CPC H04L 63/1425 (2013.01) [G06F 21/316 (2013.01); G06F 21/566 (2013.01); G06N 7/01 (2023.01); H04L 63/14 (2013.01); H04L 63/1441 (2013.01); H04L 67/535 (2022.05)] | 23 Claims |
1. A computer-implemented method, comprising:
receiving, from a plurality of cloud-based application platforms provided by a plurality of service providers, activity data and state data for a plurality of users of the application platforms, the activity data being indicative of user activities within the application platforms, the state data being indicative of a status of the users within the application platforms, and the plurality of service providers using a plurality of naming conventions such that a first file is associated with multiple file names;
performing an entity resolution process to map the first file to the multiple file names, the entity resolution process including a first phase in which multiple entities are resolved to a single entity and a second phase in which the single entity is resolved against an application-agnostic dictionary such that entities having a similar type are identified using a common term;
providing, as input to one or more predictive models configured to detect deviations from normal user behavior across the application platforms, the activity data and the state data for at least one of the users;
receiving, as output from the one or more predictive models, an indication that an activity of the at least one of the users deviates from the normal user behavior; and
facilitating a remedial action to address the indicated deviation.
|