Why It Matters?
A common anomalous behavior pattern is to connect to critical resources outside of normal hours. This can be due to either external or internal threats, where behavior deviates from normal usage patterns, where users or attackers establish command and control (C2) channels, perform lateral movements, or execute malicious actions.
What Exactly Does This Policy Do?
This policy helps protect from anomalous behavior by restricting connections to production resources to occur only during business hours. When the time window is shifted, the connection is denied. The policy can be enhanced by adding MFA and admin approval, and additional contextual attributes.
