Intrusion detection systems (IDSs) and other anti-malware systems are powerful, but challenging to maintain. In particular, to achieve acceptable efficacy, such security systems require constant updates and/or external synchronization, to keep up with results of expensive manual threat analyses by highly-specialized teams of security experts. More and more, these information sources are being connected, allowing for a more solid verdict to be made based on global data. In other words, connectivity and synchronization are becoming increasingly ubiquitous in network security systems.
The move towards connected and synchronized network security systems is a significant advancement in the security field, but also fails to take into account certain entities that intentionally prevent or limit connections with the outside world. For example, many networks for government, military, critical infrastructure, etc., are isolated and cannot leverage the same security update techniques as traditional networks. Instead, these entities typically employ whole in-house teams of security experts able to create security updates internally and/or perform extensive verification testing on security updates from external sources before deployment in the isolated network.