All the hype about behavior analytics technology and the many startups funded in the space in the last year or so is really about threat intelligence. Done well, behavioral analytics aggregates, analyzes and measures anomalous events and connects them together to create a prioritized, far more intelligent view of the true threats facing an organization. It solves the big problem of how to discount the massive volumes of otherwise unimportant threat data. Start by reviewing and comparing these products. See how varied the data sources are they can consume, endpoint data, IP/data repository logs. e.g. PLM, SCM, Sharepoint, etc. Ask what intelligence they can show into the who, what, where and how of an attack. Can they work on premise or cloud? Asking intelligent questions about behavior analytics, how these vendors compare and how they can impact all aspects of security programs is great starting point.