Computer networks are often configured to incorporate network security systems in order to protect the networks against malicious activity. Such malicious activity can include, for example, deployment of malware that is utilized by attackers to create networks of compromised computers or “botnets.”
Network security systems can be designed to protect a computer network of a company, organization or other large enterprise comprising many thousands of host devices, also referred to herein as simply “hosts.” However, enterprise computer networks are in many cases continuously growing in size, and often incorporate a diverse array of host devices, including mobile telephones, laptop computers and tablet computers. This continuous growth can make it increasingly difficult to provide a desired level of protection using the limited resources of the network security system. For example, available network security system functionality such as processing of security alerts and deployment of memory analysis tools on host devices can be strained by the demands of large enterprise networks.
Moreover, recent years have seen the rise of increasingly sophisticated malware attacks including advanced persistent threats (APTs) which pose severe risks to enterprises. These APTs are typically orchestrated by well-funded attackers using advanced tools to adapt to the victim environment while maintaining low profiles of activity. Additionally, new malware strains appear at a higher rate than ever before. Since many of these different types of malware are configured to evade existing security products, traditional defenses deployed by enterprises today often fail at detecting infections at a sufficiently early stage.