Cybercrime is costly and has major consequences for a company's productivity and competitiveness. As a result, enormous annual resources are devoted to installing and enhancing cyber security systems.
Cybercrime is of particular concern for companies holding valuable and confidential intellectual property. Such value tempts industrial espionage, which may result in the stealing and dissemination of a company's intellectual property.
There are two traditional options to combat cybercrime: firewalls and intrusion detection systems. A firewall is essentially a gatekeeper at a network's communication access point. Designed to prevent intrusions, a firewall sits on a network's connection perimeter and evaluates incoming traffic for evidence of an intrusion. Firewalls are only partially effective and can cause significant delays in communication speed. Firewalls' effectiveness hinges on recognizing the signature(s) of an intrusion. If an intrusion is not known to the firewall, the intrusion may pass through undetected. Once inside the network, some intrusions can simulate the activity of inter-nodal communication, concealing their presence and activities. Firewalls are also a drain on system resources—screening every in-bound communication uses a substantial amount of processing resources.
Intrusion detection systems are designed to look deeply into network packets to identify behavioral signatures of previously identified breaches. This also includes processing a large volume of data, which takes significant time. Also, intrusion detection systems require knowledge of the signature of a particular intrusion, and overzealous systems typically produce a large number of false positives.