The most simple definition of a Threat Detection and Response solution is that they monitor an organization's network activity and data for signs of threats, like intrusions, and then work out what kind of response is needed to remove this threat. The purpose of this is to automate the process of finding and solving security breaches that have made it through other security measures such as a network firewall. This involves using analytical tools to scan large data sets to find anomalies which could be potential threats. The solution will then automatically remediate the threat or guide the organization on the remediation process.
These solutions can be deployed as software which is deployed on Endpoints which connects back to a central management console for analytics and monitoring. This allows administrators to monitor their networks, infrastructure and Endpoints and resolve and security risks like malware, or intrusions in the system. They can also alert companies when devices are being used for unauthorized purposes, giving them companies a level of protection from insider threats.
The key features of a Threat Detection and Incident Response solution are: