Abstract: Methods, apparatus, systems and articles of manufacture for producing generic Internet Protocol (IP) reputation through cross-protocol analysis are disclosed. An example apparatus includes a data collector to gather a first data set representing IP telemetry data for a first protocol, the data collector to gather a second data set representing IP telemetry data for a second protocol different from the first protocol. A label generator is to generate a training data set based on records in the first data set and the second data set having matching IP addresses, the training data set to include combined label indicating whether each of the respective matching IP addresses is malicious. A model trainer is to train a machine learning model using the training data set. A model executor is to, responsive to a request from a client device, execute the machine learning model to determine whether a requested IP address is malicious.

Abstract: A service action category based cloud security system and method implement cloud security by categorizing service actions of cloud service providers into a set of service action categories. The service action categorization is performed agnostic to the applications or functions provided by the cloud service providers and also agnostic to the cloud service providers. With the service actions of cloud service providers thus categorized, cloud security monitoring and threat detection can be performed based on service action categories. Thus, cloud security can be implemented without requiring knowledge of the applications supported by the cloud service providers and without knowing all of the individual service actions supported by the cloud service providers.

Abstract: A cloud security system and method implements cloud activity threat detection using analysis of cloud usage user behavior. In particular, the cloud security system and method implements threat detection for users, cloud service providers, or tenants (enterprises) of the cloud security system who are new or unknown to the cloud security system and therefore lacking sufficient cloud activity data to generate an accurate behavior model for effective threat detection. In accordance with embodiments of the present invention, the cloud security system and method performs user behavior analysis to generate generalized user behavior models for user groups, where each user group includes users with similar cloud usage behavior. The user behavior models of the user groups are assigned to users with sparse cloud activity data. In this manner, the cloud security system and method of the present invention ensures effective threat detection by using accurate and reliable user behavior models.

Abstract: A cloud security system and method implements cloud activity threat detection using analysis of cloud usage user behavior. In particular, the cloud security system and method implements threat detection for users, cloud service providers, or tenants (enterprises) of the cloud security system who are new or unknown to the cloud security system and therefore lacking sufficient cloud activity data to generate an accurate behavior model for effective threat detection. In accordance with embodiments of the present invention, the cloud security system and method performs user behavior analysis to generate generalized user behavior models for user groups, where each user group includes users with similar cloud usage behavior. The user behavior models of the user groups are assigned to users with sparse cloud activity data. In this manner, the cloud security system and method of the present invention ensures effective threat detection by using accurate and reliable user behavior models.

Abstract: Methods, apparatus, systems and articles of manufacture for producing generic Internet Protocol (IP) reputation through cross-protocol analysis are disclosed. An example apparatus includes a data collector to gather a first data set representing IP telemetry data for a first protocol, the data collector to gather a second data set representing IP telemetry data for a second protocol different from the first protocol. A label generator is to generate a training data set based on records in the first data set and the second data set having matching IP addresses, the training data set to include combined label indicating whether each of the respective matching IP addresses is malicious. A model trainer is to train a machine learning model using the training data set. A model executor is to, responsive to a request from a client device, execute the machine learning model to determine whether a requested IP address is malicious.

Abstract: A service action category based cloud security system and method implement cloud security by categorizing service actions of cloud service providers into a set of service action categories. The service action categorization is performed agnostic to the applications or functions provided by the cloud service providers and also agnostic to the cloud service providers. With the service actions of cloud service providers thus categorized, cloud security monitoring and threat detection can be performed based on service action categories. Thus, cloud security can be implemented without requiring knowledge of the applications supported by the cloud service providers and without knowing all of the individual service actions supported by the cloud service providers.

Abstract: Methods, apparatus, systems and articles of manufacture for producing generic Internet Protocol (IP) reputation through cross-protocol analysis are disclosed. An example apparatus includes a data collector to gather a first data set representing IP telemetry data for a first protocol, the data collector to gather a second data set representing IP telemetry data for a second protocol different from the first protocol. A label generator is to generate a training data set based on records in the first data set and the second data set having matching IP addresses, the training data set to include combined label indicating whether each of the respective matching IP addresses is malicious. A model trainer is to train a machine learning model using the training data set. A model executor is to, responsive to a request from a client device, execute the machine learning model to determine whether a requested IP address is malicious.

Abstract: A service action category based cloud security system and method implement cloud security by categorizing service actions of cloud service providers into a set of service action categories. The service action categorization is performed agnostic to the applications or functions provided by the cloud service providers and also agnostic to the cloud service providers. With the service actions of cloud service providers thus categorized, cloud security monitoring and threat detection can be performed based on service action categories. Thus, cloud security can be implemented without requiring knowledge of the applications supported by the cloud service providers and without knowing all of the individual service actions supported by the cloud service providers.

Abstract: A cloud security system and method implements cloud activity threat detection using analysis of cloud usage user behavior. In particular, the cloud security system and method implements threat detection for users, cloud service providers, or tenants (enterprises) of the cloud security system who are new or unknown to the cloud security system and therefore lacking sufficient cloud activity data to generate an accurate behavior model for effective threat detection. In accordance with embodiments of the present invention, the cloud security system and method performs user behavior analysis to generate generalized user behavior models for user groups, where each user group includes users with similar cloud usage behavior. The user behavior models of the user groups are assigned to users with sparse cloud activity data. In this manner, the cloud security system and method of the present invention ensures effective threat detection by using accurate and reliable user behavior models.

