In recent years, malicious individuals and organizations have created a variety of sophisticated targeted attacks aimed at high-profile or high-level entities, such as governments, corporations, political organizations, defense contractors, or the like. In many cases, the goal of such an attack is to gain access to highly sensitive or confidential information, such as financial information, defense-related information, and/or intellectual property (e.g., source code), and/or to simply disrupt an entity's operations. In order to prevent such attacks, organizations may take security measures to monitor and prevent such attacks coming from outside sources. Additional security measures may also be put in place to protect and prevent access to high value computing devices and systems from directed attacks by outside sources.
However, potentially malicious attacks that originate within an organization may be significantly more difficult to track and defend against than attacks originating outside the organization. Organizations often have numerous computing devices that frequently interact with each other in the course of normal operations. Any of these computing devices can potentially be compromised due to interactions with websites and emails containing malicious programs. Unfortunately, compromised machines within the organization may be utilized to launch attacks on other devices within the organization. While interactions between computing devices within an organization are often tracked, potentially malicious attacks between computing devices within the organization may go unnoticed by administrators due to the sheer number of such interactions taking place on a regular basis.
Accordingly, the instant disclosure identifies a need for systems and methods capable of identifying security threats originating within an organization, especially systems and methods capable of highlighting security threats directed at high value computing devices.