What type of protection detects threats and records them as events?

The type of protection that detects threats and records them as events is Endpoint and Server Protection. This solution focuses on identifying malicious activities, such as malware or unauthorized access attempts, on endpoints and servers within an organization’s network. It continually scans for known and unknown threats, leveraging signature-based detection, behavior analysis, and machine learning techniques.

When a threat is detected, Endpoint and Server Protection not only blocks the threat but also logs these events for further investigation and reporting. This event logging is crucial for security teams to analyze incidents, understand attack vectors, and refine their security strategies over time. This capability helps in creating a comprehensive security posture that not only reacts to threats in real time but also learns from past incidents to improve future defenses.

In contrast, threat intelligence generally refers to the collection and analysis of information about existing and emerging threats, but it does not directly involve the detection of threats on endpoints. Web Protection focuses on securing web traffic, while Data Loss Prevention is aimed at preventing sensitive data from being leaked or misused. Each of these has specific roles within a broader security framework but does not encompass the entire scope of threat detection and event recording like Endpoint and Server Protection does.