A computerized method of classifying network accessible storage transactions at network accessible storage. The method comprises obtaining an client predictive security model for anomaly or malfunctioning detection, the client predictive security model is dynamically created by an analysis of a plurality of client transactions made to access target data stored in an client computing device, monitoring a plurality of network accessible storage transactions made to access a replica of the target data when the replica is stored in an network accessible storage, and classifying at least some of the plurality of network accessible storage transactions based on the client predictive security model.