Assigning mappings to Anomaly Shield applications

Every Anomaly Shield application can include one or more mappings for data collection, training, and protection. The decision to combine or separate mappings should be based on traffic similarity regarding their behavior, the underlying business logic, and the back-end technologies used.

Combine mappings into one Anomaly Shield application in the following cases:

The mappings behave similarly (i.e., they handle homogeneous traffic).
The mappings correspond to similar business functions or user groups.
Combining mappings results in higher request volumes, which accelerates training and improves model quality.

Keep mappings in separate Anomaly Shield applications in the following cases:

The mappings differ in terms of the underlying business logic:
- They correspond to different business functions.
- They correspond to different user groups (e.g., regular and professional users).
The mappings differ in terms of the back-end technologies used, e.g.:
- Desktop vs. mobile applications
- Different technical components
- Different software versions with possibly major changes
Different business logics generate inhomogeneous traffic. Different back-end technologies can generate non-comparable traffic. Note that inhomogeneous or non-comparable traffic can reduce the accuracy of anomaly detection. Anomaly Shield applications work best with homogeneous and comparable traffic.

Examples

The following examples demonstrate how the above rules can be applied:

Use case	Mappings	Reason
An online banking application uses Airlock IAM to authenticate its users.	separate	The online banking application and Airlock IAM use different back-end technologies and provide other business logic.
The same users use an online banking application and a trading platform application.	separate	If the applications are from different vendors, the back-end technology and business logic difference is sufficient to keep them separate.
	combined	If the applications are from the same vendor and use the same back-end technology, you should keep them combined.
A large WordPress site that hosts portals for multiple customers.	combined	The back-end technology is the same and the business logic is still very similar. These sites should be kept combined.