In general, behavioral analytics is a branch of network administration that seeks to gain insight into the operation of the network by assessing the behaviors of the devices in the network. This insight can then be used for a variety of different purposes such as making load balancing decisions, security assessments, access control, to ensure that traffic quality of service (QoS) levels are met, and the like. For example, in the context of network security, a host device infected with malware may exhibit behavioral changes when compared to non-infected hosts, thereby facilitating detection of even previously unknown types of malware.
While behavioral analytics can be quite powerful in certain situations, capturing and reporting information about the monitored devices for use by a behavioral analytics system is itself a distinct branch of study. In particular, much like Heisenberg's Uncertainty Principle, the very nature of observing device behavior in the network can have an effect on the behavior of the devices and of the network as a whole. Typically, the more information gathered and collected about the behavior of a device, the more the behavior of the device and the network at large may change. For example, executing a monitoring agent on a host device to capture information about the behavior of the device will consume available resources of the host. Further, reporting large amounts of collected data regarding the behavior of a host will consume network bandwidth and other resources, which could impinge on user traffic in the network.