A big challenge for organizations when it comes to malware detection is their inability to correlate network log events between different devices. Sophisticated malware mimics normal user behavior in order to mask its identity, and can go undetected by real-time intrusion detection systems. However, examining behavioral attributes (i.e. connection points, traffic sizes, timing frequencies, etc.), places the event activity in the appropriate context, and allows you to detect this automated behavior and expose the threat. In the below video, Ron Bernier, Director & Chief Architect of Tyler Detect, discusses an example of how Tyler Detect uses context to detect a malware intrusion.