Abstract: Systems and methods for determining a user's presence on a network of an enterprise are provided. Traffic is collected to a network from devices and, over a period of time, login and logoff information from a user is determined from the collected network traffic. Network sessions are determined from a user's login and logoff information and timetable is generated specific to the user that contains the network sessions. The time table identifies when the user was active and when the user was not active based on the login and logoff information and, therefore, present at a particular location over a period of time.

Abstract: Aspects of the technology described herein provide a mechanism for controlling access to secure computing resources based on inferred user authentication. A current user may be authenticated and access to secure computing resources permitted based on a determined probability that the current user is a legitimate user associated with the secure computing resource. Legitimacy of the current user may be inferred based on a comparison of user-related activity of the current user to a persona model, which may comprise behavior patterns, rules, or other information for identifying a legitimate user. If it is determined that the current user is likely legitimate, then access to secure information may be permitted. However, if it is determined that the current user is likely illegitimate, than a verification procedure may be provided to the current user, such as a temporal, dynamic security challenge based on recent activity conducted by the legitimate user.

Abstract: According to examples, an apparatus for managing alerts pertaining to additions of users to a user group in a computer network may include a processor and a memory, which may have stored thereon machine readable instructions that are to cause the processor to, during a learning period, identify an entity that added a user to the user group during the learning period and enter an identification of the identified entity into an allowed entity list for the user group. Following the learning period, the instructions are to cause the processor to identify a user addition event that indicates that an adding entity added another user to the user group, determine whether the adding entity is in the allowed entity list, and manage issuance of an alert regarding the user addition event based upon whether the adding entity is in the allowed entity list to reduce a number of issued alerts.

Abstract: Aspects of the technology described herein provide a mechanism for controlling access to secure computing resources based on inferred user authentication. A current user may be authenticated and access to secure computing resources permitted based on a determined probability that the current user is a legitimate user associated with the secure computing resource. Legitimacy of the current user may be inferred based on a comparison of user-related activity of the current user to a persona model, which ay comprise behavior patterns, rules, or other information for identifying a legitimate user. If it is determined that the current user is likely legitimate, then access to secure information may be permitted. However, if it is determined that the current user is likely illegitimate, than a verification procedure may be provided to the current user, such as a temporal, dynamic security challenge based on recent activity conducted by the legitimate user.

Abstract: Determining impossible travel for a specific user entity associated with an on-premises site. A method includes identifying an estimated location of an on-premises site associated with an organization network. Identifying the estimated location of an on-premises site comprises aggregating connection information of remote devices, remote from the on-premises site connecting to the on-premises site. Information related to an on-premises connection event is identified including the estimated location, time information, and a first user identification for an entity. Information is identified related to a different connection event. The information comprises location information, time information and a second user identification for the entity. The information related to the on-premises connection event and the information related to the different connection event are used to detect impossible travel for the entity. An alert indicating an impossible travel condition is provided.

Abstract: The present disclosure provides for improved computational efficiency and security in a network by determining the physical location of network connected components, without requiring the components to self-locate. The locations of devices remotely connected to a site within the network are geolocated so that the physical location of that site may be inferred from a centralized point to the remote devices' locations. This calculate site location may be compared against a known site location to improve a generalized algorithm for determining the calculated location of a site with an unknown location, and may be applied to devices that are locally connected to the network, which may be otherwise incapable of being geolocated.

Abstract: Aspects of the technology described herein provide a mechanism for controlling access to secure computing resources based on inferred user authentication. A current user may be authenticated and access to secure computing resources permitted based on a determined probability that the current user is a legitimate user associated with the secure computing resource. Legitimacy of the current user may be inferred based on a comparison of user-related activity of the current user to a persona model, which may comprise behavior patterns, rules, or other information for identifying a legitimate user. If it is determined that the current user is likely legitimate, then access to secure information may be permitted. However, if it is determined that the current user is likely illegitimate, than a verification procedure may be provided to the current user, such as a temporal, dynamic security challenge based on recent activity conducted by the legitimate user.

