Systems, methods, and apparatus for identifying anomalous behavior are provided. For example, a method may include receiving raw data, generating a behavior profile for the entity based on the raw data, receiving comparison data, determining whether the comparison data deviates from a pattern of behavior defined in the behavior profile, and identifying the comparison data as anomalous behavior when the comparison data deviates from the pattern of behavior. In one embodiment, the raw data includes recorded activity for the entity. In one embodiment, the behavior profile defines a pattern of behavior for the entity. In one embodiment, a countermeasure is performed upon identifying anomalous behavior. The countermeasure may include at least one of revoking the entity's credentials, denying the entity access to a resource, shutting down access to a port, and denying access to the entity. The method may further include providing a report of the anomalous behavior.