With increasing reliance on distributed computing networks across many industries, attacks on these networks pose a significant threat to companies and other organizations. Malicious attacks may include attempts to access, expose, alter, disable, destroy, or steal an asset or resource on a network. Such attacks can come from outside actors without access to the network, and also from internal rogue actors that have legitimate access. These attacks can cause serious hardships and damage, and are often irreversible. Accordingly, organizations are increasingly looking for solutions to monitor computing networks to detect these actions. This often includes monitoring network traffic and attempting to discern suspicious or malicious activity from normal, permissible activity, which is often difficult, especially when attacks originate from actors that have legitimate access to the network.
Certain solutions have been developed to attempt to detect malicious activity in a network. These technologies are often reactive, only detecting the activity after it has already occurred. For example, some solutions involve analyzing a log of events or actions that have occurred within the network and identifying malicious activities as they are logged. These techniques, however, do not allow prevention of the activity in advance, and thus often fail to prevent damage from occurring. Further, there may be delays associated with logging and monitoring the events, which lead to further delays in responding to the detected activity.
Accordingly, in view of these and other deficiencies in existing techniques, technological solutions are needed for predictably detecting activities in advance of when they occur. Solutions should advantageously allow detection of the activity as early as possible in a process flow leading to the activity. The malicious actions should be detectable based on activities or a combination of activities that alone may not be malicious, such as permissible but suspicious activity by a user. Ideally, a system or organization should be able to take a necessary control action to prevent or mitigate the harmful result. Further, the solutions should allow for different actions to be taken based on how far along the progression of the activity is towards reaching the harmful result.