Attacks against computers and computer networks are increasingly putting information security risk. Attacks that include ransomware extortion has cost victims hundreds of millions of dollars in down time and extorted fees. Example sources of attacks include emails (e.g., emails that include links, attachments, or the like), compromised or malicious websites (e.g., drive-by attacks, spoofing, or the like), portable memory devices (e.g., thumb drives that contain Trojans), or the like.
Classic approaches (e.g., perimeter defenses and agent-based antivirus tools) to information security typically attempt to prevent attacks from starting. For example, perimeter defenses (e.g., firewalls) typically establish a barrier between an internal network and an external network. Perimeter defenses typically establish the barrier by screening for known, malicious origination vectors (e.g., IP addresses, URLs, emails, DNS queries, or the like). Origination vectors change constantly, even over a course of a single day. Accordingly, perimeter defenses are unlikely to be completely impenetrable. Moreover, perimeter defenses fail to protect the internal network from attacks that originate or spread from within the internal network.
Agent-based antivirus tools (e.g., an agent independently running in a local machine, an agent running in a local machine and used by a cloud antivirus tool, or the like) typically employ one or more of sandboxes (e.g., via virtual machines), behavior classification (e.g., via data-mining of files being analyzed), signature analysis (e.g., heuristic signature analysis) of a file itself, or the like. Agent-based antivirus tools that monitor file actions (e.g., via sandboxes or data-mining) are typically prohibitively slow. Agent-based antivirus tools that analyze file signatures have proven to be ineffective in protecting against some attacks such as ransomware attacks (e.g., more than 4,000 ransomware attacks have occurred per day in 2016).
Thus, it is with respect to these considerations and others that the present innovations have been made.