Individuals and organizations frequently use various software security systems to protect their computing devices against abnormal and/or unwanted activity. Such security systems may detect potentially malicious computing events or behaviors on an endpoint device and then determine whether these incidents meet a certain threshold or degree of suspicion. Computing events that meet this threshold may be classified as malicious and a security system may block, remove, or otherwise prevent files or objects involved in these events from harming an endpoint device.
Unfortunately, traditional security services may be unable to accurately or efficiently identify malicious computing events within an enterprise. For example, if a conventional anti-malware technology lacks knowledge of a file's reputation when the file is first seen by an enterprise, the anti-malware technology may fail to detect security threats associated with the file, even if information indicating the reputation of the file becomes available at a later point in time. In addition, traditional security systems may not allow customers to tailor malware-detection processes to the needs of their own enterprises. For example, a traditional security system may implement a standard or default metric by which to classify malicious computing events across multiple enterprises, regardless of the security services requested or required by individual enterprises. The instant disclosure, therefore, identifies and addresses a need for systems and methods for detecting malicious computing events.