Abstract: A system and method to identify and prevent cybersecurity attacks on modern, highly-interconnected networks, to identify attacks before data loss occurs, using a combination of human level, device level, system level, and organizational level monitoring.

Abstract: A system for predictive analysis of very large data sets using a distributed computational graph that intelligently combines processing of a current data stream with the ability to retrieve relevant stored data in such a way that conclusions or actions may be drawn in a predictive manner. The system has a pipeline construction module that allows a user to construct a streaming analytic workflow using modular building blocks, each of which represents either an environmental orchestration stage or a data processing stage of a streaming analytic workflow, and has a pipeline processing module that receives a data stream and constructs a directed computational graph by processing the data stream through the streaming analytic workflow. The directed computational graph is used to analyze the data stream.

Abstract: A system and method for the contextualization and management of collaborative databases in an adversarial information environment. The system and method feature the ability to scan for, ingest and process, and then use relational, wide column, and graph stores for capturing entity data, their relationships, and actions associated with them. Furthermore, meta-data is gathered and linked to the ingested data, which provides a broader contextual view of the environment leading up to and during an event of interest. The gathered data and meta-data is used to manage the reputation of the contributing data sources. The system links each successive data set, algorithm, or meta-data which might pertain to its unique identification and to its ultimate reputation, utility, or fitness for purpose.

Abstract: A system and method for privilege assurance protection of computer networks that remedies the deficiencies of the current directory service structure. The system uses a software agent to collect and store snapshots of all network resources on a computer network by identifying network domains, searching the directory service of each domain for network resources, and periodically querying the network resources for changes. The software agent communicates with a backend server which provides searching, querying, storage, administrative and other functionality to the agent via remote procedure calls.

Abstract: A system and method for holistic computer system cybersecurity evaluation and risk rating that takes into account the operation of the entire computer system environment comprising hardware, software, and the operating system. Not only are the hardware, software, and operating system evaluated separately for cybersecurity concerns, their interaction and operation as a whole are also evaluated and scored. The results of such analyses may be used, for example, by underwriters of cybersecurity insurance policies to determine policy terms and rates.

Abstract: A system and method for a high-performance, scalable, multi-tenant, dynamically specifiable, knowledge graph information storage and utilization. The system uses an in-memory associative array for high-performance graph storage and access, with a non-volatile distributed database for scalable backup storage, a scalable, distributed graph service for graph creation, an indexing search engine to increase searching performance, and a graph crawler for graph traversal. One or more of these components may be in the form of a cloud-based service, and in some embodiments the cloud-based services may be containerized to allow for multi-tenant co-existence with no possibility of data leakage or cross-over.

Abstract: A system for comprehensive cybersecurity analysis and rating based on heterogeneous data and reconnaissance is provided, comprising a multidimensional time-series data server configured to create a dataset with at least time-series data gathered from passive network reconnaissance of a client; and a cybersecurity scoring engine configured to retrieve the dataset from the multidimensional time-series data server, process the dataset using at least computational graph analysis, and generate an aggregated cybersecurity score based at least on results of processing the dataset.

Abstract: A system and method for the detection and mitigation of Kerberos golden ticket, silver ticket, and related identity-based cyberattacks by passively monitoring and analyzing Kerberos and authentication operations within the network. The system and method provide real-time detections of identity attacks using time-series data and data pipelines, and by transforming the stateless Kerberos protocol into stateful protocol. A packet capturing agent is deployed on the network where captured time-series Kerberos and related event and log information is processed in distributed computational graph (DCG) stages where declarative rules determine if an attack is being carried out and what type of attack it is.

Abstract: A system for autonomous issuance and management of insurance policies for computer and information technology related risks, including but not limited to losses due to system availability, cloud computing failures, current and past data breaches, and data integrity issues. The system will use a variety of current risk information to assess the likelihood of operational interruption or loss due to both accidental issues and malicious activity. Based on these assessments, the system will be able to autonomously issue policies, adjust premium pricing, process claims, and seek re-insurance opportunities with a minimum of human input.

Abstract: A system for predicting future outcomes of dynamic and complex systems using simulation results driven by a parametric and blended analytic and modeling approach. A model engine and simulation engine in combination with a visualization engine using such an approach has been developed to produce geospatial and temporal context aware system models for use in generating predictive results which may be used to recommend future outcomes from continuously competing models derived from ingesting large amounts of varied but related data.

