A computer network is composed of a large collection of end-user devices (generally referred to herein as “endpoint devices”) that access network resources provided by network servers or other devices. In other words, an endpoint device generally provides a user access to the resources provided by the servers or other devices. For example, a personal computer used in a home or office is often used as an endpoint device. On the other hand, servers or other devices that provide network resources generally employ multiple incoming and outgoing connections to concurrently provide the network resources to the endpoint devices. For instance, an electronic mail (e-mail) server likely services dozens or hundreds of connections from the endpoint devices as the users access the e-mail server to send and receive e-mail.
Because users often lack technical experience, endpoint devices often become misconfigured. For example, users may accidentally install viruses, spyware, or other software that can potentially damage the functionality of the endpoint device or compromise the security of the computer network to which the endpoint is coupled. Once affected, endpoint devices can inadvertently spread malicious software to the servers and possibly to other endpoint devices.
To overcome this problem, various companies have implemented endpoint device security software. In general, conventional security software determines whether an endpoint device contains malicious software. If malicious software is detected, the endpoint security software denies network access to the endpoint whereby the endpoint device is unable to access the network or is only allowed to access a server having anti-virus software or other software needed to address the problem. In other words, the defense system “quarantines” the affected endpoint.