Understanding Anomalies

One threat individuals in your organization can face is the takeover of their account(s). SonicWall Cloud App Security can detect this by analyzing unusual behavior an account user, such:

• logins to an account from new browsers, devices, or locations
• suspicious email activity or configurations, such as deleting all incoming email messages or forwarding messages to an external account or domain
• email account configurations that are insecure or make extensive use of filters, forwarding, or secondary accounts
• accounts where two-factor authentication has been disabled
• suspicious internal emails, often with multiple recipients
• multiple account password resets within an unusually short period of time
• changes in the grouping of contacts in emails messages or mailing lists
• changes in the usual characteristics of user sessions (such as the time of day, length of login session, or applications used)

 

• Managing Anomaly Exceptions