In a previous lesson, I pointed out that there are three essential ways security tools detect threats. Those methods are signature-based, behavior, and anomaly detection. Most security tools use a combination of one or more of these capabilities to detect threats. The following figure represents this concept.
