One conventional approach to preventing malicious activity on a computer network is to scan network traffic for malicious signatures listed on a signature blacklist. For example, network devices such as a firewall can be configured to block network traffic containing a specific domain (i.e., website), a specific IP address, or a specific Uniform Resource Locator (URL). Some network devices may even block network traffic if the network devices find blacklisted signatures within files, javascript and/or Flash objects.
Another conventional approach to preventing malicious activity on a computer network is to intercept network traffic containing potentially malicious code and then run that code in a sandbox (i.e., a computerized platform which is isolated from the network). If the code running in the sandbox turns out to be malicious (e.g., by infecting a sandbox device with a computer virus, by attempting to spread malware, by attempting to extract data and communicate that data to an attacker's device, etc.), the effects are contained and prevented from spreading to devices on the network.