Abstract: A system and method for fingerprint-based network mapping of cyber-physical assets, including a distributed operating system, parameter evaluation engine, at least one cyber-physical asset, at least one crypt-ledger, a network, and a scanner that retrieves stored fingerprint records and performs scans of cyber-physical assets to compare against corresponding fingerprints and update a cyber-physical graph based on the success or failure of fingerprint matching.

Abstract: A system and method for self-adjusting cybersecurity analysis and score generation, wherein a reconnaissance engine gathers data about a client's computer network from the client, from devices and systems on the client's network, and from the Internet regarding various aspects of cybersecurity. Each of these aspects is evaluated independently, weighted, and cross-referenced to generate a cybersecurity score by aggregating individual vulnerability and risk factors together to provide a comprehensive characterization of cybersecurity risk using a transparent and traceable methodology. The scoring system itself can be used as a state machine with the cybersecurity score acting as a feedback mechanism, in which a cybersecurity score can be set at a level appropriate for a given organization, and data from clients or groups of clients with more extensive reporting can be used to supplement data for clients or groups of clients with less extensive reporting to enhance cybersecurity analysis and scoring.

Abstract: A system and method for self-adjusting cybersecurity analysis and score generation, wherein a reconnaissance engine gathers data about a client's computer network from the client, from devices and systems on the client's network, and from the Internet regarding various aspects of cybersecurity. Each of these aspects is evaluated independently, weighted, and cross-referenced to generate a cybersecurity score by aggregating individual vulnerability and risk factors together to provide a comprehensive characterization of cybersecurity risk using a transparent and traceable methodology. The scoring system itself can be used as a state machine with the cybersecurity score acting as a feedback mechanism, in which a cybersecurity score can be set at a level appropriate for a given organization, and data from clients or groups of clients with more extensive reporting can be used to supplement data for clients or groups of clients with less extensive reporting to enhance cybersecurity analysis and scoring.

Abstract: A system for automatically creating and merging ontological databases from heterogeneous data sets and for conducting context-based searches, inference, and deduction using those databases. The system has an automated ontology engine which receives data, analyzes it to identify implicit relationships in between its elements, and organizes it into ontologies. The automated index generator creates a searchable index of the created ontologies and instances. The semantic search engine performs context-based searches, inference and deduction based on the index of ontologies and contextual information about the search query and the user or models relating to the constructed knowledge base comprising new relationships not in the original data.

Abstract: A system for web-rendering data-dense geographical regions that correspond to heterogenous sourced data and formats for highly scalable parallel simulations, comprising a multi-dimensional time-series database enabling single-query support over all simulations via individual simulation swimlanes.

Abstract: A system for programmatic and user interactive inclusion of time-series geospatial markers in analyses employing a cyber-decision platform has been developed comprising a module to retrieve an indexed geospatial image tiles and map overlay data corresponding to tiles. The system may attach a unique geo-hash label to each point of an indexed geospatial image tile based upon the point's geographical coordinates such that points in close proximity will have similar geo-hash values. A web application interface allows users to interactively retrieve and visualize indexed geospatial image tiles, add map overlays and create geo-hashes as desired.

Abstract: A system and methods for mitigating Kerberos ticket attacks within a domain is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to retrieve the new authentication object from the authentication object inspector, calculate a cryptographic hash for the new authentication object, and store the cryptographic hash for the new authentication object in a data store; wherein subsequent access requests accompanied by authentication objects are validated by comparing hashes for each authentication object to previous generated hashes.

Abstract: A system and method for cybersecurity reconnaissance, analysis, and scoring that uses distributed, cloud-based computing services to provide sufficient scalability for analysis of enterprise IT networks using only publicly available characterizations. The system and method comprise an in-memory associative array which manages a queue of vulnerability search tasks through a public-facing proxy network. The public-facing proxy network has search nodes configurable to present the network to search tools in a desired manner to control certain aspects of the search to obtain the desired results. A distributed data processing engine and cloud-based storage are used to provide scalable computing power and storage. A data packet modifier is used to reveal the IP address of a threat actor behind a port scan and subsequently block the threat actor. Each of the cloud-based computing services is containerized and orchestrated for management and efficient scaling purposes.

Abstract: A system for improving a distributable model with distributed data is provided, comprising a network-connected distributable model source configured to serve instances of a distributable model; and a directed computation graph module configured to receive at least an instance of the distributable model from the network-connected computing system, create a cleansed dataset from data stored in the memory with at least biases within the data stored in memory corrected, train the instance of the distributable model with the cleansed dataset, and generate an update report based at least in part by updates to the instance of the distributable model.

