Because companies are so large and have many employees and customers, it can be hard to keep on top of cybersecurity and manually keep track of anything going wrong. Luckily, businesses have smart tools known as Behaviour-based signatures which help detect anomalies!
So, What Is A Behaviour Based Signature (BBS)?
- A BBS is a tool used by companies to establish what normal network traffic looks like for their organisation. By knowing what normal looks like, the system can easily spot anomalies that might signify an attack.
- BBS’s can be different for each company, and can also change based on the day or time.
- An anomaly does not signify an attack, but it can be a good indicator.
Different Types Of Behaviour Based Signatures
- Honeypots. A honeypot is essentially a trap for hackers. It is a system set up by the organisation to lure a hacker in. Once a hacker tries to act on the system, the organisation can see the steps the hacker takes and where security issues lie so they can build better defences.
- Netflow. A Netflow will sit within a network and looks at all the network traffic flowing around to build up a picture of what looks normal.
- Intrusion detection systems. These are dedicated devices or server parts that have the role of logging and alerting any anomalies so they can be acted upon.
- Intrusion prevention systems. The intrusion prevention system works in partnership with the intrusion detection systems. Intrusion prevention systems block and deny traffic that could be harmful.
A huge thank you to Leila for taking the Academy stream of Explore through this cybersecurity terminology.
