System and method of assigning reputation scores to hosts

What is claimed is: 1 . A method comprising: receiving network traffic from a host having a host IP address and operating in a data center, wherein data associated with the network traffic is received from at least a first capture agent at a device hardware layer of the data center, a second capture agent at a hypervisor layer of the data center, and a third capture agent at a virtual machine layer of the data center; analyzing a malware tracker for IP addresses of hosts having been infected by a malware to yield an analysis; and when the analysis indicates that the host IP address has been used to communicate with an external host infected by the malware to yield an indication, assigning a reputation score, based on the indication, to the host. 2 . The method of claim 1 , further comprising, applying a conditional policy associated with using the host based on the reputation score. 3 . The method of claim 1 , wherein the reputation score comprises a reduced reputation score from a previous reputation score for the host. 4 . The method of claim 1 , further comprising: analyzing an effectiveness of a policy related to communications with the host based on the reputation score. 5 . The method of claim 1 , further comprising: separating malicious and non-malicious behavior based on the indication. 6 . The method of claim 1 , wherein analyzing the malware tracker further comprises crawling multiple malware trackers. 7 . The method of claim 1 , wherein assigning the reputation score is further based on data associated with the host and received from a whois database. 8 . A system comprising: a processor; and a computer-readable storage medium storing instructions which, when executed by the processor, cause the processor to perform operations comprising: receiving network traffic from a host having a host IP address and operating in a data center, wherein data associated with the network traffic is received from at least a first capture agent at a device hardware layer of the data center, a second capture agent at a hypervisor layer of the data center, and a third capture agent at a virtual machine layer of the data center; analyzing a malware tracker for IP addresses of hosts having been infected by a malware to yield an analysis; and when the analysis indicates that the host IP address has been used to communicate with an external host infected by the malware to yield an indication, assigning a reputation score, based on the indication, to the host. 9 . The system of claim 8 , further comprising, applying a conditional policy associated with using the host based on the reputation score. 10 . The system of claim 8 , wherein the reputation score comprises a reduced reputation score from a previous reputation score for the host. 11 . The system of claim 8 , wherein the computer-readable storage medium stores further instructions which, when executed by the processor, cause the processor to perform operations comprising further comprising: analyzing an effectiveness of a policy related to communications with the host based on the reputation score. 12 . The system of claim 8 , further comprising: separating malicious and non-malicious behavior based on the indication. 13 . The system of claim 8 , wherein analyzing the malware tracker further comprises crawling multiple malware trackers. 14 . The system of claim 8 , wherein assigning the reputation score is further based on data associated with the host and received from a whois database. 15 . A computer-readable storage device storing instructions which, when executed by a processor, cause the processor to perform operations comprising: receiving network traffic from a host having a host IP address and operating in a data center, wherein data associated with the network traffic is received from at least a first capture agent at a device hardware layer of the data center, a second capture agent at a hypervisor layer of the data center, and a third capture agent at a virtual machine layer of the data center; analyzing a malware tracker for IP addresses of hosts having been infected by a malware to yield an analysis; and when the analysis indicates that the host IP address has been used to communicate with an external host infected by the malware to yield an indication, assigning a reputation score, based on the indication, to the host. 16 . The computer-readable storage device of claim 15 , wherein the computer-readable storage device stores further instructions which, when executed by the processor, cause the processor to perform operations comprising further comprising: applying a conditional policy associated with using the host based on the reputation score. 17 . The computer-readable storage device of claim 15 , wherein the reputation score comprises a reduced reputation score from a previous reputation score for the host. 18 . The computer-readable storage device of claim 15 , wherein the computer-readable storage device stores further instructions which, when executed by the processor, cause the processor to perform operations comprising further comprising: analyzing an effectiveness of a policy related to communications with the host based on the reputation score. 19 . The computer-readable storage device of claim 15 , wherein the computer-readable storage device stores further instructions which, when executed by the processor, cause the processor to perform operations comprising further comprising: separating malicious and non-malicious behavior based on the indication. 20 . The computer-readable storage device of claim 15 , wherein analyzing the malware tracker further comprises crawling multiple malware trackers.