Generating user-specific polygraphs for network activity

What is claimed is: 1. A method comprising: gathering information describing network activity associated with a user; and generating, based on the information, a user-specific visualization comprising a graph of a plurality of linked visual representations, wherein the plurality of linked visual representations comprises one or more first visual representations corresponding to one or more destinations accessed by the user and one or more second visual representations linked describing access to the one or more destinations and to the one or more first visualizations, wherein the one or more destinations share a same destination type, wherein the same destination type comprises a Software-as-a-Service (SaaS) application. 2. The method of claim 1 wherein the same destination type comprises a private application. 3. The method of claim 1 wherein the same destination type comprises document. 4. The method of claim 1 wherein the same destination type comprises a shadow application. 5. The method of claim 1 wherein the same destination type comprises a website, and wherein the method further comprises: calculating, for each website of one or more websites, a risk score based on a degree of deviation from normal browsing activity for the user; and wherein generating the user-specific visualization comprises generating the user-specific visualization to include visual representations of those of the one or more websites having a corresponding risk score exceeding a threshold. 6. The method of claim 1 further comprising: determining, based on the information, that the network activity deviates from normal activity for the user and including, in the user-specific visualization, an alert that the network activity deviates from normal activity for the user. 7. The method of claim 1 wherein the one or more second visual representations correspond to one or more access types for the network activity. 8. The method of claim 1 wherein the one or more second visual representations correspond to one or more access time groupings for the network activity. 9. A computer program product disposed on a non-transitory computer readable medium, the computer program product including computer program instructions configurable to carry out the steps of: gathering information describing network activity associated with a user; and generating, based on the information, a user-specific visualization comprising a graph of a plurality of linked visual representations, wherein the plurality of linked visual representations comprises one or more first visual representations corresponding to one or more destinations accessed by the user and one or more second visual representations linked describing access to the one or more destinations and to the one or more first visualizations, wherein the one or more destinations share a same destination type, wherein the same destination type comprises a Software-as-a-Service (SaaS) application. 10. The computer program product of claim 9 wherein the same destination type comprises a private application. 11. The computer program product of claim 9 wherein the same destination type comprises document. 12. The computer program product of claim 9 wherein the same destination type comprises a shadow application. 13. The computer program product of claim 9 wherein the same destination type comprises a website, and wherein the steps further comprise: calculating, for each website of one or more websites, a risk score based on a degree of deviation from normal browsing activity for the user; and wherein generating the user-specific visualization comprises generating the user-specific visualization to include visual representations of those of the one or more websites having a corresponding risk score exceeding a threshold. 14. The computer program product of claim 9 wherein the steps further comprise: determining, based on the information, that the network activity deviates from normal activity for the user and including, in the user-specific visualization, an alert that the network activity deviates from normal activity for the user. 15. The computer program product of claim 9 wherein the one or more second visual representations correspond to one or more access types for the network activity. 16. The computer program product of claim 9 wherein the one or more second visual representations correspond to one or more access time groupings for the network activity.