| CPC H04L 63/107 (2013.01) [H04L 63/105 (2013.01); H04L 63/1441 (2013.01)] | 20 Claims |
|
1. A method, comprising:
determining (1) activity geolocation concentrations at an entity level and (2) IP address concentrations at the entity level for an entity having access to a plurality of independent cloud-based applications;
determining, for each activity type from a plurality of activity types performed at the plurality of independent cloud-based applications and associated with the entity, (1) activity geolocation concentrations at an activity level for that activity type and (2) IP address concentrations at the activity level for that activity type;
determining, for each member from a plurality of members associated with the entity, (1) activity geolocation concentrations at a member level for that member and (2) IP address concentrations at the member level for that member;
generating at least one trustworthiness score for an activity, having an activity type and associated with a member from the plurality of members, based on: (1) a geolocation associated with the activity; (2) at least one of the activity geolocation concentrations at the entity level, the activity geolocation concentrations at the activity level for the activity type, or the activity geolocation concentrations at the member level for the member; (3) an IP address associated with the activity; (4) an ISP associated with the IP address; and (5) at least one of the IP address concentrations at the entity level, the IP address concentrations at the activity level for the activity type, or the IP address concentrations at the member level for the member; and
in response to the at least one trustworthiness score being outside a predetermined range, sending an instruction to cause a remedial action in at least one of a network associated with the entity, an application from the plurality of independent cloud-based applications, or a compute device of a member associated with the entity.
|