About the Superhuman Anomalies Workflow
Superhuman Anomalies are a specific type of anomalous behavior where two activities take place, with the geographical distance that is not humanly traversable in the time in between the two activities. These activities trigger a Superhuman anomaly. There are plenty of reasonable explanations for some superhuman activities. For example, the use of VPNs or geographically separated valid network egress points. The difficulty is filtering out the non-anomalous (expected) events from the truly anomalous activities that must be investigated.
That's where the Superhuman Anomalies filters come into play. By fine-tuning each filter, you can remove expected network activity noise and have Skyhigh CASB focus attention on truly anomalous events. Superhuman Anomalies are handled the same way as Sanctioned IT anomalies. After the anomaly is triggered, you can mark them as resolved.
So how can your organization begin using Superhuman filters? By default, all tenants have Superhuman Anomalies enabled. So your policy manager or security team just needs to take a look at how the filters are enabled.
The Superhuman Anomalies workflow uses the following steps: