Abstract: Aspects of the technology described herein detect potential security breaches in delegate applications by monitoring communications received from a delegate application. Anomalies in the delegate application communications can indicate that the delegate application has been breached and is now being controlled by an entity other than an authorized entity. An anomaly may be a new or unusual attribute value within the delegate-application's communication. Initially, the anomaly detection system may a build a baseline of attribute values for a single delegate application within a single tenant and separate baseline for the tenant. If the attribute value is anomalous to both the application-specific baseline and the tenant-specific baseline then the message may be designated as anomalous. Mitigation can then be undertaken.

Abstract: Techniques are described herein that are capable of detecting ransomware among files using information that is not included in content of the files. The files are determined based on file-related operation(s) being performed on each of the files during a session of a cloud-based application. A subset of the files is determined such that each file in the subset has multiple file extensions during the session. A value, which is based on a number of the files in the subset, is compared to a threshold. A determination is made whether the files include the ransomware based on whether the value is greater than or equal to the threshold. An alert, which indicates that the files include the ransomware, is selectively triggered based on detection of whether the files include the ransomware.

Abstract: Techniques are described herein that are capable of detecting ransomware among files using information that is not included in content of the files. The files are determined based on file-related operation(s) being performed on each of the files during a session of a cloud-based application. A subset of the files is determined such that each file in the subset has multiple file extensions during the session. A value, which is based on a number of the files in the subset, is compared to a threshold. A determination is made whether the files include the ransomware based on whether the value is greater than or equal to the threshold. An alert, which indicates that the files include the ransomware, is selectively triggered based on detection of whether the files include the ransomware.

Abstract: A composite art work and a process for producing the same are disclosed. The art work comprises a representation adhesively affixed to a relatively smooth backing and an artistic frame contiguous with the representation. At least a portion of the frame is produced from a forming medium applied to the backing such that edges of the representation are substantially indistinguishable from an art form produced from said forming medium.