The subject matter discussed in this section should not be assumed to be prior art merely as a result of its mention in this section. Similarly, a problem mentioned in this section or associated with the subject matter provided as background should not be assumed to have been previously recognized in the prior art. The subject matter in this section merely represents different approaches, which in and of themselves can also correspond to implementations of the claimed technology.
The technology disclosed relates to machine learning based anomaly detection. In particular, it relates to constructing activity models on per-tenant and per-user basis using an online streaming machine learner that transforms an unsupervised learning problem into a supervised learning problem by fixing a target label and learning a regressor without a constant or intercept. Further, it relates to detecting anomalies in near real-time streams of security-related events of one or more tenants by transforming the events in categorized features and requiring a loss function analyzer to correlate, essentially through an origin, the categorized features with a target feature artificially labeled as a constant. It further includes determining an anomaly score for a production event based on calculated likelihood coefficients of categorized feature-value pairs and a prevalencist probability value of the production event comprising the coded features-value pairs.
Sharing content from the cloud has never been easier. The challenge is that without visibility and control over what is being shared and with whom the content is being shared with, there is risk that sensitive data could get in the wrong hands. For example, when an Office 365 user shares sensitive content with a user outside of the organization, it has potential to be a risky situation. To help mitigate this risk, the technology disclosed allows setting of fine-grained access restrictions so as to enforce granular and precise policies on sensitive content.
The use of cloud services for a number of corporate functions is now common. Thus, instead of installing servers within a corporate network to run a customer relationship management (CRM) software product, a software as a service (SaaS) solution such as Salesforce.com's offerings can be used. The information technology (IT) and network architecture approaches that could log and protect access to a classic solution provide limited control. The sprawl of “bring your own devices” (BYODs) and the need to haul that traffic back to the enterprise make it less attractive. For example, VPN solutions are used to control access to the protected corporate network. Proxies (both transparent and explicit) may be used to filter, or limit access to undesirable web sites when the client is accessing the web sites from within the corporate network. Similar filtering software can be installed on client computers, e.g. safe browsing software, to enforce limits on access. A viable solution should provide consistent, centrally administered control, e.g. enforce the same policy across multiple devices, network services, and networks—including corporate networks.
Data is often the lifeblood of any business and it is critical that it is effectively managed, protected, and meets compliance needs. Protecting data in the past was focused primarily on on-premise scenarios, but with the increased adoption of cloud services, companies of all sizes are now relying on the cloud to create, edit, and store data. This presents new challenges. Despite its benefits, the cloud also makes it easy for people to lose sensitive corporate data. For one thing, people can access cloud services from multiple devices more easily. Another is that the cloud services make it easy to share data, including with people outside of an organization. For these reasons, it is easy for data to get out of an organization's control.
Also, as the number of cloud services increases exponentially, there are hundreds of ways data can leak. Employees might be attach a wrong file while sending emails, hit the send button too early, not be careful when rushing to a deadline, or share data and collaborate with people outside of their organization. The native cloud storage sync clients also pose a significant risk to organizations. A continuous sync takes place between the end point and the cloud service without employees realizing they are leaking confidential company information. In the case of disgruntled workers, the cloud services are making it super easy for them to steal intellectual property.
Accordingly, it is imperative to facilitate the use of cloud services so people can continue to be productive and use the best tools for the job without compromising sensitive information such as intellectual property, non-public financials, strategic plans, customer lists, personally identifiable information belonging to customers or employees, and the like.