Baselining

Baselining is a threat hunting technique that involves establishing a baseline of normal activity and behavior within an organization's network and systems

• This data is then used to establish a baseline of normal activity patterns and behavior within the organization

• Once the baseline has been established, security teams can monitor the network and systems for any deviations or anomalies from the norm. For example, if network traffic suddenly spike beyond the established baseline, this may indicate a potential DDoS attack

The baselining technique can be particularly useful in detecting insider threats, as it can identify abnormal user behavior that may indicate a compromised account or unauthorized access

By establishing a baseline of normal activity and behavior, security teams can more easily identify deviations that may indicate a potential threat

User Behavior Analytic (UBA) solutions typically use baselining techniques to identify deviations from normal activity in an environment