A variety of techniques exist for detecting and remediating malware in computer systems such as endpoints in an enterprise. However, advanced persistent threats employ stealthy, continuous hacking processes over extended periods orchestrated from a remote location using various exploits and a command and control infrastructure for orchestrating attacks from a remote location. There remains a need for improved detection and remediation of advanced persistent threats.