Enterprises are constantly under cyber-attack, or electronic attack of computing resources and data (hereinafter all of an enterprise's computing resources and data, not just the connectivity resources, are called a “network”). From the years 2011 to 2015 there have been at least seven hundred (700) documented major cyber-attacks on enterprise and government networks in the United States as well as many others outside of the United States. Some attacks steal data, while other attacks steal money or electronic access to money. Yet others maliciously destroy data, or cause denial of service. These attacks not only degrade the integrity of the specific networks under attack, but also the user's confidence in all networks. Accordingly, cyber security officers and others responsible for computer security, are constantly challenged to defend their networks against cyber-attack.
Cyber security officers are therefore responsible for developing and maintaining a threat model for the networks under their charge. A threat model identifies vulnerabilities in those networks, and may further identify or help to identify techniques to mitigate any identified respective computer security risk. Application of those techniques is called remediation.
However, the scale, sophistication, and variety of attacks presently targeting enterprise and government computing resources have increased. For example, sophisticated attackers may use a multiple vector attack to simultaneously target multiple vulnerabilities of the computing resources that belong to an enterprise. A conventional security application may fail to detect one or more aspects of a multiple vector attacks, thereby leaving some attack vectors of the computing resources vulnerable even if other attack vectors are successful protected using newly instituted protection measures.