Computer networks are essential modern business and enterprise tools. Networked computers facilitate global commerce and allow people all over the world to collaborate on work, be entertained, and control important aspects of society's technical infrastructure. It is extremely important that computer networks be secure so as to prevent unauthorized use of computers and communications pathways (such as the public Internet and private communication links), which can result in malicious, harmful, or disruptive actions.
Some network security approaches are known in the art. For example, firewalls provide basic protection from unwanted outside access to a computer network. As other examples, U.S. Pat. Nos. 7,185,368, 7,290,283, 7,457,426, 7,512,980, 7,644,151, 7,886,358, and 7,895,326, all of which are owned by the assignee of the present invention(s), provide for various network security, monitoring, and control functions, including flow-based network intrusion detection and monitoring, network port profiling, packet-sampling flow-based detection of network intrusions, and network service zone locking. Other examples of network security technologies include malware/malicious software detection, prevention, and removal; internal access control; routing limitations; bot detection and tracking; packet tracing; denial of service (DOS) detection and prevention; and others.
Given the mobility and geographic dispersal of the modern workforce as well as the proliferation of cloud services and on-demand computing, it is difficult to accurately detect anomalies based on the data from a single observation point. Therefore, there is a need for improved computer resource anomaly detection, reporting, and handling, to which aspects and embodiments of the present invention(s) are directed.