As computer networks grow and the amount of data stored on computers and databases interconnected by those networks grows, so have attempts to gain unauthorized access to these computers and databases. Such attempts to gain unauthorized access to computers and databases may include methodical reconnaissance of potential victims to identify traffic patterns and existing defenses. A technique used to gain unauthorized access to computers and databases includes loading malicious software or malware onto a computer. Such malware is designed to disrupt computer operation, gather sensitive information, or to grant access to the computer to unauthorized individuals.
As the awareness of malware increases, the techniques used to load malware onto computers (also called a malware infection) has grown more sophisticated. As a result, legacy security solutions that use a structured process (e.g., signature and heuristics matching) or analyze agent behavior in an isolated context fail to detect threat activities including, but not limited to, loading malware, lateral movement, data exfiltration, fraudulent transactions, and inside attacks.
The failure to detect these types of threat activities on a computer or network can result in loss of high value data, down time or destruction of infected computers and/or the networks, lost productivity, and a high cost to recover and repair the infected computers and/or networks. Further, current security solutions that are focused on detecting the threat acts of infecting or penetrating a target system fail to detect the increasingly sophisticated malware on the complex business applications and network technologies used in current systems, because complex applications and protocols allow threat acts to hide more easily to evade detection. Further, the current security solutions fail to detect data exfiltration by the malware, which prevents an enterprise from properly assessing and controlling any damage that occurs from malware infecting a system. These types of detection security solutions fail to detect social-engineering attacks on employees and infection of malware caused by rogue or disgruntled employees.