Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors

Posted on in Presentations

Cyber-defense centers on “what” a technology is designed to look for, with capabilities and limitations depending on method. Three distinct approaches have emerged: traditional IOCs, anomaly detection and behavioral analytics. Unfortunately, marketing has muddied these terms beyond recognition—this presentation will correct this by critically examining each approach and its capabilities.

Learning Objectives:
1: Gain understanding of defense detection methodologies.
2: Evaluate the costs and benefits inherent to different detection approaches.
3: Make decisions for the organization relevant to the organization's security needs.

General knowledge of detection methodology and technologies, awareness of current product types performing threat detection and alerting, and broad knowledge of general security incidents.

Joe Slowik


Senior Manager, Threat Intelligence & Detections, Gigamon

Share With Your Community