A
network baseline documents normal network behavior — traffic volumes, protocols, communication patterns, bandwidth utilization — enabling anomaly detection when deviations occur.
Baselines must be established before deploying anomaly detection. Baselines change over time (business growth, new apps) — update them. Unusual deviations from baseline often indicate malware, data exfiltration, or misconfigurations.