Computers are valuable tools in large part for their ability to communicate with other computer systems and retrieve information over computer networks. Networks typically comprise an interconnected group of computers, linked by wire, fiber optic, radio, or other data transmission means, to provide the computers with the ability to transfer information from computer to computer. The Internet is perhaps the best-known computer network, and enables millions of people to access millions of other computers such as by viewing web pages, sending e-mail, or by performing other computer-to-computer communication.
But, because the size of the Internet is so large and Internet users are so diverse in their interests, it is not uncommon for malicious users or criminals to attempt to communicate with other users' computers in a manner that poses a danger to the other users. For example, a hacker may attempt to log in to a corporate computer to steal, delete, or change information. Computer viruses or Trojan horse programs may be distributed to other computers, or unknowingly downloaded or executed by large numbers of computer users. Further, mass spam emails or emails having malicious content may be sent across the network, often from “zombie” computers taken over via. Trojans or other malware.
For these and other reasons, many computer systems employ a variety of safeguards designed to protect computer systems against certain threats. Firewalls are designed to restrict the types of communication that can occur over a network, antivirus programs are designed to prevent malicious code from being loaded or executed on a computer system, and malware detection programs are designed to detect remailers, keystroke loggers, and other software that is designed to perform undesired operations such as stealing information from a computer or using the computer for unintended purposes. Similarly, email that can be recognized as spam or as malicious is often quarantined before it reaches a user's inbox, helping reduce the impact of undesirable email on the user.
Many such protective systems use signatures of known threats to detect and control the threat. For example, antivirus software typically uses a large library of signatures comprising code segments or other identifying information to scan storage such as hard drives and to scan executing programs, removing offending code from the computer system before it can cause damage. Email spam programs similarly search for common terms within the email suggesting the email may be spam, and quarantine the message rather than deliver it. More complex systems use a variety of more sophisticated analysis methods to determine the likely risk of various network communications.
Because these sophisticated methods can sometimes benefit from significant computing resources, or information relating to other network traffic, these protective systems sometimes rely on services provided over a network to better manage risk. Network-based services often monitor the perimeter of an entity's local area network, managing communications between the local network and the Internet. For example, a gateway computer system linking a business computer network to the Internet may scan for a variety of known threats such as viruses, malicious websites, and Trojan software, and may refer email, files, or programs that can't be locally scanned as safe or malicious to a web service for a final evaluation of the communication's risk. It may also restrict access to various websites, files, and other web content known or believed to pose a danger to end users.
It is therefore desirable to manage network-based security services to provide safe and effective security to networks.