AppDynamics is an application performance management and IT operations analytics company based in San Francisco. The focus of their work and applications is to manage the performance of client’s applications across cloud computing environments and data centers.
To further provide aid to clients, AppDynamics looks at the security side of applications, considering how their users may be a threat. Half of all data breaches occur because of "trusted insiders," either via compromised credentials or malicious actions by authenticated users. Currently there are no commercial tools that track user actions to expose potential insider threats.
Our Insider Threat Detection system collects and stores actions performed by users. Using this data, our system works on a case-by-case basis to find each end user’s tendencies.
When an end user’s actions stray from their tendencies, it is evidence that their behavior could be a security threat. These potential threats are shown on a dashboard. Threats are shown in order of the time of occurrence, rated from high risk threat to minor disruption in pattern.
From the dashboard, a system administrator can take action against any detected potential threat.
Our system automatically takes action against users who are determined to be a definite threat. A system administrator is contacted if the threat is determined to be high risk. They are informed of both the threat and the action taken.
Our software detects and flags suspicious behavior and brings it to the attention of administrators for quick and easy handling, allowing security leaks from insiders to be caught early.
Our threat detection algorithm is created using Python and utilizes AppDynamics APIs to acquire the data. The dashboard is built using HTML and Flask.