Abstract: A method, a system, and an article are provided for identification of security-related activities based on usage of a plurality of independent cloud-based, hosted application platforms. An example method includes: receiving, from the application platforms, activity data and state data for a plurality of users of the application platforms; generating one or more predictive models configured to detect deviations from normal user behavior across the application platforms; providing, as input to the one or more predictive models, the activity data and the state data for at least one of the users; receiving, from the one or more predictive models, an indication that an activity of the at least one of the users deviates from the normal user behavior; and facilitating a remedial action to address the indicated deviation.

Abstract: A method, a system, and an article are provided for identification of security-related activities based on usage of a plurality of independent cloud-based, hosted application platforms. An example method includes: receiving, from the application platforms, activity data and state data for a plurality of users of the application platforms; generating one or more predictive models configured to detect deviations from normal user behavior across the application platforms; providing, as input to the one or more predictive models, the activity data and the state data for at least one of the users; receiving, from the one or more predictive models, an indication that an activity of the at least one of the users deviates from the normal user behavior; and facilitating a remedial action to address the indicated deviation.

Abstract: In one respect, there is provided a system for classifying malware. The system may include a data processor and a memory. The memory may include program code that provides operations when executed by the processor. The operations may include: providing, to a display, contextual information associated with a file to at least enable a classification of the file, when a malware classifier is unable to classify the file; receiving, in response to the providing of the contextual information, the classification of the file; and updating, based at least on the received classification of the file, the malware classifier to enable the malware classifier to classify the file. Methods and articles of manufacture, including computer program products, are also provided.

Abstract: A method, a system, and an article are provided for identification of security-related activities based on usage of a plurality of independent cloud-based, hosted application platforms. An example method includes: receiving, from the application platforms, activity data and state data for a plurality of users of the application platforms; generating one or more predictive models configured to detect deviations from normal user behavior across the application platforms; providing, as input to the one or more predictive models, the activity data and the state data for at least one of the users; receiving, from the one or more predictive models, an indication that an activity of the at least one of the users deviates from the normal user behavior; and facilitating a remedial action to address the indicated deviation.

Abstract: A method, a system, and an article are provided for identification of security-related activities based on usage of a plurality of independent cloud-based, hosted application platforms. An example method includes: receiving, from the application platforms, activity data and state data for a plurality of users of the application platforms; generating one or more predictive models configured to detect deviations from normal user behavior across the application platforms; providing, as input to the one or more predictive models, the activity data and the state data for at least one of the users; receiving, from the one or more predictive models, an indication that an activity of the at least one of the users deviates from the normal user behavior; and facilitating a remedial action to address the indicated deviation.

Abstract: In one respect, there is provided a system for classifying malware. The system may include a data processor and a memory. The memory may include program code that provides operations when executed by the processor. The operations may include: providing, to a display, contextual information associated with a file to at least enable a classification of the file, when a malware classifier is unable to classify the file; receiving, in response to the providing of the contextual information, the classification of the file; and updating, based at least on the received classification of the file, the malware classifier to enable the malware classifier to classify the file. Methods and articles of manufacture, including computer program products, are also provided.

Abstract: In one respect, there is provided a system for classifying malware. The system may include a data processor and a memory. The memory may include program code that provides operations when executed by the processor. The operations may include: providing, to a display, contextual information associated with a file to at least enable a classification of the file, when a malware classifier is unable to classify the file; receiving, in response to the providing of the contextual information, the classification of the file; and updating, based at least on the received classification of the file, the malware classifier to enable the malware classifier to classify the file. Methods and articles of manufacture, including computer program products, are also provided.

Abstract: In one respect, there is provided a system for classifying malware. The system may include a data processor and a memory. The memory may include program code that provides operations when executed by the processor. The operations may include: providing, to a display, contextual information associated with a file to at least enable a classification of the file, when a malware classifier is unable to classify the file; receiving, in response to the providing of the contextual information, the classification of the file; and updating, based at least on the received classification of the file, the malware classifier to enable the malware classifier to classify the file. Methods and articles of manufacture, including computer program products, are also provided.