MVISION Cloud relies on McAfee Global Threat Intelligence (GTI) to scan data for malware signatures. MVISION Cloud can detect the following unusual cloud activity: botnets exfiltrating data via shadow cloud services by leveraging algorithms.
- Probabilistic TF-IDF Ranking. Multidimensional probabilistic weights based inverse indices for computed at a user-URL level. The indices provide a coloring scheme to differentiate esoteric URLs (top indices) from the popular/noisy URLs (bottom indices). Esoteric URLs are furthered analyzed in a multi-customer setting.
- Discrete Fourier Transforms (DFT). The Piccolo algorithm is used along with Akaike Information Criterion to detect short and multiple periodicities in the cloud activity patterns by users for a pre-determined set of suspected URLs (using probabilistic TF-IDF ranking). The DFT coefficients help identify programmatic behaviors while variance filtering techniques help in reducing the false-positives.