| CPC G06F 21/57 (2013.01) [G06F 16/955 (2019.01); G06F 21/44 (2013.01); G06F 21/53 (2013.01); H04L 41/16 (2013.01); H04L 63/0428 (2013.01); H04L 63/08 (2013.01); H04L 63/083 (2013.01); H04L 63/10 (2013.01); H04L 63/102 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); H04L 63/20 (2013.01); H04L 67/125 (2013.01); H04L 67/55 (2022.05); H04W 12/08 (2013.01)] | 24 Claims |
|
1. A method comprising:
monitoring, with web browsers, sessions between a plurality of cloud computing resources and users using the web browsers to access the plurality of cloud computing resources, wherein the monitoring is to accumulate data of the sessions and session metadata;
processing the accumulated data of the sessions to determine first values that characterize operation of the plurality of cloud computing resources during the sessions, to determine second values that characterize operation of user equipment hosting the web browsers during the sessions, and to determine third values that characterize actions of the users accessing the plurality of cloud computing resources during the sessions;
based on the first, second, and third values determined from the accumulated data, determining user specific normal behavior patterns and group normal behavior patterns and determining one or more vulnerabilities with respect to at least one of the user actions and at least one of the plurality of cloud computing resources; and
monitoring, via the web browsers, accessing of the plurality of cloud computing resources using the user specific normal behavior patterns and the group normal behavior patterns to detect at least one of anomalous behavior and breach of a security policy.
|