Security System Using Pseudonyms to Anonymously Identify Entities and Corresponding Security Risk Related Behaviors

What is claimed is: 1 . A computer-implemented method for identifying security risks associated with a plurality of different entities, comprising: receiving a plurality of resolved events, wherein the plurality of resolved events are associated with the plurality of different entities using entity names; enriching the events of the plurality of resolved events with corresponding entity pseudonyms to thereby provide a plurality of pseudonymized events; executing security analytics operations on the plurality of pseudonymized events to identify user security risks; and using the entity pseudonyms to anonymously identify entities engaging in security risk related behaviors. 2 . The computer-implemented method of claim 1 , wherein pseudonymizing events of the plurality of resolved events comprises: identifying an entity name in a resolved event; determining whether the entity name is associated with a corresponding entity pseudonym; and if the entity name is associated with a corresponding entity pseudonym, enriching the resolved events with the corresponding entity pseudonym. 3 . The computer-implemented method of claim 1 , further comprising: storing the plurality of resolved events in persistent memory; and pseudonymizing the resolved events stored in the persistent memory in a batch operation to provide the plurality of pseudonymized events. 4 . The computer-implemented method of claim 1 , further comprising: generating the plurality of resolved events from a stream of raw events; pseudonymizing the plurality of resolved events in real-time as the plurality of resolved events are generated from the stream of raw events to provide the plurality of pseudonymized events. 5 . The computer-implemented method of claim 1 , further comprising: generating an entity pseudonym for an entity name through random selection of one or more words from one or more words lists, wherein multiple words in at least one of the one or more words lists are associated with a common domain; and storing the entity pseudonym for the entity in a data structure for use in pseudonymizing events of the plurality of events. 6 . The computer-implemented method of claim 5 , wherein the common domain includes one or more of a forename domain, a city domain, a color domain, or an animal domain. 7 . The computer-implemented method of claim 1 , further comprising: extracting features from the plurality of pseudonymized events; constructing a distribution of the features from the plurality of pseudonymized events; and analyzing the distribution of the features of the plurality of pseudonymized events to generate security risk scores associated with an entity pseudonym for presentation on an analytics interface. 8 . A system comprising: a processor; a data bus coupled to the processor; and a non-transitory, computer-readable storage medium embodying computer program code, the non-transitory, computer-readable storage medium being coupled to the data bus, the computer program code interacting with a plurality of computer operations and comprising instructions executable by the processor and configured for: receiving a plurality of resolved events, wherein the plurality of resolved events are associated with the plurality of different entities using entity names; enriching the events of the plurality of resolved events with corresponding entity pseudonyms to thereby provide a plurality of pseudonymized events; executing security analytics operations on the plurality of pseudonymized events to identify user security risks; and using the entity pseudonyms to anonymously identify entities engaging in security risk related behaviors. 9 . The system of claim 8 , wherein pseudonymizing events of the plurality of resolved events comprises: identifying an entity name in a resolved event; determining whether the entity name is associated with a corresponding entity pseudonym; and if the entity name is associated with a corresponding entity pseudonym, enriching the resolved event with the corresponding entity pseudonym. 10 . The system of claim 8 , further comprising: storing the plurality of resolved events in persistent memory; and pseudonymizing the resolved events stored in the persistent memory in a batch operation to provide the plurality of pseudonymized events. 11 . The system of claim 8 , further comprising: generating the plurality of resolved events from a stream of raw events; pseudonymizing events of the plurality of resolved events in real-time as the plurality of resolved events are generated from the stream of raw events to provide the plurality of pseudonymized events. 12 . The system of claim 8 , further comprising: generating an entity pseudonym for an entity name through random selection of one or more words from one or more words lists, wherein multiple words in at least one of the one or more words lists are associated with a common domain; and storing the entity pseudonym for the entity in a data structure for use in pseudonymizing events of the plurality of events. 13 . The system of claim 12 , wherein the common domain includes one or more of a forename domain, a city domain, a color domain, or an animal domain. 14 . The system of claim 8 , further comprising: extracting features from the plurality of pseudonymized events; constructing a distribution of the features from the plurality of pseudonymized events; and analyzing the distribution of the features of the plurality of pseudonymized events to generate security risk scores associated with an entity pseudonym for presentation on an analytics interface. 15 . A non-transitory, computer-readable storage medium embodying computer program code, the computer program code comprising computer executable instructions configured for: receiving a plurality of resolved events, wherein the plurality of resolved events are associated with the plurality of different entities using entity names; enriching the events of the plurality of resolved events with corresponding entity pseudonyms to thereby provide a plurality of pseudonymized events; executing security analytics operations on the plurality of pseudonymized events to identify user security risks; and using the entity pseudonyms to anonymously identify entities engaging in security risk related behaviors. 16 . The non-transitory, computer-readable storage medium of claim 15 , wherein pseudonymizing events of the plurality of resolved events comprises: identifying an entity name in a resolved event; determining whether the entity name is associated with a corresponding entity pseudonym; and if the entity name is associated with a corresponding entity pseudonym, enriching the resolved events with the corresponding entity pseudonym. 17 . The non-transitory, computer-readable storage medium of claim 15 , further comprising: storing the plurality of resolved events in persistent memory; and pseudonymizing the resolved events stored in the persistent memory in a batch operation to provide the plurality of pseudonymized events. 18 . The non-transitory, computer-readable storage medium of claim 15 , further comprising: generating the plurality of resolved events from a stream of raw events; and pseudonymizing events of the plurality of resolved events in real-time as the plurality of resolved events are generated from the stream of raw events to provide the plurality of pseudonymized events. 19 . The non-transitory, computer-readable storage medium of clai