Attribute-controlled malware detection

What is claimed is: 1 . A computerized method for authenticating access to a subscription-based service that detects an attempted cyber-attack, the method comprising: receiving, by a cloud broker, service policy level information that includes at least an identifier of a sensor being used to access stored information; receiving, by the cloud broker, information based on operational metadata, the operational metadata includes metadata that pertains to an operating state of one or more clusters of a plurality of clusters of the subscription-based service; and using, by a cloud broker, both the service policy level information and the information based on the operational metadata in (i) selecting a cluster of the plurality of clusters to analyze the one or more objects submitted by the sensor and (ii) establishing a communication session between the sensor and the cluster via the cloud broker. 2 . The computerized method of claim 1 , wherein the service policy level information includes the identifier of the sensor and the cloud broker using the identifier of the sensor in retrieval of the stored information being the service policy level information from one or more databases separate from the sensor and the cloud broker. 3 . The computerized method of claim 1 , wherein the service policy level information includes the identifier of the sensor and the cloud broker using at least the identifier of the sensor in selecting the cluster based on a geographical location of the sensor determined by the identifier of the sensor. 4 . The computerized method of claim 3 , wherein the cloud broker using the identifier of the sensor in selecting the cluster based on both the geographical location of the sensor and one or more customer-configurable attributes within the service policy level information that includes geographic restrictions in selecting one of the plurality of clusters as the cluster. 5 . The computerized method of claim 1 , wherein the selecting of the cluster by the cloud broker includes conducting an analysis by the cloud broker that the information based on the operational metadata meets or exceeds one or more performance-based attributes of the service policy level information. 6 . The computerized method of claim 1 , wherein the operational metadata includes a current rate of analysis supported by the cluster and the service policy level information includes a quality of service (QoS) attribute that identifies a minimum rate of analysis offered by a subscription level assigned to a customer associated with the sensor. 7 . The computerized method of claim 1 , wherein the operational metadata includes a guest image, including an operating system and one or more applications, supported by the cluster and the service policy level information includes an attribute that identifies a type of guest image supported by the cluster. 8 . The computerized method of claim 1 , wherein the cloud broker being configured to use an identifier assigned to a customer associated with the sensor to access performance-based attributes being part of the service policy level information within one or more databases separate from the cloud broker. 9 . The computerized method of claim 8 , wherein the selecting the cluster of the plurality of clusters in response to the information based on the operational metadata associated with the cluster satisfying a performance threshold set by the one or more performance criterion associated with the performance-based attributes. 10 . The computerized method of claim 9 further comprising: monitoring, by the cloud broker, whether an analysis of an object, submitted by the sensor to the cluster subsequent to the one or more objects and during the communication session, continues to satisfy the performance threshold. 11 . The computerized method of claim 10 further comprising: terminating the communication session upon determining that the analysis of the object fails to satisfy the performance threshold. 12 . The computerized method of claim 1 , wherein the cloud broker is positioned on a separate subsystem as the subscription review service and communicatively coupled to the subscription review service over a network. 13 . A computerized method comprising: receiving metadata from a source node; selecting a first cluster of a plurality of clusters by a cloud broker to analyze one or more objects received from the source node, the first cluster includes one or more compute nodes providing services in analyzing the one or more objects for malware; and wherein the selection of the first cluster of the plurality of clusters by the cloud broker is based, at least in part, on operational metadata received by the cloud broker from a management system monitoring operability of each cluster of the plurality of clusters. 14 . The computerized method of claim 13 , wherein after the selecting of the first cluster of the plurality of clusters to analyze the one or more objects from the source node for malware, continuing by the first cluster to analyze all objects from the source node until a communication session between the source node and at least a broker computer node of the first cluster via the cloud broker is terminated. 15 . The computerized method of claim 13 , wherein prior to selecting the first cluster, the method further comprising: collecting operational metadata from the management system; and based on the operational metadata, generating data indicating a level of availability of each cluster of the plurality of clusters to analyze the one or more objects for malware received from the source node. 16 . The computerized method of claim 15 , wherein the collecting of the operational metadata is conducted by system monitoring logic and the operational metadata includes (i) metadata that identifies workload of each of the plurality of clusters and (ii) metadata that identifies a remaining queue length for a queue utilized to store metadata for use in retrieval of the one or more objects from the source node. 17 . The computerized method of claim 15 , wherein the collecting of the operational metadata includes collecting metadata that identifies a workload for each compute node of the first cluster of the plurality of clusters. 18 . The computerized method of claim 15 , wherein the collecting of the operational metadata includes collecting either (i) metadata that identifies a geographic location for the one or more compute nodes, or (ii) metadata that identifies a software profile for each of the one or more compute nodes, or (iii) metadata that identifies a rate of submission of objects by the source node to the cloud broker. 19 . A system for detecting a cyber-attack, comprising: a sensor associated with a first customer enrolled in a subscription service for a malware detection service, the sensor to capture a first object and perform a first malware analysis on the first object to determine whether the first object corresponds to a suspicious object potentially associated with a cyber-attack; and a cloud broker communicatively coupled to the sensor, the cloud broker to (i) receive metadata associated with the suspicious object, (ii) select a cluster of the plurality of clusters to analyze the first object submitted by the sensor based, at least in part, on the metadata associated with the suspicious object, and (iii) establish a communication session between the sensor and the cluster that conducts a second malware analysis on the first object to determine whether the first objec