This is where an organisation’s usual business activity and behaviour is monitored. Any anomalies or sudden changes in behaviour, such as with application usage, are flagged up. This means malicious attacks can be stopped as early as possible.