CyberArk Software Ltd.
IDENTIFICATION AND CONTROL OF SUSPICIOUS CONNECTED IDENTITIES AND ACTIVITIES

Abstract:

Disclosed embodiments relate to detecting temporal deviations indicative of suspicious network identities or activities. Techniques include identifying data communications exchanged between two or more connected resources; accessing a temporal profile for the data communications, the temporal profile indicating a time for one or more of the data communications to be exchanged; deploying the temporal profile for analyzing future data communications exchanged between the two or more connected resources; identifying a first data communication; determining an elapsed time parameter of the first data communication; comparing the elapsed time parameter to the temporal profile; determining, based on the comparison, that the elapsed time parameter exceeds the temporal profile; and determining, based on the elapsed time parameter exceeding the temporal profile, an existence of a suspicious connected identity or activity in a communication path between the two or more connected resources.