Field of the Invention
The present invention generally relates to security of information technology assets. In particular, the present invention is related to controlling malicious activity detection with respect to information technology assets based on behavioral models associated with the respective information technology assets.
Background
An information technology security system (ITSS) leverages protection services to maintain a secure environment for information technology (IT) assets, such as computers, user accounts, services, applications, an enterprise network, etc. Each protection service monitors respective designated aspects of one or more IT assets and may perform any of a variety of protection functions, such as edge firewall, anti-virus, network-based intrusion detection system (IDS), host-based IDS, etc.
Conventional ITSSs typically require an administrative user to set an enablement and/or sensitivity parameter for each of the numerous protection rules that may be applied by the protection services during a malicious activity (e.g., computer virus, computer worm, etc.) detection operation. Setting the parameters is rather burdensome and requires a relatively detailed knowledge of the functions of the protection rules with which the parameters are associated. For instance, the administrative user should know how changing the enablement and/or sensitivity of a protection rule affects a message, called an assessment, that a protection service generates from the malicious activity detection operation.