Why Be Normal? Especially if you Don’t Know What Normal is!
Continuing his blog series on SecurityWeek, Tenable’s Marcus Ranum discusses the challenges in presenting and comparing system metrics. Metrics should be normalized and placed in context for effective communication. He uses several stock market charts to reinforce his message.
Figuring out what “normal” means is one of computer security's great challenges. Everyone seems to think that if we only knew what “normal” is, we'd be able to subtract it from what's going on around us and “abnormal” would magically fall out the other side. Unfortunately, it's not that easy.