Abstract: A cloud security system and method implements cloud activity threat detection using analysis of cloud usage user behavior. In particular, the cloud security system and method implements threat detection for users, cloud service providers, or tenants (enterprises) of the cloud security system who are new or unknown to the cloud security system and therefore lacking sufficient cloud activity data to generate an accurate behavior model for effective threat detection. In accordance with embodiments of the present invention, the cloud security system and method performs user behavior analysis to generate generalized user behavior models for user groups, where each user group includes users with similar cloud usage behavior. The user behavior models of the user groups are assigned to users with sparse cloud activity data. In this manner, the cloud security system and method of the present invention ensures effective threat detection by using accurate and reliable user behavior models.

Abstract: Methods, apparatus, systems and articles of manufacture for producing generic Internet Protocol (IP) reputation through cross-protocol analysis are disclosed. An example apparatus includes a data collector to gather a first data set representing IP telemetry data for a first protocol, the data collector to gather a second data set representing IP telemetry data for a second protocol different from the first protocol. A label generator is to generate a training data set based on records in the first data set and the second data set having matching IP addresses, the training data set to include combined label indicating whether each of the respective matching IP addresses is malicious. A model trainer is to train a machine learning model using the training data set. A model executor is to, responsive to a request from a client device, execute the machine learning model to determine whether a requested IP address is malicious.

Abstract: A cloud security system and method implements cloud activity threat detection using analysis of cloud usage user behavior. In particular, the cloud security system and method implements threat detection for users, cloud service providers, or tenants (enterprises) of the cloud security system who are new or unknown to the cloud security system and therefore lacking sufficient cloud activity data to generate an accurate behavior model for effective threat detection. In accordance with embodiments of the present invention, the cloud security system and method performs user behavior analysis to generate generalized user behavior models for user groups, where each user group includes users with similar cloud usage behavior. The user behavior models of the user groups are assigned to users with sparse cloud activity data. In this manner, the cloud security system and method of the present invention ensures effective threat detection by using accurate and reliable user behavior models.

Abstract: A system and method for filtering detected anomalies in cloud service usage activities associated with an enterprise uses a trusted location analysis to filter detected anomalies. The locations from which the cloud usage activities are made are analyzed and designated as trusted or non-trusted. The trusted location determination is used to filter the detected anomalies that are associated with trusted locations and therefore may be of low risk. In this manner, actions can be taken only on detected anomalies that are associated with non-trusted locations and therefore may be high risk. The system and method of the present invention enable security incidents, anomalies and threats from cloud activity to be detected, filtered and annotated based on the location heuristics. The trusted location analysis identifies trusted locations automatically using cloud activity usage data and does not rely on potentially unreliable location data from user input.

Abstract: A system and method for filtering detected anomalies in cloud service usage activities associated with an enterprise uses a trusted location analysis to filter detected anomalies. The locations from which the cloud usage activities are made are analyzed and designated as trusted or non-trusted. The trusted location determination is used to filter the detected anomalies that are associated with trusted locations and therefore may be of low risk. In this manner, actions can be taken only on detected anomalies that are associated with non-trusted locations and therefore may be high risk. The system and method of the present invention enable security incidents, anomalies and threats from cloud activity to be detected, filtered and annotated based on the location heuristics. The trusted location analysis identifies trusted locations automatically using cloud activity usage data and does not rely on potentially unreliable location data from user input.

Abstract: A cloud security system and method implements cloud activity threat detection using analysis of cloud usage user behavior. In particular, the cloud security system and method implements threat detection for users, cloud service providers, or tenants (enterprises) of the cloud security system who are new or unknown to the cloud security system and therefore lacking sufficient cloud activity data to generate an accurate behavior model for effective threat detection. In accordance with embodiments of the present invention, the cloud security system and method performs user behavior analysis to generate generalized user behavior models for user groups, where each user group includes users with similar cloud usage behavior. The user behavior models of the user groups are assigned to users with sparse cloud activity data. In this manner, the cloud security system and method of the present invention ensures effective threat detection by using accurate and reliable user behavior models.

Abstract: A system and method for filtering detected anomalies in cloud service usage activities associated with an enterprise uses a trusted location analysis to filter detected anomalies. The locations from which the cloud usage activities are made are analyzed and designated as trusted or non-trusted. The trusted location determination is used to filter the detected anomalies that are associated with trusted locations and therefore may be of low risk. In this manner, actions can be taken only on detected anomalies that are associated with non-trusted locations and therefore may be high risk. The system and method of the present invention enable security incidents, anomalies and threats from cloud activity to be detected, filtered and annotated based on the location heuristics. The trusted location analysis identifies trusted locations automatically using cloud activity usage data and does not rely on potentially unreliable location data from user input.

Abstract: A system and method for filtering detected anomalies in cloud service usage activities associated with an enterprise uses a trusted location analysis to filter detected anomalies. The locations from which the cloud usage activities are made are analyzed and designated as trusted or non-trusted. The trusted location determination is used to filter the detected anomalies that are associated with trusted locations and therefore may be of low risk. In this manner, actions can be taken only on detected anomalies that are associated with non-trusted locations and therefore may be high risk. The system and method of the present invention enable security incidents, anomalies and threats from cloud activity to be detected, filtered and annotated based on the location heuristics. The trusted location analysis identifies trusted locations automatically using cloud activity usage data and does not rely on potentially unreliable location data from user input.

Abstract: A system and method for filtering detected anomalies in cloud service usage activities associated with an enterprise uses a trusted location analysis to filter detected anomalies. The locations from which the cloud usage activities are made are analyzed and designated as trusted or non-trusted. The trusted location determination is used to filter the detected anomalies that are associated with trusted locations and therefore may be of low risk. In this manner, actions can be taken only on detected anomalies that are associated with non-trusted locations and therefore may be high risk. The system and method of the present invention enable security incidents, anomalies and threats from cloud activity to be detected, filtered and annotated based on the location heuristics. The trusted location analysis identifies trusted locations automatically using cloud activity usage data and does not rely on potentially unreliable location data from user input.