| 主权项 |
1. A computer implemented method for automatically monitoring access of enterprise data on a plurality of client computers, thereby detecting anomalous access activity and protecting against leakage of enterprise data, the method comprising the steps of:
receiving log information from multiple ones of the plurality of client computers, log information received from a specific client computer identifying specific units of enterprise data accessed on the specific client computer and information concerning context in which the specific units were accessed; amalgamating received log information concerning access of specific units of enterprise data on multiple client computers over a period of time; performing statistical analysis on amalgamated log information received from multiple client computers and concerning access of specific units of enterprise data on multiple computers over time, thereby determining at least one access baseline concerning access of specific units of enterprise data on multiple computers over time for enterprise data over the period of time, by the computer, wherein the at least one baseline concerns geographic locations from which a specific unit of enterprise data is accessed over the period of time, based on amalgamated log information concerning access of the specific unit of enterprise data on multiple client computers; detecting an anomalous access of enterprise data as measured against at least one determined access baseline; and automatically outputting an alert documenting the detected anomalous access in response to detecting the anomalous access of enterprise data. |
