Anomaly Detection
Behavioral analytics that learn what normal looks like — and flag what doesn't.
Behavioral Analytics
Continuous monitoring that builds per-user baselines and flags deviations before data leaves.
- User behavioral baselines learned over time from upload, download, and access patterns
- Peer group comparison for insider threat detection — flags behavior that diverges from similar roles
- Time-weighted risk scoring: off-hours and weekend activity weighted higher than business-hour access
- Velocity anomalies detect unusual download speeds that deviate from user norms
- Volume anomalies flag when a user transfers more files than their typical pattern
- Time anomalies surface access at unusual hours relative to the user's historical schedule
- Automated security alerts with admin notification and configurable escalation workflows
Risk Scoring
Organization-wide and per-user risk scores with historical tracking, severity levels, and trend visualization.
- Organization-level risk score aggregated from all user activity
- Per-user risk scores with historical tracking across sessions
- Severity levels (warning, error) based on configurable thresholds
- Alert status tracking: open, acknowledged, and resolved states with audit trail
- 30-day trend visualization for identifying gradual behavioral shifts
Beyond traditional MFT
Most managed file transfer platforms were designed before modern threats existed. Here is how MnemoShare compares.
| Capability | Traditional MFT | MnemoShare |
|---|---|---|
| Detection approach | Manual log review after incidents | Real-time behavioral baselines with automated anomaly scoring |
| Insider threats | No insider threat detection | Peer group comparison flags unusual behavior relative to role |
| Timing awareness | No time-based analysis | Time-weighted risk scoring — off-hours and weekend activity weighted higher |
| Response | Discover breaches after the fact | Automated alerts with escalation before data leaves |
| Historical context | Point-in-time logs only | Baselines learned over time, trends tracked over 30 days |
Real-world use cases
Departing employee detection
Employee under notice period downloads 3 years of client files at 2 AM. Behavioral baseline flags volume anomaly (10x normal) + time anomaly (off-hours). Admin receives alert before data exfiltration completes.
Compromised credential detection
Attacker uses stolen credentials from normal IP range. Behavioral analytics detect download velocity 50x above peer group baseline. Alert triggers within minutes, not days.
Compliance monitoring
Compliance officer reviews weekly risk scores across the organization. Trending risk score increase in the finance team triggers a review of access patterns, revealing an over-provisioned service account.
Frequently asked questions
- How does MnemoShare learn normal behavior?
- MnemoShare builds behavioral baselines per user over time, tracking download/upload volumes, access times, file types, and peer group patterns. The system uses time-weighted scoring where recent behavior matters more than older patterns.
- What triggers an anomaly alert?
- Alerts trigger when user behavior deviates significantly from their baseline or peer group. Factors include velocity (download speed), volume (number of files), timing (off-hours access), and combinations of these factors. Each factor contributes to a composite risk score.
- Can anomaly detection catch insider threats?
- Yes. Peer group comparison detects when a user's behavior diverges from colleagues in similar roles. A finance analyst downloading engineering documents or an HR manager accessing 10x more files than peers would both trigger alerts.
Ready to see MnemoShare in action?
Start a free trial, schedule a walkthrough, or dive into the docs.