Intelligent monitoring of backup, recovery and anomalous user activity in data storage systems

What is claimed is: 1. A computer-implemented method of detecting anomalous user behavior in a computer network, comprising: defining key performance indicators for user behavior of a plurality of users in the computer network; collecting behavior statistics for each of the users with respect to each of the key performance indicators; defining normal behavior for each user with respect to the key performance indicators; detecting anomalous behavior of a user for a key performance indicator based on the behavior statistics of the user compared to the defined normal behavior of the user for the key performance indicator; and sending a notification to administrative personnel user upon detection of the anomalous behavior. 2. The method of claim 1 wherein the key performance indicators include at least one of: frequency of user login to the computer system, length of login, initiated and role-based activities with respect to data assets in the computer system, number of failed login attempts, and login location. 3. The method of claim 2 further comprising defining one or more threshold values for each of the key performance indicators to differentiate the normal behavior from the anomalous behavior. 4. The method of claim 3 wherein the defined threshold values comprise two different threshold value, and wherein a first notification is generated and sent to the user upon a KPI value exceeding a first threshold value but not a second threshold value, and a second notification is generated and sent to the user upon a KPI value exceeding the second threshold value. 5. The method of claim 1 wherein administrative personnel comprise information technology (IT) security personnel, and wherein the notifications are sent to the administrative personnel through a notification service or a user interface service as at least one of: an e-mail message, a short text message, a social network message, and a web browser based message. 6. The method of claim 4 further comprising: defining one or more anomaly detection conditions to define abnormal user behavior in the computer network using the defined threshold values; and applying an anomaly detection policy to the collected behavior statistics to define the anomalous behavior. 7. The method of claim 6 wherein the anomaly detection policy comprises an algorithm applied to one or more of the data assets, and one or more notification rules. 8. The method of claim 7 wherein the algorithm is selected from the group consisting of: simple comparison against the defined threshold values, moving average, auto regressive, a prediction algorithm, and exponential smoothing. 9. The method of claim 7 wherein a data asset comprises a dataset desired to be backed up by the user comprising at least one of: a file, a directory, a file system, and a database; and further wherein the key performance indicators are divided into subsystem or metadata types, including asset metadata, network metadata, backup metadata, and user customized metadata. 10. The method of claim 1 further comprising: saving the collected behavior data and the detected anomalous behavior statistics to a database; generating a report showing user behavior including the detected anomalous behavior over time; and providing detailed graphical and textual information regarding the detected anomalous behavior from the collected performance data and system information stored in the database. 11. A computer-implemented method of providing minimizing data risk by user behavior in a computer system, comprising: collecting user behavior data for key performance indicators for defined metrics collected for each user of the computer system; defining an anomaly detection policy to define anomalous user behavior in the computer system using defined threshold values for each of the key performance indicators, wherein the policy comprises an algorithm applied to one or more data assets, and one or more notification rules; applying the anomaly detection policy to a user to detect anomalous behavior by the user; and sending a notification to administrative personnel upon a detected instance of the anomalous user behavior. 12. The method of claim 11 wherein the key performance indicators include at least one of: frequency of user login to the computer system, length of login, initiated and role-based activities with respect to data assets in the computer system, number of failed login attempts, and login location. 13. The method of claim 11 wherein the defined threshold values comprise two different threshold value, and wherein a first notification is generated and sent to the user upon a KPI value exceeding a first threshold value but not a second threshold value, and a second notification is generated and sent to the user upon a KPI value exceeding the second threshold value. 14. The method of claim 13 wherein the algorithm is selected from the group consisting of: simple comparison against the defined threshold values, moving average, auto regressive, a prediction algorithm, and exponential smoothing. 15. The method of claim 11 wherein administrative personnel comprise information technology (IT) security personnel, and wherein the notifications are sent to the administrative personnel through a notification service or a user interface service as at least one of: an e-mail message, a short text message, a social network message, and a web browser based message. 16. The method of claim 15 wherein a data asset comprises a dataset desired to be backed up by the user comprising at least one of: a file, a directory, a file system, and a database; and further wherein the key performance indicators are divided into subsystem or metadata types, including asset metadata, network metadata, backup metadata, and user customized metadata. 17. The method of claim 11 further comprising: saving the collected behavior data and the detected anomalous behavior statistics to a database; generating a report showing user behavior including the detected anomalous behavior over time; and providing detailed graphical and textual information regarding the detected anomalous behavior from the collected performance data and system information stored in the database. 18. A system for detecting anomalous user behavior in a computer network, comprising: an agent running in a user host system containing data assets to be protected, and collecting user behavior statistics for key performance indicators defining certain activities of users of the network and the data assets; a key performance monitoring service running on a data protection system coupled to the host system and generating key performance indicator events from the collected behavior statistics from the agent; an anomaly detection service running on a data protection system coupled to the host system detecting anomaly alerts from scans triggered by key performance indicator events received from the key performance monitoring service; and a notification service receiving anomaly alert events from the anomaly detection service and generating notification messages to be transmitted to administrative personnel in accordance with one or more notification rules. 19. The system of claim 18 wherein the key performance indicators include at least one of: frequency of user login to the computer system, length of login, initiated and role-based activities with respect to data assets in the computer system, number of failed login attempts, and login location. 20. The system of claim 19 further c