Is there any software to detect suspicious network account activity?
By suspicious I mean i.e. an account that
- is connected locally and at the same time, an access from the internet (webmail on Exchange) is logged
- account that on file server (Windows) is downloading excessive resources
and ideally self-learning from past patterns, like:
- account (employee) that always logged only on weekdays during the past, now logged on late night weekend
etc.
Environment is Windows Servers domain, hundreds of AD accounts (employees)