Nadradený pojem:
Suspicious activities
Description
To identify suspicious user and entity behavior in corporate SaaS
platforms, including third-party cloud applications, security teams must
sift through billions of user activities to define normal patterns of
user behavior in their organization's environment. They must look for
anomalies that fall outside those expected patterns. Then they need to
correlate suspicious activities to determine what might be a true threat
that requires investigation.
An example of suspicious activity is excessive login activity from several countries in a short period. Say that normal user behavior in a certain organization is for employees to log in to a specific application from no more than one or two countries per week. If one user starts logging in to that application from 68 countries over the course of one week, a security team will want to investigate that activity to confirm that it is legitimate.
According to our analysis, only 1 in 5000 user activities—0.02 percent—that are associated with connected third-party cloud applications is suspicious. The challenge for security teams, of course, is pinpointing that one instance.
An example of suspicious activity is excessive login activity from several countries in a short period. Say that normal user behavior in a certain organization is for employees to log in to a specific application from no more than one or two countries per week. If one user starts logging in to that application from 68 countries over the course of one week, a security team will want to investigate that activity to confirm that it is legitimate.
According to our analysis, only 1 in 5000 user activities—0.02 percent—that are associated with connected third-party cloud applications is suspicious. The challenge for security teams, of course, is pinpointing that one instance.
Importance
High