In DLP, Behavioral Analysis is an analysis of entity (e.g., endpoint, server) and user activity to identify anomalous behavior that may be indicative of an attempt to steal data.
Behavioral analysis in legacy DLP solutions builds models over a period of months to create a baseline of “normal” behavior. Once a baseline is established, anomalous behavior can be flagged.
More modern solutions create baselines on each endpoint and can create a baseline in a period of days or weeks.
