Many modern organizations employ security applications to deal with security issues on an organizational and technical level. For example, security applications may be employed to supervise, among other things, the organization's network and network devices to monitor for, investigate, and defend against potential security incidents. For example, a security application may be tasked with monitoring network devices and then alerting network administrators each time that a network device is threatened, such as by a virus or by malware.
Unfortunately, however, the task of monitoring a network for every potential security incident can be very difficult in modern network environments. This difficulty may arise due to the relatively high number of network devices on modern networks and the relatively high number of potentially threatening circumstances that may arise during any given time period on the network devices. Further, while it may be important for an organization to predict the likelihood of suffering future security incidents on its network, such predicting may be very difficult to accurately perform. When an organization is unable to accurately predict future security incidents on its network, it may be difficult to plan for and mitigate against future security incidents, thereby exposing its network to costly damage.
The subject matter claimed herein is not limited to embodiments that solve any disadvantages or that operate only in environments such as those described above. Rather, this background is only provided to illustrate one example technology area where some embodiments described herein may be practiced.