Cyber intrusion and anomaly detection techniques are limited by their reliance on known malicious signatures or unusual conditions that require investigation. This is ineffective when the attacker does not use known signatures. Event-based approaches are too labor -intensive, and current detection tools have a very high probability of producing false positives. IAI, and its collaborators from Texas A & M and AIS, are developing the Recognition of New Advanced Threats Using Purpose and Network Correlators (RAPCOR) system, a novel signature-less APT detection system, that allows proper identification, prioritization, and understanding of attacks. The key innovation of this product is placing detectors within the network and individual hosts to provide real-time purpose and correlation inputs. These inputs, combined with network/system/user-specific knowledge, are used to create a dynamic web of threads that, when alerted, allow the immediate identification of the context surrounding the alert and the automatic calculation of the alert’s legitimacy and severity. Rather than simply correlating existing alerts, this approach continually captures and analyzes attributes of potential attacks. The follow-up investigation of alerts is shifted into the attack prioritization process, providing context to correctly prioritize alerts. RAPCOR reduces the burden on operators by providing an automated determination of and reasoning over each alert's context and leverages IAI’s technology for intrusion detection, anomaly detection, vulnerability analysis, situational awareness, and planning.