The invention relates generally to a system and method for the identifying security threats to a computer, a network of computers, or a network of interconnected networks (collectively the “system”).
Individuals, partnerships, small businesses, global corporations, universities, health care providers, community-based organizations, government agencies, non-profit groups, religious organizations, and other organizations and entities (collectively “entities”) increasingly rely on information technology to perform a wide variety of functions. Entities increasingly use information technology to interact with each other and the world. The ability to facilitate the sharing of information between two or more entities can result in entirely new ways to interact, increase efficiency, cut costs, save lives, spur innovation, enhance personal satisfaction, result in the performance of beneficial activities, and otherwise enhance human endeavors in a wide variety of different ways.
Unfortunately, the increasing advantages of information sharing, storing, and processing seem to be inevitably coupled with significant security-related risks. Unauthorized users can attempt to gain access to and misuse proprietary applications. Sensitive information can be improperly obtained and quickly disseminated to a large group of recipients. The prospect of unauthorized access can make entities reluctant to take full advantage of information sharing opportunities. Increased reliance on technology can make an entity vulnerable to disruptions and other undesirable effects caused by malicious activities from both inside and outside parties. Identity theft is an ever increasing problem. Valuable data can be corrupted or lost all together. New threats to networks can develop on an almost continuous basis and efforts to make information technology more secure often seem to be stuck in the mode of “fighting the last war” instead of proactively preparing for the next innovative threat.
Despite the importance of enhancing the security of data and information technology architecture, prior art approaches affirmatively teach away from solutions that are proactive, comprehensive, and/or bottom-up. Existing approaches to the identification of network intrusions and other threats are typically either signature based or anomaly based. The effectiveness of traditional security approaches are often thwarted by a daunting volume of audit data. Known and easily accessible information is not typically used to anticipate threats or to otherwise proactively enhance the security of a network.