Deep Packet Inspection
Threat detection relies on getting as much information from all core network devices, firewalls, routers/switches, servers etc. as possible. With event correlation the chances of spotting even the most subtle of attacks is greatly increased.
A core aspect to threat detection is the ability of the system to undertake deep packet inspection.
As an analogy basic threat detection systems would look at the outside of an envelope for the name and address. DPI platforms go further by opening the envelope and reading the contents.
DPI linked with machine learning can start to analyse traffic, it will identify and understand network applications. When attempting to breach networks hackers will often try to disguise what they are doing, however with DPI this attacks will be identified immediately!