Anomalous Access Locations are indicative of potentially compromised accounts or insider threats. This anomaly is detected when a user registers activity from an IP Address, Geographic Location or an Organization which is suspicious, block listed, or a competitor. In addition to detecting this with MVISION Cloud's block lists and UEBA, you can add competitor names, known bad IP addresses, and geographic locations to provide supervised learning.
That's where the filters are important. By fine tuning each filter, you can remove expected network activity noise and have MVISION Cloud focus attention on truly anomalous events.
To begin using Anomalous Access Locations, your policy manager or security team just needs to take a look at how the filters are enabled.
Step 1: View Anomalous Access Locations
Step 2: Baseline Anomalous Access locations
Step 3: Configure Anomalous Access Location Filters
Step 4: Manage anomalies.