Abstract: A system for risk-based multi-factor authentication having a multi-dimensional time series data server configured to monitor and record a network's traffic data and to serve the traffic data to other modules and a directed computation graph module configured to receive network traffic data from the multi-dimensional time series data server, determine a network traffic baseline from the network traffic data, and determine a verification score needed before granting access based at least in part by the network traffic baseline. A plurality of verification methods build up a user's verification score to required level to gain access.

Abstract: A system for detecting and mitigating attacks using forged authentication objects within a domain is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to retrieve the new authentication object from the authentication object inspector, calculate a cryptographic hash for the new authentication object, and store the cryptographic hash for the new authentication object in a data store; wherein subsequent access requests accompanied by authentication objects are validated by comparing hashes for each authentication object to previous generated hashes.

Abstract: A system and method for cybersecurity reconnaissance, analysis, and scoring that uses distributed, cloud-based computing services to provide sufficient scalability for analysis of enterprise IT networks using only publicly available characterizations. The system and method comprise an in-memory associative array which manages a queue of vulnerability search tasks through a public-facing proxy network. The public-facing proxy network has search nodes configurable to present the network to search tools in a desired manner to control certain aspects of the search to obtain the desired results. A distributed data processing engine and cloud-based storage are used to provide scalable computing power and storage. Each of the cloud-based computing services is containerized and orchestrated for management and efficient scaling purposes.

Abstract: A system and methods for detecting and mitigating SAML forgery and manipulation attacks against services is provided, comprising a policy manager configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to create a unique identifier for each valid authentication session; wherein subsequent access requests accompanied by authentication objects are validated by checking for a valid unique identifier.

Abstract: A system and method for providing time-series geospatial data and a world-scale simulation platform used to generate simulated-world environments by rendering data-dense geographical regions corresponding to heterogenous sourced data and formats for highly scalable parallel simulations, and comprised of a multi-dimensional time-series database used for enabling query support across multiple simulations via individual simulation and entity swimlanes for cyber, physical and cyber-physical entities and regions.

Abstract: A system and method for analyzing integrated operational technology and information technology systems with sufficient granularity to predict key elements of their composite behavior. The system and method involve creating high-fidelity models of the operational technology and information technology systems using one or more cyber-physical graphs, performing parametric analyses of the models to identify key components, scaling the parametric analyses of the models to analyze the key components at a greater level of granularity, and iteratively improving the models via ongoing search and testing against observed data from the real-world systems.

Abstract: A system and methods for mitigating Kerberos ticket attacks within a domain is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to retrieve the new authentication object from the authentication object inspector, calculate a cryptographic hash for the new authentication object, and store the cryptographic hash for the new authentication object in a data store; wherein subsequent access requests accompanied by authentication objects are validated by comparing hashes for each authentication object to previous generated hashes.

Abstract: A system and method to identify and prevent cybersecurity attacks on modern, highly-interconnected networks, to identify attacks before data loss occurs, using a combination of human level, device level, system level, and organizational level monitoring.

Abstract: A system and method for analyzing integrated operational technology and information technology systems with sufficient granularity to predict their behavior with a high degree of accuracy. The system and method involve creating high-fidelity models of the operational technology and information technology systems using one or more cyber-physical graphs, performing parametric analyses of the models to identify key components, scaling the parametric analyses of the models to analyze the key components at a greater level of granularity, and iteratively improving the models testing them against in-situ data from the real-world systems represented by the high-fidelity models.

Abstract: A system and method for a highly scalable distributed connection interface for data capture from multiple network service sources. The connection interface is designed to enable simple to initiate, performant and highly available input/output from a large plurality of external networked service's and application's application programming interfaces (API) to the modules of an integrated predictive business operating system. To handle the high volume of information exchange, the connection interface is distributed and designed to be scalable and self-load-balancing. The connection interface possesses robust expressive scripting capabilities that allow highly specific handling rules to be generated for the routing, transformation, and output of data within the business operating system.

Abstract: A system for multitemporal data analysis is provided, comprising a directed computation graph service module configured to receive input data from a plurality of sources, analyze the input data to determine a best course of action for analyzing the input data, and split the input data for queueing to a general transformer service module or a decomposable service module based at least in part by analysis of the input data; a general transformer service module configured to receive data from the directed computation graph service module, and perform analysis on the received data; and a general transformer service module configured to receive data from directed computational graph module, and perform analysis on the received data.