Episode 33 — Design network visibility that matters: telemetry selection and baseline behavior modeling
This episode teaches how to design network visibility that produces actionable security outcomes instead of overwhelming teams with noise. You’ll define telemetry as the signals collected from networks and devices, then explain which sources are most useful for detecting threats, investigating incidents, and validating controls. We’ll cover selecting telemetry such as flow records, firewall logs, DNS data, proxy events, authentication-related network signals, and intrusion detection outputs, with an emphasis on choosing signals that support realistic threat scenarios. You’ll also learn baseline behavior modeling, meaning you understand what “normal” traffic looks like so anomalies stand out as meaningful, not random variation. Real-world scenarios include spotting unusual outbound connections from a server, detecting lateral movement patterns, and identifying unexpected DNS behavior that hints at command-and-control. Troubleshooting includes handling incomplete coverage, inconsistent time settings, noisy environments with frequent change, and ensuring the visibility design is tied to response workflows so telemetry leads to decisions, not dashboards. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.