Abstract: A system and method for the prevention, mitigation, and detection of cyberattack attacks on computer networks by identifying weaknesses in directory access object allowances and providing professionals with centralized graph-centric tools to maintain and observe key security and performance insights into their security posture. The system uses an interrogation agent to collect Active Directory configuration parameters and activity information about a forest and the devices operating within. Cyber-physical graphs and histograms using persisted time-series data provides critical information, patterns, and alerts about configurations, attack vectors, and vulnerabilities which enable information technology and cybersecurity professionals greater leverage and control over their infrastructure.

Abstract: A system for comprehensive cybersecurity analysis and rating based on heterogeneous data and reconnaissance is provided, comprising a multidimensional time-series data server configured to create a dataset with at least time-series data gathered from passive or active network reconnaissance of a client or target; and a cybersecurity scoring engine configured to retrieve the dataset from the multidimensional time-series data server, process the dataset using at least computational graph analysis, and generate an aggregated cybersecurity score based at least on results of processing the dataset.

Abstract: A system for cyber threat hunting employing an advanced cyber decision platform comprising a time series data store, a directed computational graph module, an automated planning service module, and observation and state estimation module, wherein the state of a network is monitored and used to predict network resources that may be vulnerable to a future cyber threat and to produce a cyber-physical graph representing the vulnerable network resources, a human operator is provided with the cyber-physical graph to analyze the data contained therein to initiate an investigation of network resources, and the results of the threat investigation and their effects are analyzed to produce security recommendations.

Abstract: A system and method to identify and prevent cybersecurity attacks on modern, highly-interconnected networks, to identify attacks before data loss occurs, using a combination of human level, device level, system level, and organizational level monitoring.

Abstract: A system and method that detects and mitigates zero-day exploits and other vulnerabilities by analyzing event logs and external databases, forcing reauthentication of at-risk and comprised systems and accounts during an identified threat or potential security risk.

Abstract: A system and method for comprehensive cybersecurity threat assessment of software applications based on the totality of vulnerabilities from all levels of the software supply chain. The system and method comprising analyzing the code and/or operation of a software application to determine components comprising the software, identifying the source of such components, determining vulnerabilities associated with those components, compiling a list of such components, creating a directed graph of relationships between the components and their sources, and evaluating the overall threat associated with the software application based its software supply chain vulnerabilities.

Abstract: A system and method for cybersecurity reconnaissance, analysis, and scoring that uses distributed, cloud-based computing services to provide sufficient scalability for analysis of enterprise IT networks using only publicly available characterizations. The system and method comprise an in-memory associative array which manages a queue of vulnerability search tasks through a public-facing proxy network. The public-facing proxy network has search nodes configurable to present the network to search tools in a desired manner to control certain aspects of the search to obtain the desired results. A distributed data processing engine and cloud-based storage are used to provide scalable computing power and storage. A data packet modifier is used to reveal the IP address of a threat actor behind a port scan and subsequently block the threat actor. Each of the cloud-based computing services is containerized and orchestrated for management and efficient scaling purposes.

Abstract: A system for contextual and risk-based multi-factor authentication having a multi-dimensional time series data server configured to monitor and record a network's traffic data and to serve the traffic data to other modules and a directed computation graph module configured to receive network traffic data from the multi-dimensional time series data server, determine a network traffic baseline from the network traffic data, and determine a verification score needed before granting access based at least in part by the network traffic baseline. A plurality of verification methods build up a user's verification score to required level to gain access.

Abstract: A system for comprehensive cybersecurity analysis and rating based on heterogeneous data and reconnaissance is provided, comprising a multidimensional time-series data server configured to create a dataset with at least time-series data gathered from passive network reconnaissance of a client; and a cybersecurity scoring engine configured to retrieve the dataset from the multidimensional time-series data server, process the dataset using at least computational graph analysis, and generate an aggregated cybersecurity score based at least on results of processing the dataset.

Abstract: A system and method for automated cybersecurity defensive strategy analysis that predicts the evolution of new cybersecurity attack strategies and makes recommendations for cybersecurity improvements to networked systems based on a cost/benefit analysis. The system and method use machine learning algorithms to run simulated attack and defense strategies against a model of the networked system created using a directed graph. Recommendations are generated based on an analysis of the simulation results against a variety of cost/benefit indicators.