Abstract: For an entity having access to a plurality of independent cloud-based applications and including a member having access to at least one cloud-based application from the plurality of independent cloud-based applications via at least one member account associated with the at least one cloud-based application, a plurality of activities performed using the at least one member account can be analyzed with at least one machine learning model configured to flag an activity of an activity type from the plurality of activities in response to (1) the activity being associated with a geolocation outside a trusted geolocation cluster at an entity level, an activity level, and/or a member level, or (2) the activity being associated with an internet service provider (ISP) that is not recognized as being (a) a trusted ISP at the entity level, the activity level, and/or the member level.

Abstract: At least one aspect of the technical solutions described herein relate to a system. The system can include one or more processors coupled with memory. The system can receive a message can include an identifier of a browser extension executing on the client device and a user identifier of a software-as-a-service (SaaS) application. The system can bind a subdomain identifier with the identifier of the browser extension. The system can transmit a uniform resource identifier (URI) including the subdomain identifier to the client device. The domain name service (DNS) request can include a host identifier of the client device. The system can access a DNS log of the DNS system to identify the host identifier using the subdomain identifier. The system can bind the identifier of the browser extension and the user identifier with the host identifier of the client device.

Abstract: For an entity having access to a plurality of independent cloud-based applications and including a member having access to at least one cloud-based application from the plurality of independent cloud-based applications via at least one member account associated with the at least one cloud-based application, a plurality of activities performed using the at least one member account can be analyzed with at least one machine learning model configured to flag an activity of an activity type from the plurality of activities in response to (1) the activity being associated with a geolocation outside a trusted geolocation cluster at an entity level for the entity, a trusted geolocation cluster at an activity level for the activity type, and/or a trusted geolocation cluster at a member level for the member, or (2) the activity being associated with an internet service provider (ISP) that is not recognized as being (a) a trusted ISP at the entity level for the entity, (b) a trusted ISP at the activity level for the act

Abstract: In an embodiment, a browser extension for a browser is installed at the first compute device. A first log indicating activities tracked by the browser extension as being performed at a software as a service (SaaS) application via the browser and by the user is generated. A representation of the first log is sent to a second compute device to cause the second compute device to perform cyber attestation by comparing (1) the first log and (2) a second log (a) sent to the second compute device via a third compute device associated with the SaaS application and (b) representing activities determined by the third compute device as being performed at the SaaS application via the browser and by the user.

Abstract: In an embodiment, a method includes receiving, via a processor, identity provider (IDP)/single sign on (SSO) data that is associated with an IDP and an SSO entity. The IDP and the SSO entity manage access to a plurality of cloud-based applications for a plurality of user compute devices for a plurality of users. The method further includes generating, via the processor and without accessing the plurality of cloud-based applications, analytics based on the IDP/SSO data. The method further includes causing, via the processor, an action based on the analytics.

Abstract: A method, a system, and an article are provided for identification of security-related activities based on usage of a plurality of independent cloud-based, hosted application platforms. An example method includes: receiving, from the application platforms, activity data and state data for a plurality of users of the application platforms; generating one or more predictive models configured to detect deviations from normal user behavior across the application platforms; providing, as input to the one or more predictive models, the activity data and the state data for at least one of the users; receiving, from the one or more predictive models, an indication that an activity of the at least one of the users deviates from the normal user behavior; and facilitating a remedial action to address the indicated deviation.

Abstract: A method, a system, and an article are provided for identification of security-related activities based on usage of a plurality of independent cloud-based, hosted application platforms. An example method includes: receiving, from the application platforms, activity data and state data for a plurality of users of the application platforms; generating one or more predictive models configured to detect deviations from normal user behavior across the application platforms; providing, as input to the one or more predictive models, the activity data and the state data for at least one of the users; receiving, from the one or more predictive models, an indication that an activity of the at least one of the users deviates from the normal user behavior; and facilitating a remedial action to address the indicated deviation.