Cyber security system with adaptive machine learning features

What is claimed is: 1. A system comprising: a server configured to manage cyber security for a plurality of user devices belonging to an enterprise; and a user device comprising: an interface component configured to communicate with the server over a network; a hardware processor that implements a machine learning function configured to monitor user interactions with the user device over time to establish a use profile, to detect anomalous use of the user device based on a variance from the use profile, to input the anomalous use into the machine learning function to determine that the anomalous use is representative of a security threat to the enterprise, to control the user device to automatically initiate recording behavior of the security threat in memory based on an output of the machine learning function, and to report the behavior of the security threat to the server via the interface; and another user device managed by the server that is associated with the user device, wherein the machine learning function is configured, in response to detecting the anomalous use of the user device, to send an instruction to the another user device to validate whether an authorized user is in proximity of the another user device, and wherein the server is configured to analyze the behavior of the security threat to profile attack patterns for the user devices belonging to the enterprise. 2. The system of claim 1 wherein: the server is configured to detect that the user device is compromised by the security threat, and to postpone invalidating communication of the user device to the server via the network for a period of time; and the machine learning function operating on the user device is configured to record and report the behavior of the security threat to the server over the network via the interface component during the period of time. 3. The system of claim 1 wherein: the behavior of the security threat includes one or more of keystroke data, audio data, image data, application use data, or file access request data. 4. The system of claim 1 wherein: the machine learning function is configured to restrict capability of the user device to enable increased amounts of data collection related to the behavior of the security threat. 5. The system of claim 1 wherein: the machine learning function is configured to instruct the user device to activate at least one hardware component including one of a microphone, a camera, and a network interface component, and to record the behavior of the security threat by monitoring the at least one hardware component. 6. The system of claim 1 wherein: the user device includes a wireless interface component; and the machine learning function is configured to instruct the user device to activate the wireless interface component to spoof a wireless network, to collect information of a wireless device that connects to the wireless network, and to report the information of the wireless device to the server over the network. 7. The system of claim 1 wherein: the machine learning function is configured to identify sensitive information stored in memory of the user device that is susceptible to the security threat, to identify an incorrect data set in the memory of the user device that is associated with the sensitive information, and to provide the incorrect data set in response to a request to access the sensitive information. 8. The system of claim 7 further comprising: a remote server that implements a machine learning system configured to receive information regarding the behavior of the security threat, and to provide the incorrect data set for the user device based on a characteristic of the security threat output from the machine learning system. 9. The system of claim 1 wherein: the hardware processor implements the machine learning function in one of a protected memory on top of an operating system kernel of the user device, or a hardware abstraction layer of the user device. 10. A method comprising: communicating, via an interface component of a user device, with a server that manages cyber security for a plurality of user devices belonging to an enterprise; implementing a machine learning function with a processor of the user device; monitoring user interactions with the user device over time to establish a use profile; detecting anomalous use of the user device based on a variance from the use profile; identifying another user device managed by the server that is associated with the user device; in response to detecting the anomalous use of the user device, sending an instruction to the another user device to validate whether an authorized user is in proximity of the another user device; determining the anomalous use is representative of a security threat to the enterprise based on input of the anomalous use into the machine learning function; controlling the user device to automatically initiate recording behavior of the security threat based on an output of the machine learning function; reporting the behavior of the security threat to the server; and analyzing, at the server, the behavior of the security threat to profile attack patterns for the user devices belonging to the enterprise. 11. The method of claim 10 further comprising: responsive to detecting that the user device is compromised by the security threat, postponing, at the server, an invalidation of communication of the user device to the server via a network for a period of time; and reporting the behavior of the security threat to the server over the network via the interface component during the period of time. 12. The method of claim 10 wherein further comprising: the behavior of the security threat includes one or more of keystroke data, audio data, image data, application use data, or file access request data. 13. The method of claim 10 further comprising: identifying sensitive information stored in memory of the user device that is susceptible to the security threat; identifying an incorrect data set in the memory of the user device that is associated with the sensitive information; and providing the incorrect data set in response to a request to access the sensitive information. 14. A non-transitory computer readable medium embodying programmed instructions executed by a processor, wherein the instructions direct the processor to: communicate, via an interface component of a user device, with a server that manages cyber security for a plurality of user devices belonging to an enterprise; implement a machine learning function with the user device; monitor user interactions with the user device over time to establish a use profile; detect anomalous use of the user device based on a variance from the use profile; identify another user device managed by the server that is associated with the user device; in response to detecting the anomalous use of the user device, send an instruction to the another user device to validate whether an authorized user is in proximity of the another user device; determine the anomalous use is representative of a security threat to the enterprise based on input of the anomalous use into the machine learning function; control the user device to automatically initiate recording behavior of the security threat in memory based on an output of the machine learning function; report the behavior of the security threat to the server; and analyze, at the server, the behavior of the security threat to profile attack patterns for the user devices belonging to the enterprise. 15. The computer readable medium of claim 1