Method and system for identifying security risks using graph analysis

摘要

Methods, systems, apparatus, and non-transitory computer readable media are described for identifying users who are likely to have unauthorized access to secure data files in an organizational network. Various aspects may include presenting the identified users on a display for a system administrator and/or security analyst to resolve. For example, the display may include a graph data structure with users represented as nodes and connections between users represented as edges. Each connection may be a pair of users belonging to the same security group. Nodes of the graph data structure may be clustered to indicate that each of the users in the cluster belong to the same security group. Moreover, the users who are connected to multiple clusters may be identified as a potential risk of having unauthorized access to secure data files. The authorized access may then be remedied or taken away.