After this lesson, you will be able to: Understand AI threat detection, what behavioral anomaly tools find that signature tools miss.
Signature detection requires a known pattern. Behavioral AI baselines normal activity per user/host/network and flags deviations. Catches insider threats, novel malware, compromised credentials.
Train ML on N days of normal activity per entity. New activity scored against baseline. Anomalies above threshold → alert. UEBA for user behavior; NTA (Network Traffic Analysis) for network.
Darktrace. UK firm, behavior anomaly across whole network.
Microsoft Defender XDR. Microsoft's UEBA + EDR + email + identity correlation.
Microsoft Security Copilot, natural-language analyst assistant.
Vectra, network-focused AI detection.
Exabeam, Splunk UEBA, bolt onto existing SIEM.
Models flag 'unusual'. Most unusual is benign (employee on vacation, working from new device). Tuning is hard. Mature deployments use risk scoring (UEBA score + other signals) to combine into actionable alerts.
Pick.
Sign in and purchase access to unlock this lesson.