USER ENTITY BEHAVIORAL ANALYSIS FOR PREVENTATIVE ATTACK SURFACE REDUCTION

Features of the present disclosure solve the above-identified problem by implementing user and entity behavior analytics (UEBA) system to group one or more computer machines into different clusters based on monitored behavior of the one or more computer machines. Specifically, a network device (e.g., administrator computer system) may monitor the activity of the one or more computer machines for apredetermined time period in order to identify the applications that the computer machines utilize. Based on the clustering and the identifying, the network device may automatically apply different access control policies for different clusters of machines and review those access control policies against future behavior periodically. By clustering machines based on usage behavior patterns and automatically recommending a rule set for deployment, the UEBA system may reduce potential points of failure for cybersecurity breaches. 本公开的特征通过实现用户和实体行为分析(UEBA)系统以基于一个或多个计算机机器的被监测行为来将一个或多个计算机机器分组到不同集群中来解决上述问题。具体地，网络设备(例如，管理员计算