Threat detection is classified as a type of security that goes beyond basic security analysis. It’s built into “appliances” or integrates into existing security infrastructure such as web gateways to ingest the gateway’s logs for analysis. Threat detection uses big data analytics to find threats such as malware or other remote access threats that attempt to enter an organization’s network with malicious intentions such as to lock files or exfiltrate data.
Threat detection solutions often include capabilities such as clustering, behavioral analysis, and automated investigation. Threat detection is the foundation of cybersecurity because it not only identifies threats and malicious communications but can provide critical information to update the preventive appliances such as firewalls and anti-viruses.