US Patent 11308205 Security tool for preventing internal data breaches

A security tool analyzes database queries of internal users to determine if these users accessed information in a manner that deviates from established and/or expected access patterns. The security tool can also analyze the behavior of a group of internal users to determine whether that behavior deviates from expected access patterns. The security tool then determines security risks corresponding to the users' access. If any of the security risks exceeds a threshold, then the security tool takes remedial action (e.g., preventing one or more users from accessing information). In this manner, internal data breaches can be detected and prevented. Additionally, in certain embodiments, an internal data breach can be prevented before the internal data breach even occurs.