Systems and Methods for Contextual and Cross Application Threat Detection and Prediction in Cloud Applications
First Claim
1. A method for detecting threat activity in a cloud application using past activity data from cloud applications, the method comprising:
- receiving activity data concerning actions performed by a user account associated with a user within a monitored cloud application;
receiving external contextual data about the user that does not concern actions performed using the user account within the monitored cloud application, where the external contextual data is retrieved from outside of the monitored cloud application;
deriving a baseline user profile using the activity data and external contextual data and associating the baseline user profile with the user account; and
determining the likelihood of anomalous activity using the baseline user profile.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for contextual and cross application threat detection in cloud applications in accordance with embodiments of the invention are disclosed. In one embodiment, a method for detecting threat activity in a cloud application using past activity data from cloud applications includes receiving activity data concerning actions performed by a user account associated with a user within a monitored cloud application, receiving external contextual data about the user that does not concern actions performed using the user account within the monitored cloud application, where the external contextual data is retrieved from outside of the monitored cloud application, deriving a baseline user profile using the activity data and external contextual data and associating the baseline user profile with the user account, and determining the likelihood of anomalous activity using the baseline user profile.
-
Citations
28 Claims
-
1. A method for detecting threat activity in a cloud application using past activity data from cloud applications, the method comprising:
-
receiving activity data concerning actions performed by a user account associated with a user within a monitored cloud application; receiving external contextual data about the user that does not concern actions performed using the user account within the monitored cloud application, where the external contextual data is retrieved from outside of the monitored cloud application; deriving a baseline user profile using the activity data and external contextual data and associating the baseline user profile with the user account; and determining the likelihood of anomalous activity using the baseline user profile. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for detecting threat activity in a cloud application using past activity data from cloud applications comprising:
-
memory containing an analytics application; and a processor; wherein the processor is configured by the analytics application to; receive activity data concerning actions performed by a user account associated with a user within a monitored cloud application; receive external contextual data about the user that does not concern actions performed using the user account within the monitored cloud application, where the external contextual data is retrieved from outside of the monitored cloud application; derive a baseline user profile using the activity data and external contextual data and associating the baseline user profile with the user account; and determine the likelihood of anomalous activity using the baseline user profile. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification