Abstract: Systems and methods for a machine-learning driven fine-grained file access control approach are provided. According to one embodiment, a server associated with an enterprise network can obtain and store information regarding historical user behavior of users of the enterprise network by observing file access requests initiated by the users. The server receives a file access request initiated by a user, which relates to a file stored within the enterprise network in encrypted form. In response to receipt of the file access request, the server determines a risk score for the user based on multiple factors, including information regarding historical user behavior, the file access request and observed data determined based on the file access request so that based on the risk score, access to the file is permitted by returning a decryption key for the file or denied by withholding the decryption key.

Abstract: Systems and methods for a machine-learning driven fine-grained file access control approach are provided. According to one embodiment, a server associated with an enterprise network can obtain and store information regarding historical user behavior of users of the enterprise network by observing file access requests initiated by the users. The server receives a file access request initiated by a user, which relates to a file stored within the enterprise network in encrypted form. In response to receipt of the file access request, the server determines a risk score for the user based on multiple factors, including information regarding historical user behavior, the file access request and observed data determined based on the file access request so that based on the risk score, access to the file is permitted by returning a decryption key for the file or denied by withholding the decryption key.

Abstract: The present invention relates to a forensic analysis method performed on a Distributed Computing System (DCS) (10) comprising a server (18) and at least one client machine (14). The method comprises collecting data in a client machine (14) of the DCS (10) to form a first data set, the collected data being a function call to a resource comprised in the DCS. The method further comprises applying a data reduction model to the first data set to form a second data set and processing the second data set in the server (18) of the DCS (10) to provide for detection of suspect behaviour at the client machine (14). The data reduction model is configured to extract a subset of data from the first data set to form the second data set, the subset of data comprising: user account identifier; and process and object identifier.

Abstract: The present invention relates to a forensic analysis method performed on a Distributed Computing System (DCS) (10) comprising a server (18) and at least one client machine (14). The method comprises collecting data in a client machine (14) of the DCS (10) to form a first data set, the collected data being a function call to a resource comprised in the DCS. The method further comprises applying a data reduction model to the first data set to form a second data set and processing the second data set in the server (18) of the DCS (10) to provide for detection of suspect behaviour at the client machine (14). The data reduction model is configured to extract a subset of data from the first data set to form the second data set, the subset of data comprising: user account identifier; and process and object identifier.