Feature-agnostic behavior profile based anomaly detection

What is claimed is: 1. A method comprising: determining at least one low-variance characteristic corresponding to a user of an electronic device used to access a resource provided via a secure environment, wherein low-variance characteristics correspond to events and conditions that occur relatively infrequently for the user; comparing the at least one low-variance characteristic to an expected result for the corresponding one or more low-variance characteristics, wherein the expected result is based on a user profile that incorporates, for each of the one or more low-variance characteristics, a user baseline median behavior, an expected variance of user behavior, and a user abnormal behavior threshold; determining at least one high-variance characteristic corresponding to the user if the at least one low-variance characteristic is within the expected variance of user behavior; taking a first security response action in response to the at least one low-variance characteristic not being within the expected variance of user behavior; comparing the at least one high-variance characteristic to an expected result for the corresponding one or more high-variance characteristics, wherein the at least one high-variance characteristic is utilized to provide dimension reduction as compared to raw features; allowing access to the resource provided via the secure environment if the at least one high-variance characteristic is within a pre-selected acceptable range of the expected results; and taking a second security response action in response to the at least one high-variance characteristic not being within the pre-selected acceptable range of the expected results. 2. The method of claim 1 wherein the at least one low-variance characteristics comprise one or more of: the electronic device operating system and a hardware computing device being used. 3. The method of claim 1 wherein the at least one low-variance characteristics comprise at least a user identity corresponding to the low-variance characteristics. 4. The method of claim 1 wherein the low-variance characteristics comprise a lowest M dimensions that represent no more than a pre-selected percentage of total variance. 5. The method of claim 1 wherein the high-variance characteristics comprise a top N dimensions that represent pre-selected percentage of total variance. 6. The method of claim 1 wherein the resource is provided from within an on-demand services environment. 7. The method of claim 6 wherein the on-demand services environment comprises at least a multitenant database environment in which the multitenant database environment provides each of multiple organizations with a dedicated share of a software instance including one or more of organization-specific data, user management, organization-specific functionality, configuration, customizations, non-functional properties and associated applications. 8. A non-transitory computer-readable medium having stored thereon instructions that, when executed by one or more processors, are configurable to cause the one or more processors to: determine at least one low-variance characteristic corresponding to a user of an electronic device used to access a resource provided via a secure environment, wherein low-variance characteristics correspond to events and conditions that occur relatively infrequently for the user; compare the at least one low-variance characteristic to an expected result for the corresponding one or more low-variance characteristics, wherein the expected result is based on a user profile that incorporates, for each of the one or more low-variance characteristics, a user baseline median behavior, an expected variance of user behavior, and a user abnormal behavior threshold; determine at least one high-variance characteristic corresponding to the user if the at least one low-variance characteristic is within the expected variance of user behavior; take a first security response action in response to the at least one low-variance characteristic not being within the expected variance of user behavior; compare the at least one high-variance characteristic to an expected result for the corresponding one or more high-variance characteristics, wherein the at least one high-variance characteristic is utilized to provide dimension reduction as compared to raw features; allow access to the resource provided via the secure environment if the at least one high-variance characteristic is within a pre-selected acceptable range of the expected results; and take a second security response action in response to the at least one high-variance characteristic not being within the pre-selected acceptable range of the expected results. 9. The non-transitory computer-readable medium of claim 8 wherein the at least one low-variance characteristics comprise one or more of: the electronic device operating system and a hardware computing device being used. 10. The non-transitory computer-readable medium of claim 8 wherein the at least one low-variance characteristics comprise at least a user identity corresponding to the low-variance characteristics. 11. The non-transitory computer-readable medium of claim 8 wherein the low-variance characteristics comprise a lowest M dimensions that represent no more than a pre-selected percentage of total variance. 12. The non-transitory computer-readable medium of claim 8 wherein the high-variance characteristics comprise a top N dimensions that represent pre-selected percentage of total variance. 13. The non-transitory computer-readable medium of claim 8 wherein the resource is provided from within an on-demand services environment. 14. The non-transitory computer-readable medium of claim 13 wherein the on-demand services environment comprises at least a multitenant database environment in which the multitenant database environment provides each of multiple organizations with a dedicated share of a software instance including one or more of organization-specific data, user management, organization-specific functionality, configuration, customizations, non-functional properties and associated applications. 15. A system comprising: a memory device; one or more hardware processors coupled with the memory device, the one or more hardware processors configurable to determine at least one low-variance characteristic corresponding to a user of an electronic device used to access a resource provided via a secure environment, wherein low-variance characteristics correspond to events and conditions that occur relatively infrequently for the user, to compare the at least one low-variance characteristic to an expected result for the corresponding one or more low-variance characteristics, wherein the expected result is based on a user profile that incorporates, for each of the one or more low-variance characteristics, a user baseline median behavior, an expected variance of user behavior, and a user abnormal behavior threshold, to determine at least one high-variance characteristic corresponding to the user if the at least one low-variance characteristic is within the expected variance of user behavior, to take a first security response action in response to the at least one low-variance characteristic not being within the expected variance of user behavior, to compare the at least one high-variance characteristic to an expected result for the corresponding one or more high-variance characteristics, wherein the at least one high-variance characteristic is utilized to provide dimension reduction as compared to raw features, to allow access to the resource provided via the secure environment i