Spend Anomaly Detection
The Cloud Spend Anomaly Detection service module monitors your cloud accounts for excessive spending and abnormal patterns of behavior that may indicate the accounts have been compromised, or that resources are being used for fraudulent activities, such as crypto-mining.
To identify abnormal patterns, we use your Cloud Provider’s:
Spend API and
Spend Anomaly Controls.
Once your account has been onboarded for at least a month:
We establish a baseline budget for your cloud spend, and then
After the end of every month, we use automation to dynamically adjust the budget threshold. We generate an alert, to make you aware of the spending amount1 if the monthly spending exceeds either:
three (3) times the budget, or
three (3) times the average spending from the last three months.
1Unless the spend is less than 10,000 USD, in which case we set the budget default to 10,000 USD.
In the event of an alert, we will contact you to confirm if the spending was expected. If it was not, we will create an Support ticket and investigate, following the Incident Management process to resolve the issue.
In the event of an alert, an incident is created immediately and assigned to the Network Operations Centre (NOC). They will ask you if spending is expected, where:
If the spending is expected, they close the incident, or
If the spending is not expected, they follow Incident Management Framework to resolve the incident.
Spend Anomaly Detection–AWS Architecture
Spend Anomaly Detection, AWS Architecture