1. Field of the Invention
The present invention relates to the detection of potential threats to computer systems and networks and, more specifically, to the non-invasive interrogation of computer and network system resources to identify potentially threatening behavior by users.
2. Background of the Related Art
Cyber security threats aimed at corporations and government organizations are becoming more sophisticated. It is expected that the sophistication, complexity and targeted nature of cyber attacks will continue to grow. It has been estimated that there has been a three-fold increase in threats that are customized for their target, and a five-fold increase in attacks against the U.S. government from 2006 to 2009.
Once a threat has penetrated the network perimeter, or if the threat originates from inside the organization, one must try to identify the threat based by analyzing the network and users' systems for clues. There are approaches to that analyze the hygiene or health of a user's system to determine the security risk. However, a malicious insider will always make sure that their system's health will pass scrutiny. Further, system health is a factor that is easily spoofed by an external attacker as well.