Every Anomaly Shield application can combine one or more data collection, training, and protection mappings – but how can you decide whether two mappings should be combined into the same AS application or kept separate? The information in this article should help answer this question.
- General considerations:
- Mappings that behave similarly should be combined into a single AS application. Combining multiple mappings into a single AS application allows for faster training data collection and improves model training to determine normal (non-anomalous) traffic.
- Mappings that protect back-end applications with different technology or different business logic should be assigned to separate AS applications.
- Separate AS applications for mappings with differences in business logic:
- Mappings belong to different business functions.
- Mappings cover different user groups, e.g. normal users and professional users.
Different business functions and user groups generate inhomogeneous traffic – an AS application works best with homogeneous traffic.
- Separate AS applications for mappings with differences in used technologies:
- Mappings distinguish between a desktop and mobile application.
- Mappings belong to different technical components.
- Mappings belong to different software versions, and there may be significant changes between versions.
Different back-end technologies and functions can generate non-comparable traffic – an AS application works best with comparable traffic.