Abstract: A server for detecting fraudulent user authentication requests is caused to receive, by a plurality of machine learning (ML) models, a dataset including user data specific to a user logging into an account during an authentication request and device data specific to a computing device used by the user to log into the account during the authentication request, generate, with the plurality of ML models configured to detect a plurality of different fraud types, a response based on the dataset, the response including at least one ML score representing a probability of at least one of the plurality of different fraud types occurring during the authentication request, and generate an authentication denial response for the authentication request based on the ML score and a threshold. Other example servers, systems, apparatuses, methods, and non-transitory computer readable medium for detecting fraudulent user authentication requests are also disclosed.

Abstract: A server for detecting anomalies associated with users accessing a network is caused to receive a dataset including static data and dynamic data. The static data includes location data of resources associated with the network and user data, and the dynamic data includes user access events. The server is further caused to detect, with a plurality of unsupervised machine learning models, an anomaly associated with a user accessing the network based on the static data and the dynamic data, determine whether the detected anomaly is critical, and in response to determining the detected anomaly is critical, generate and transmit a security alert specific to the detected anomaly to a security operation center. Other example servers, systems, apparatuses, methods, and non-transitory computer readable medium for detecting anomalies associated with users accessing a network are also disclosed.

Abstract: A server for identifying and prioritizing IT security events associated with a network is caused to receive a dataset representing IT security events specific to one or more resources associated with the network, generate, by defined algorithms, individual scores for the IT security events, correlate each of the individual scores for the IT security events with the one or more resources, aggregate, for a resource of the one or more resources, each of the individual scores correlated with the resource into a security score specific to the resource, determine whether the security score exceeds a defined threshold, and in response to the security score exceeding the defined threshold, generate and transmit a security incident alert specific to the resource to a security operation center. Example servers, systems, apparatuses, methods, and non-transitory computer readable medium for identifying and prioritizing IT security events associated with a network are also disclosed.