Scored threat signature analysis

What is claimed is: 1. A method for detecting threats using threat signatures loaded in a computing device, the method comprising: receiving a first plurality of threat signatures at a computing device, at least one threat signature of the first plurality of threat signatures having been assigned a score based on at least one metadata attribute having been added to the at least one threat signature, the at least one metadata attribute having been added to the at least one threat signature includes a quality score having been determined by: determining a signature cost associated with the threat signature, wherein the signature cost indicates a difference in performance between an execution of the computing device without the threat signature and an execution of the computing device with the threat signature, comparing the signature cost to a baseline performance value, and adding the quality score to the threat signature based on the comparison of the signature cost to the baseline performance value; receiving a selection of a second plurality of threat signatures from the first plurality of threat signatures to load into random access memory (RAM) of the computing device, wherein at least one threat signature of the selected plurality of threat signatures is selected based on its assigned score; scanning network traffic accessible by the computing device using the at least one threat signature of the selected plurality of threat signatures; detecting a threat in the network traffic based on the scanning using the at least one threat signature of the selected plurality of threat signatures; and performing a remedial action upon detecting the threat in the network traffic. 2. The method of claim 1 , wherein performing the remedial action includes issuing an alert regarding the detected threat. 3. The method of claim 1 , further comprising determining an amount of RAM available on the computing device, wherein an amount of the selected plurality of threat signatures is further based on the amount of determined RAM available on the computing device. 4. The method of claim 1 , further comprising storing the first plurality of threat signatures in a signature database associated with the computing device. 5. The method of claim 1 , wherein the selection of the second plurality of threat signatures includes: a predefined first subset of threat signatures that are associated with a first tier of threat signatures, and a predefined second subset of threat signatures that are associated with a second tier of threat signatures. 6. The method of claim 5 , wherein the first tier is associated with threat signatures having been assigned a score in a first range, and the second tier is associated with threat signatures having been assigned a score in a second range. 7. A computing device for identifying threats in monitored network activity, the computing device comprising: an interface for: receiving a first plurality of threat signatures, at least one threat signature of the first plurality of threat signatures having been assigned a score based on at least one metadata attribute having been added to the at least one threat signature, the at least one metadata attribute having been added to the at least one threat signature includes a quality score having been determined by: determining a signature cost associated with the threat signature, wherein the signature cost indicates a difference in performance between an execution of the computing device without the threat signature and an execution of the computing device with the threat signature, comparing the signature cost to a baseline performance value, and adding the quality score to the threat signature based on the comparison of the signature cost to the baseline performance value, and receiving a selection of a second plurality of threat signatures from the first plurality of threat signatures that are loaded into random access memory (RAM) of the computing device, wherein at least one threat signature of the selected plurality of threat signatures is selected based on its assigned score; and one or more processing devices executing computer-executable instructions for: scanning network traffic using at least one threat signature of the selected plurality of threat signatures, detecting a threat in the network traffic based on the scanning using the at least one threat signature of the selected plurality of threat signatures, and performing a remedial action upon detecting the malicious pattern in the network traffic. 8. The computing device of claim 7 wherein the one more or processing devices perform the remedial action by issuing an alert regarding the detected threat. 9. The computing device of claim 7 wherein an amount of the selected plurality of threat signatures is further based on an amount of RAM available on the computing device. 10. The computing device of claim 7 wherein the computing device further includes a signature database for storing the first plurality of threat signatures. 11. The computing device of claim 7 wherein the selection of the second plurality of threat signatures includes: a predefined first subset of threat signatures that are associated with a first tier of threat signatures, and a predefined second subset of threat signatures that are associated with a second tier of threat signatures. 12. The computing device of claim 11 wherein the first tier is associated with threat signatures having been assigned a score in a first range, and the second tier is associated with threat signatures having been assigned a score in a second range. 13. A system for monitoring network activity, the system comprising: one or more processing devices executing computer-executable instructions to: add at least one metadata attribute to each of a first plurality of threat signatures, assign a signature score to each of the first plurality of threat signatures utilizing the at least one metadata attribute added to each of the first plurality of threat signatures, the at least one metadata attribute having been added to the at least one threat signature includes a signature cost, wherein the signature cost indicates a difference in performance between an execution of an inspection engine without the threat signature and an execution of the inspection engine with the threat signature and is further based on a comparison with a baseline performance value; transmit the first plurality of threat signatures including the added at least one metadata attribute to a computing device, wherein the computing device is configured to scan network traffic using at least one threat signature of the first plurality of threat signatures, detect a threat in the network traffic based on the scanning using the at least one threat signature of the first plurality of threat signatures, and perform a remedial action upon detecting the threat in the network traffic. 14. The system of claim 13 wherein the one or more processing devices are further configured to determine an amount of RAM available on the computing device, and an amount of the first plurality of signatures selected and transmitted to the computing device is further based on the determined amount of RAM available on the computing device. 15. The system of claim 13 wherein the signature score assigned to each of the first plurality of threat signatures is a weighted average of the metadata attributes added to each of the first plurality of threat signatures. 16. The system of claim 13 wherein the first plurality of threat signatures includes: a predefined first subset