What is Anomaly Detection?

Anomaly detection is examining specific data points and detecting rare occurrences that seem suspicious because they’re different from the established pattern of behaviors. Anomaly detection isn’t new, but as data increases manual tracking is impractical.

Why is anomaly detection important?

Anomaly detection is especially important in industries like finance, retail, and cybersecurity, but every business should consider an anomaly detection solution. It provides an automated means of detecting harmful outliers and protects your data. For example, banking is an industry that benefits from anomaly detection. Using it, banks can identify fraudulent activity and inconsistent patterns and protect data. 

Data is the lifeline of your business and compromising it can jeopardize your operation. Without anomaly detection, you could lose revenue and brand equity that took years to cultivate. Your business faces security breaches and the loss of sensitive customer information.  If this happens, you stand to lose a level of customer trust that may unrecoverable. 

What is the history of anomaly detection?

Organizations used to manually examine data points, seeking clues and insights into how their systems were performing. Root causes weren’t always uncovered using this method.  An organization might have noticed   a change in behavior, but they couldn’t uncover the root causes. In situations like this, the problem persists and their data was at risk.  Today, anomaly detection leans more on machine learning (ML). ML helps identify those hard to identify outliers, mitigate them, and protect your system.

Where will anomaly detection go next?

Predictability is the next step for anomaly detection. With predictability you can find outliers on a machine level. Finding them helps prevent harm to your system before they occur. For example, a hospital that doesn’t know what an attack will look like can benefit from predictability. With predictability, the hospital can write rules to prevent the attack, protect sensitive data, and their environment.

What are the benefits of anomaly detection?

Anomaly detection offers several benefits. First, you can localize and address an issue before it reaches other parts of your system. This results in a costs savings as you’re only addressing one area instead of your entire system. Customer service comes into play with anomaly detection. When your system is compromised chances are your internal and external customers, will pay the largest price. Through anomaly detection you can minimize this threat and more importantly, maintain trust across all of your customer segments.

What are the challenges of anomaly detection?

Scaling is the most common challenge customers encounter when deploying an anomaly detection strategy. Most customers aren’t currently using this technology and scaling your operations to support it can be difficult.  Establishing proper data thresholds is challenging. Doing this ensures the integrity of your efforts isn’t compromised once your solution is deployed.

Who uses anomaly detection?

Platform and Security Administrators, Application Developers and Site Reliability Engineers are most likely to use anomaly detection.

What does anomaly detection do?

Anomaly detection identifies suspicious activity that falls outside of your established normal patterns of behavior. A solution protects your system in real-time from instances that could result in significant financial losses, data breaches, and other harmful events.

How do you create an anomaly detection strategy?

An anomaly detection strategy begins by identifying Key Performance Indicators (KPI’s). These are typically tied to the business problem you’re working to solve. You’ll also need to understand the characteristics of your data. How does it flow into your network? Is it continuous or batch? What data points are you tracking? Answering these questions helps sculpt your strategy as the data plays a major role in this process. Next, create a budget and set goals. Lastly, make sure each member of your team understands the goals and the role they play in achieving them.

What are AWS offerings for anomaly detection?

AWS offers a broad portfolio of anomaly detection solutions including AWS Panorama, Amazon CloudWatch, Amazon DevOps, and Amazon OpenSearch to name a few.

The diagrams below provide a view of some of the Panorama and Kinesis architectures.

How does anomaly detection with AWS work?

This depends on the specific need. AWS offerings several solutions including:

  • Amazon Sagemaker: Sagemaker is a cloud machine-learning platform. It can be used to generate predictions and track behaviors without writing code.
  • Amazon Kinesis: Kinesis is used for data ingestion and features a function that attaches scores to each anomaly detected. Kinesis is a managed tool which makes it easy to identify an anomaly and respond in real-time.

How are other customers implementing anomaly detection?

Amazon customers enjoy being able to customize our tools to meet their needs. Isolation is a key factor in their businesses and anomaly detection allows them to do this. Amazon solutions have a predictive element to them which is important because customers want to understand how the anomaly happened. This helps create solutions that predict future occurrences and protect their systems.

Customers who have seen the benefits of Amazon  anomaly detection solutions include Autodesk, FOX, Zynga, and NextDoor.

For more information please visit the Amazon Managed Service for Apache Flink Customers page.


Next steps on AWS

Check out additional product-related resources
Learn more about Analytics Services 
Sign up for a free account

Instant get access to the AWS Free Tier.

Sign up 
Start building in the console

Get started building in the AWS management console.

Sign in