Behavior analytics is the process of analyzing large volumes of data to identify the behavior of an entity that directly or indirectly creates the data. Behavior analytics applies machine learning tools to create a set of one or more behavior models. The behavior models describe sets of data that correspond to an anomaly of an expected pattern of data. Thus, the behavior model may be used to trigger an alert when an anomaly is present.
Behavior analytics may be used when managing network security. As data is received from various network devices, machine learning is applied to identify patterns in the data. Based on the patterns, the system may learn expected behavior and anomalous behavior. As new network data is received, the new network data is compared to the behavior model to determine whether an anomaly exists. When an anomaly is detected, further analysis is performed to determine whether the anomaly is a threat to the network. Accordingly, by early detection of threats to the network, the damage caused by the security threat may be mitigated.