In recent years, it has become increasingly difficult to detect threats on enterprise networks without costly disruption. Various types of security products have been deployed to increase the security of enterprise networks. However generally the security products have sets of rules or guidelines that cannot be modified without creating exposure to unknown risks. Thus, every modification or customization to security rules must undergo strict and thorough testing to ensure the proposed change is secure and that it will not inadvertently block a mission-critical application before it is implemented in live enterprise networks. While this thorough testing process may increase safety, it drastically reduces the speed and capability of networks to quickly adapt to new threats.
Furthermore, many companies do not have the capability, time, or resources to continuously update their network security products in a way that is both safe and compatible with their networks. As such, the only option for many companies is to simply adopt a well-known security product and wait for new trusted updates to hopefully appear in time before new threats wreak havoc on company networks.
As is evident, there is a demand for an approach to detect malicious activity on networks in a passive manner that does not require expensive, slow, invasive updates to security products, or reliance on trusted third party updates which may or may not occur in time before new threats cause network harm.