Behavioral analysis monitors actions rather than signatures — detecting threats based on what they do (encrypting files, making unusual network connections) rather than what they look like.
Behavioral analysis is key for detecting zero-days and fileless malware. EDR uses behavioral analysis. UEBA applies it to user activities. Requires baseline establishment first.