Abstract: According to examples, an apparatus for managing alerts pertaining to additions of users to a user group in a computer network may include a processor and a memory, which may have stored thereon machine readable instructions that are to cause the processor to, during a learning period, identify an entity that added a user to the user group during the learning period and enter an identification of the identified entity into an allowed entity list for the user group. Following the learning period, the instructions are to cause the processor to identify a user addition event that indicates that an adding entity added another user to the user group, determine whether the adding entity is in the allowed entity list, and manage issuance of an alert regarding the user addition event based upon whether the adding entity is in the allowed entity list to reduce a number of issued alerts.

Abstract: A method includes acts for filtering auto consumption recommendations and auto consumption actions. The method includes receiving from a recommendation system, a recommendation of an asset for consumption. The asset for consumption is evaluated in the context of one or more filter rules regarding auto consumption. The filter rules are configured to filter recommended assets from being consumed when certain criteria are met or to permit recommended assets to be consumed when certain criteria are met. As a result, the method includes identifying one or more constraints on how recommended asset should be consumed. The method further includes filtering consumption of the recommended asset based on the one or more constraints.

Abstract: Determining impossible travel for a specific user entity associated with an on-premises site. A method includes identifying an estimated location of an on-premises site associated with an organization network. Identifying the estimated location of an on-premises site comprises aggregating connection information of remote devices, remote from the on-premises site connecting to the on-premises site. Information related to an on-premises connection event is identified including the estimated location, time information, and a first user identification for an entity. Information is identified related to a different connection event. The information comprises location information, time information and a second user identification for the entity. The information related to the on-premises connection event and the information related to the different connection event are used to detect impossible travel for the entity. An alert indicating an impossible travel condition is provided.

Abstract: Systems and methods for determining a user's presence on a network of an enterprise are provided. Traffic is collected to a network from devices and, over a period of time, login and logoff information from a user is determined from the collected network traffic. Network sessions are determined from a user's login and logoff information and timetable is generated specific to the user that contains the network sessions. The time table identifies when the user was active and when the user was not active based on the login and logoff information and, therefore, present at a particular location over a period of time.

Abstract: The present disclosure provides for improved computational efficiency and security in a network by determining the physical location of network connected components, without requiring the components to self-locate. The locations of devices remotely connected to a site within the network are geolocated so that the physical location of that site may be inferred from a centralized point to the remote devices' locations. This calculate site location may be compared against a known site location to improve a generalized algorithm for determining the calculated location of a site with an unknown location, and may be applied to devices that are locally connected to the network, which may be otherwise incapable of being geolocated.

Abstract: Aspects of the technology described herein provide a mechanism for controlling access to secure computing resources based on inferred user authentication. A current user may be authenticated and access to secure computing resources permitted based on a determined probability that the current user is a legitimate user associated with the secure computing resource. Legitimacy of the current user may be inferred based on a comparison of user-related activity of the current user to a persona model, which may comprise behavior patterns, rules, or other information for identifying a legitimate user. If it is determined that the current user is likely legitimate, then access to secure information may be permitted. However, if it is determined that the current user is likely illegitimate, than a verification procedure may be provided to the current user, such as a temporal, dynamic security challenge based on recent activity conducted by the legitimate user.

Abstract: A method includes acts for filtering auto consumption recommendations and auto consumption actions. The method includes receiving from a recommendation system, a recommendation of an asset for consumption. The asset for consumption is evaluated in the context of one or more filter rules regarding auto consumption. The filter rules are configured to filter recommended assets from being consumed when certain criteria are met or to permit recommended assets to be consumed when certain criteria are met. As a result, the method includes identifying one or more constraints on how recommended asset should be consumed. The method further includes filtering consumption of the recommended asset based on the one or more constraints.