Abstract: A dormant account identifier is disclosed. An inactive account can be determined based on whether a user activity of the account is outside a threshold amount. A determination can be made as to whether the inactive account is a dormant account based on account activity of a peer account to the inactive account.

Abstract: Distributed computing system (DCS) performance is enhanced by caching optimizations. The DCS includes nodes with local caches. Resource accessors such as users are clustered based on their similarity, and the clusters are assigned to nodes. Then processing workloads are distributed among the nodes based on the accessors the workloads implicate, and based on which nodes were assigned to those accessors' clusters. Clustering may place security peers together in a cluster, and hence place peers together on a node. Security peers tend to access the same resources, so those resources will more often be locally cached, improving performance. Workloads implicating peers also tend to access the same resources, such as peers' behavior histories, so those resources will likewise tend to be cached locally, thus optimizing performance as compared for example to randomly assigning accessors to nodes without clustering and without regard to security peer groupings.

Abstract: Cybersecurity peer identification (CPI) technology obtains security group definitions from an identity directory, computes peerSimilarityScores that represent user similarity in terms of security permissions, and submits contextual cybersecurity peer data to cybersecurity peer-based functionality (CPBF). CPBF code may then perform behavior analytics, resource management, permissions management, or location management. Cyberattacks may then be disrupted or mitigated, and inefficiencies may be avoided or decreased. Having smaller security groups in common gives users higher peerSimilarityScores than having larger groups in common, as a result of logarithmic, reciprocal, or other score functions. Security group definitions are refreshed and peer scores are updated at regular intervals or on demand by CPI code, to avoid staleness.

Abstract: Distributed computing system (DCS) performance is enhanced by caching optimizations. The DCS includes nodes with local caches. Resource accessors such as users are clustered based on their similarity, and the clusters are assigned to nodes. Then processing workloads are distributed among the nodes based on the accessors the workloads implicate, and based on which nodes were assigned to those accessors' clusters. Clustering may place security peers together in a cluster, and hence place peers together on a node. Security peers tend to access the same resources, so those resources will more often be locally cached, improving performance. Workloads implicating peers also tend to access the same resources, such as peers' behavior histories, so those resources will likewise tend to be cached locally, thus optimizing performance as compared for example to randomly assigning accessors to nodes without clustering and without regard to security peer groupings.

Abstract: A dormant account identifier is disclosed. An inactive account can be determined based on whether a user activity of the account is outside a threshold amount. A determination can be made as to whether the inactive account is a dormant account based on account activity of a peer account to the inactive account.

Abstract: Cybersecurity peer identification (CPI) technology obtains security group definitions from an identity directory, computes peerSimilarityScores that represent user similarity in terms of security permissions, and submits contextual cybersecurity peer data to cybersecurity peer-based functionality (CPBF). CPBF code may then perform behavior analytics, resource management, permissions management, or location management. Cyberattacks may then be disrupted or mitigated, and inefficiencies may be avoided or decreased. Having smaller security groups in common gives users higher peerSimilarityScores than having larger groups in common, as a result of logarithmic, reciprocal, or other score functions. Security group definitions are refreshed and peer scores are updated at regular intervals or on demand by CPI code, to avoid staleness.