1. Field
The present invention generally relates to data security, and more specifically, to a system and methods for identification of suspicious processes in a computer-based system.
2. Description of Related Art
Nowadays, as organizations and enterprises get bigger, they are more and more exposed to malicious attacks. Kaspersky® reports detections of over 300,000 different malware variants in a single day. The United Kingdom government reports over 100,000 cyber-attacks on British companies every day.
In order to identify such attacks, a number of different anti-virus applications are currently available. Such anti-virus applications force security teams of large enterprises to manage thousands of new alerts every day, when responding to a single alert may take days, weeks and sometimes months.
These applications must be deployed on a computerized environment and attempt to identify malicious activity within the network. Other solutions may also be known. For example, anti-virus solutions that detect and remove known viruses by identifying “signatures” of such viruses may be available. The majority of these solutions rely upon a basic engine that searches suspect files for the presence of predetermined virus signatures. However, these related art solutions for identifying security incidents are not effective enough and malicious activity may go undetected.
In the view of the shortcoming of related art, it would be advantageous to provide an efficient solution for detecting security incidents in a computerized environment by identifying suspicious processes in a network in an initial stage.