Individuals and organizations generally seek to protect their computing resources using antivirus and security products. Some solutions may involve installing a security agent on an endpoint computing device. The security agent may then record and collect information about events at the endpoint computing device, including security events like network intrusions. Subsequently, the security agent may also provide the recorded data, in the form of log data, to a backend server.
Unfortunately, the reported log data may suffer from several deficiencies. For example, the log data may include redundancies without normalizing the data, as in a normalized database. Similarly, the log data may be incomplete such that the log data reports some recorded data without reporting related metadata. Even if a logical data model would suggest the existence of other metadata, based on the existence of underlying log data, the log data may not even include fields for that metadata. Accordingly, the log data does not enable security vendors to perform meaningful statistics based on that metadata. Moreover, security employees may manually perform all of the following operations: (1) identifying different security threats, (2) organizing information about them, and (3) targeting resources based on analyzing that information.
Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for protecting computing resources based on logical data models.