Typical protection of a network focuses on keeping a threat (e.g., virus, worm, etc.) from entering the network. Firewalls are used to separate a portion of the network that interfaces with and is accessible to a public network (e.g., the Internet) from the rest of a private network, such as a corporate intranet. Some viruses however, include their own servers to communicate with random Internet protocol (IP) addresses and email addresses. Hackers also use chat servers to control a computing device through a Trojan-type threat.
Corporate workstations (e.g., desktop computers, etc.) that are part of the corporate intranet can include an application (e.g., anti-virus software) to identify whether any threats have been inadvertently loaded onto that workstation. Ideally, if the threat is identified before that threat is activated by the user of the infected workstation, that threat can be removed from the workstation before it is propagated onto the corporate network. If the user inadvertently activates the threat before it is identified, the threat is able to infiltrate the corporate network, wreak havoc, and require an inordinate amount of unscheduled resources of a corporation's information technology department to track the source of the threat, isolate the threat, and eliminate it and all of its spawned malicious processes from the network.