typically use a security analytics solution or a SIEM solution that has anomaly detection capabilities fueled by machine learning algorithms. This solution creates a baseline of expected behavior for every user and host in the network. If a user's or host's observed behavior deviates beyond a learned threshold, it's flagged as an anomaly and the risk score is raised accordingly.
The machine learning algorithms used to detect anomalies must be able to account for seasonality. They should understand seasonal effects on the behavior of users and hosts and be able to identify a particular activity as non-anomalous even if it's rare. After accounting for seasonality, no red flags should be identified and risk scores should not be raised. So, what if the activity occurs outside of this seasonal window? That would be an anomaly, as the use case below illustrates.
Your bank operates on the first and third Saturday of every month. On the second Saturday of month, your security analytics platform notices an employee logging into the network. A lesser trained system would accept this; after all, the employee was online the previous Saturday, so why not today? But yours is well-trained to spot seasonal anomalies just like this. It knows the difference between the various Saturdays of a month. An alarm goes off, and the risk score of the employee increases.
Defend against sophisticated threats.
Get started with Log360 UEBA.
Download© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.