Abstract: A machine learning model is trained using tuples that identify an actor, a resource, and a rating based on a normalized count of the actor's attempts to access the resource. Actors may be users, groups, IP addresses, or otherwise defined. Resources may be storage, virtual machines, APIs, or otherwise defined. A risk assessor code feeds an actor-resource pair to the trained model, which computes a recommendation score using collaborative filtering. The risk assessor inverts the recommendation score to obtain a risk measurement; a low recommendation score corresponds to a high risk, and vice versa. The risk assessor code or other code takes cybersecurity action based on the recommendation score. Code may accept a risk R, or aid mitigation of the risk R, where R denotes a risk that the scored pair represents an unauthorized attempt by the pair actor to access the pair resource.

Abstract: Cybersecurity peer identification (CPI) technology obtains security group definitions from an identity directory, computes peerSimilarityScores that represent user similarity in terms of security permissions, and submits contextual cybersecurity peer data to cybersecurity peer-based functionality (CPBF). CPBF code may then perform behavior analytics, resource management, permissions management, or location management. Cyberattacks may then be disrupted or mitigated, and inefficiencies may be avoided or decreased. Having smaller security groups in common gives users higher peerSimilarityScores than having larger groups in common, as a result of logarithmic, reciprocal, or other score functions. Security group definitions are refreshed and peer scores are updated at regular intervals or on demand by CPI code, to avoid staleness.

Abstract: A machine learning model is trained using tuples that identify an actor, a resource, and a rating based on a normalized count of the actor's attempts to access the resource. Actors may be users, groups, IP addresses, or otherwise defined. Resources may be storage, virtual machines, APIs, or otherwise defined. A risk assessor code feeds an actor—resource pair to the trained model, which computes a recommendation score using collaborative filtering. The risk assessor inverts the recommendation score to obtain a risk measurement; a low recommendation score corresponds to a high risk, and vice versa. The risk assessor code or other code takes cybersecurity action based on the recommendation score. Code may accept a risk R, or aid mitigation of the risk R, where R denotes a risk that the scored pair represents an unauthorized attempt by the pair actor to access the pair resource.

Abstract: Cybersecurity peer identification (CPI) technology obtains security group definitions from an identity directory, computes peerSimilarityScores that represent user similarity in terms of security permissions, and submits contextual cybersecurity peer data to cybersecurity peer-based functionality (CPBF). CPBF code may then perform behavior analytics, resource management, permissions management, or location management. Cyberattacks may then be disrupted or mitigated, and inefficiencies may be avoided or decreased. Having smaller security groups in common gives users higher peerSimilarityScores than having larger groups in common, as a result of logarithmic, reciprocal, or other score functions. Security group definitions are refreshed and peer scores are updated at regular intervals or on demand by CPI code, to avoid staleness.