| 主权项 |
1. A method comprising:
maintaining, by a monitoring unit within a protected private network, a plurality of policies in a form of rules, wherein each policy of the plurality of policies is configurable by a network administrator of the protected private network via a browser-based interface provided by the monitoring unit and specifies (i) a perceived risky activity of a plurality of perceived risky activities potentially indicative of malware activity and (ii) a corresponding score, wherein the plurality of perceived risky activities include bad connection attempts, interactions with a hosts in particular geographic locations external to the protected private network, interactions with undesired websites external to the protected network and failed Domain Name Server (DNS) resolution requests; observing, by the monitoring unit, activities relating to a plurality of monitored devices within the protected private network; for each observed activity, assigning, by the monitoring unit, a score to the observed activity based upon a matching policy of the plurality of polices; for each of the plurality of monitored devices, maintaining, by the monitoring unit, a current reputation score for the monitored device based upon the score and a historical score associated with the monitored device; and classifying, by the monitoring unit, a monitored device of the plurality of monitored devices as potentially being a malicious resource based upon the current reputation score for the monitored device. |
