At the heart of it, Cloud Security solutions look for unusual behavior. This means that the solutions detect any activities that are out of the ordinary in your Cloud Security system, such as an increase in data requests or an unusual pattern of user logins. Detecting these types of activities protects the networks from potential threats.
Common examples of attacks are:
- “Impossible Travel” – logging in from two places that are geographically impossible for you to travel to in a set amount of time. Say, logins from New York and Los Angeles are within an hour of each other.
- Logins from Russia – this is just always bad.
- A high number of failed logins in a row.
- A high number of files deleted from OneDrive in a short period, or potentially sensitive files shared outside your organization.
- Security questions changed or new recovery emails added.
- Outlook forwarding rules created.
Most Cloud Security Systems are tailored to your organization needs. For example, A login from the Cayman Islands may be unusual for one company and business as usual for another. The security policies of an organization can vary significantly depending on the type of business, the size of the company, and the level of risk associated with the data. These policies will determine how employees allowed to access data, how frequently they must change passwords, and other security measures.