As the cyber world continues to expand and become denser, as wireless communications, satellites, telecommunications, and network and Internet infrastructures are integrated, such an increase in breadth and depth also introduces new vulnerabilities by providing cyber hackers with opportunities to use ever more sophisticated means and methods. Such incessant cyber attacks not only erode business integrity and undermine personal well-being but also threaten to compromise national security. Despite the fact that new systems and technologies may be designed with security in mind, the hacker always has the advantage that he may choose the time, place, and method of his attack, thereby rendering security mechanisms that are put into place at one point in time potentially impotent to guard against future attacks that utilize data or resources not known or available at the time of construction.
Traditional security mechanisms to deal with attacks on and intrusions into private networks, such as firewalls, antivirus programs, and proxy servers, all suffer from certain drawbacks that may render them ineffective at guarding against many modern forms of cyber attack. For example, traditional security mechanisms operate by analyzing and working within the confines of primarily local data and information. For example, proxy servers typically limit their purview to the data that is transmitted outside of the network and the data that is transmitted into the network. In either case, the proxy server is limited to analyzing only the data that passes through it in order to determine whether that data reflects malicious activity. However, it may not be apparent or even determinable solely by analyzing such data whether there is malicious activity involved, as data may be encrypted or obfuscated, and seemingly benign or friendly external destination servers may be merely operating under the control of known malicious servers that are not visible to the proxy server.
Traditional security mechanisms are also primarily reactive in nature, relying on information about malware programs or attacks that have previously surfaced, and thus previously caused damage, in order to identify those same malware programs or attacks in the future.
Moreover, traditional security mechanisms suffer from the additional drawback that they are largely aimed only at preventing network intrusions from occurring and are thus largely ineffective at taking targeted and granular remedial actions once intrusions do occur.