A system is provided with a controller and a device configured to receive and output network data from a communication network to the controller. Accordingly, the controller is configured to (i) receive the network data from the device, (ii) conduct heuristic analysis on the network data, (iii) identify at least a portion of the network data as suspicious upon determining by the heuristic analysis of a likelihood that at least the portion of the network data including malware, (iv) simulate transmission of the suspicious network data to at least one virtual machine of a plurality of virtual machines that is selected or configured using at least one software profile, and (v) analyze effects of the suspicious network data on the at least one virtual machine.