Zscaler, Inc.
Machine Learning-based user and entity behavior analysis for network security

Abstract:

Systems and methods include utilizing a grouping model to identify a function of a user of a tenant; utilizing one or more behavior models to identify normal behavior and abnormal behavior of the user based on the function; and utilizing an orchestration model with a plurality of rules to score one or more of current and historical behavior of the user, based on the one or more behavior models; and utilizing an active learning model to improve the efficiency of the orchestration model The systems and methods can further include causing a security technique based on the score. The systems and methods can further include providing feedback based on the score to the one or more behavior models.