Lucas Ko presented on detecting insider threats in the cloud using User and Entity Behavior Analytics (UEBA). The system collects Google Drive access logs and the directory tree structure to build a collaborative filtering recommendation model. It detects anomalies by measuring file proximity scores based on access behaviors and flagging uncommon cross-group access. The system was able to identify high-risk users improperly collecting files, compromised accounts, and a shared account being abused in case studies.