Cloud-based shared security cache

What is claimed is: 1. A computing apparatus, the computing apparatus being an endpoint device, and comprising: a processor circuit and a memory; a network interface; and a security agent comprising instructions encoded within the memory to instruct the processor circuit to: identify an unknown software object on the endpoint device; query, via the network interface, a global reputation store for a global reputation for the unknown software object; receive a response from the global reputation store and determine that the unknown software object has a reputation previously assigned by a different endpoint, but does not have a reliable global reputation; compute, on the endpoint device, a local reputation for the unknown software object; and based at least in part on the determination that the unknown software object does not have a reliable global reputation, share the local reputation for the unknown software object with the global security cache. 2. The computing apparatus of claim 1 , wherein sharing the local reputation for the unknown software object comprises uploading a hash of the unknown software object. 3. The computing apparatus of claim 1 , wherein sharing the local reputation for the unknown software object comprises uploading metadata about the unknown software object. 4. The computing apparatus of claim 3 , wherein the metadata comprise multi-dimensional metadata. 5. The computing apparatus of claim 1 , wherein computing a local reputation for the unknown software object comprises performing local sandbox analysis on the unknown software object. 6. The computing apparatus of claim 1 , wherein computing a local reputation for the unknown software object comprises performing local deep static analysis on the unknown software object. 7. The computing apparatus of claim 1 , wherein computing a local reputation for the unknown software object comprises performing local behavioral analysis on the unknown software object. 8. The computing apparatus of claim 1 , wherein computing a local reputation for the unknown software object comprises performing local heuristic analysis of a user reaction to the unknown software object. 9. The computing apparatus of claim 1 , wherein the security agent further comprises instructions to receive from the global reputation store a not-reliable reputation based at least in part on analysis by other endpoints. 10. The computing apparatus of claim 9 , wherein the security agent further comprises instructions to assign a weight to the not-reliable reputation. 11. One or more tangible, non-transitory computer-readable storage mediums having stored thereon executable instructions to instruct a processor to: detect on an endpoint device a security object, and determine that the security object does not have a locally-cached security reputation; query a non-local reputation store for a reliable reputation for the security object; receive from the non-local reputation store a response that the security object has a reputation previously assigned by a different endpoint, but lacks a reliable reputation; analyze the security object to assign the security object a provisional local reputation; and based at least in part on the response that the security object lacks a reliable reputation, upload the provisional local reputation to the non-local reputation store. 12. The one or more tangible, non-transitory computer-readable mediums of claim 11 , wherein instructions are further to receive from the non-local reputation store a not-reliable reputation based at least in part on analysis by other endpoints. 13. The one or more tangible, non-transitory computer-readable mediums of claim 12 , wherein the instructions are further to act on the not-reliable reputation. 14. The one or more tangible, non-transitory computer-readable mediums of claim 12 , wherein the instructions are further to assign a weight to the not- reliable reputation. 15. The one or more tangible, non-transitory computer-readable mediums of claim 14 , wherein assigning the weight comprises assessing a prevalence of the security object. 16. The one or more tangible, non-transitory computer-readable mediums of claim 14 , wherein assigning the weight comprises assessing a type of analysis performed by one or more other endpoints to derive the not-reliable reputation. 17. The one or more tangible, non-transitory computer-readable mediums of claim 14 , wherein assigning the weight comprises assessing a time since last encounter for the security object. 18. The one or more tangible, non-transitory computer-readable mediums of claim 14 , wherein assigning the weight comprises comparing an operating environment of one or more endpoints that contributed to the not-reliable reputation to an operating environment of a local host. 19. A computer-implemented method of providing globally cached reputations for unknown security objects on an endpoint device, comprising: performing, on the endpoint, a first identification of a security object; determining that the security object is not permitted to operate on the endpoint without a sufficiently-positive reputation; querying a non-local security repository for a global reputation for the security object; determining that a different endpoint has assigned the object a reputation but that the non-local security repository has not assigned the security object a reliable global reputation; locally analyzing the security object on the endpoint device to assign the security object a provisional reputation; and based at least in part upon the determination that the non-local security repository has not assigned the security object a global reputation, uploading the provisional reputation to the non-local security repository. 20. The method of claim 19 , wherein uploading the provisional reputation comprises uploading a hash of the security object.