Cyberthreats, in various embodiments, are incidents related to a compromise of a computer network, including one that leads to a loss of one or more assets or one in which the originator of the incident intends to effect a loss as an objective of the threat. Damages resulting from cyber-attack campaigns, like the 2013-2014 string of attacks on Target's® networks that resulted in theft of more than 40 million credit card details, the May 2014 eBay® attacks that resulted in theft of 233 million user records, and the September 2014 attacks on Home Depot® that allowed hackers to steal 56 million customer debit and credit card numbers, demonstrate the growing severity of the impact of cyberattacks on corporate and personal data. The immediate sources of damage to assets may include, for example, data deletion, data corruption, data theft, release of protected data to the public, goodwill and reputational loss, system downtime loss, equipment loss, immediate revenue and subsequent financial loss, business continuity interruption, and the internal costs of detection, investigation of suspected breaches, containment of breaches, recovery of systems, and ex post facto responses, including the costs of legal ramifications such as class action lawsuits or other litigation, among others. Subsequent damages can range from loss of intellectual property (IP) by data theft to downtime of supervisory control and data acquisition (SCADA) systems or other control systems, which may lead to losses of product manufacturing, delivery of critical services, and casualties, including human injury or loss of life.
An organization's assets residing on computer networks have become more difficult to protect as assets and networks have grown in size and complexity. Businesses, governments, and other organizations have expanded computer network access internally across a growing number of fixed and mobile computers and devices authorized for employee access, as well as access externally to public and private cloud environments and trusted customers/clients, vendors and suppliers. The growth of these access points greatly increases the exposure of organizational assets to potential compromise and loss.
At the same time, network security teams are confronted by a number of challenges, including the large number of channels into an organization (Wi-Fi, USB flash drives, mobile devices, VoIP and the like), the size and diversity of the infrastructure requiring protection, the number and diversity of applications (including plug-ins), and the overwhelming amount of network traffic to monitor and scan—each evolving, sometimes dramatically, in complexity over time. Control systems, such as SCADA systems, that drive manufacturing, critical energy, transportation, and other operational systems, which once used to be isolated and analog in nature, are now migrating to digital systems and are progressively connected via the Internet for online licensing, performance tracking, patching, and software updating. As a result, the exposure to attack through network pathways continues to increase.
Adding to the complexity, cybertools that target assets have become more sophisticated and are quickly and often quietly released to hacker communities, attackers' tactics and techniques are more advanced, and sophisticated commodity malware in illicit markets is more accessible to a global set of attackers. The networks they target extend across different devices and site locations globally, and competing security monitoring and/or prevention products (“monitoring capabilities”) (e.g., firewalls, anti-virus software, proxy servers, intrusion detection systems (IDSs), and operating system-based vulnerabilities in the marketplace) in many cases have not kept pace with existing and emerging threats, such as intentional attacks (e.g., viruses, Trojans, rootkits, zero-day exploits, accidents, and system failures) (“cyberthreats”).