System and method for detecting anomalies associated with network traffic to cloud applications

• Main Authors: Kaplan, Shai, Most, Yonatan
• Format: Patent
• Language: English
• Published: 14.01.2020
• Subjects: ELECTRIC COMMUNICATION TECHNIQUE; ELECTRICITY; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION

An anomaly detection system is provided and includes a processor, a memory, and a security application that is stored in the memory and includes instructions. The instructions are configured to collect information of behavior data for the users of an organization accessing cloud applications via a distributed network. The behavior data includes one or more parameters tracked over time for the users. The instructions are further configured to: establish baselines for each of the users and for each of the cloud applications or types of cloud applications of the organization; detect anomalies based on the baselines; provide aggregated anomaly data by aggregating anomalies corresponding to two or more of the baselines and a same behavior or corresponding to multiple users of a same cloud application during a same period of time; determine a risk value based on the aggregated anomaly data; and perform a countermeasure based on the risk value.