Abstract: The embodiments described herein provide a system including an intelligent electronic device (IED) comprising a first processor configured to communicate control commands to power equipment, receive measurements from the power equipment, use a secure wireless system to send data to an access point, wherein the data includes the measurements, and use the secure system to communicate with a management device, via the access point, to receive configuration information, command information, or any combination thereof.

Abstract: In one approach, a first computing device receives a request from a second computing device. The request is for access by the second computing device to a service provided by a third computing device over a network. In response to receiving the request, the first computing device performs a security evaluation of the second computing device. The evaluation determines a risk level. The first computing device generates, based on the evaluation, a token for the second computing device. The token includes data encoding the risk level. The token is sent to the second computing device and/or third computing device. The sent data is used to configure the service provided to the second computing device.

Abstract: A method includes: receiving a request regarding access by a first computing device (e.g., a mobile device of a user) to a service; in response to the request, performing, by a second computing device (e.g., a device risk evaluation server, or a server of an identity provider), an evaluation that includes creating a fingerprint of the first computing device; and determining, by the second computing device, whether the fingerprint matches a fingerprint of one or more other computing devices. The second computing devices determines whether to authorize access to the service based on the evaluation.

Abstract: A security testing platform can provide security teams with an extensible, cost-effective and flexible platform which can continuously test, evaluate and tune deployed security tools & policies. The security testing platform allows users to automatically simulate security threat attacks in order to measure the effectiveness of a security stack's prevention, detection and mitigation capabilities. A set of endpoints within the controlled environment may be configured to simulate the environment of the application being tested, which may be configured across multiple endpoints. Additional endpoints may also be configured as ‘attackers’ to orchestrate security attacks on the simulated environment. The security testing platform 100 may also integrate monitoring tools to gain automated insights into the detection, reliability and performance capabilities of the current security policies, rules and configurations.

Abstract: A first set of code, for example source code, and a second code, for example binary code, are compared to find corresponding functions. A comparison of features can be used to find correspondences of functions. The comparison of functions can be iterated and can be refined and can be further used to carry out a further, stricter comparison of functions found to correspond to reduce the chance of falsely finding a function in the second code to be accountable in the first code.

Abstract: A first set of code, for example source code, and a second code, for example binary code, are compared to find corresponding functions. A comparison of features can be used to find correspondences of functions. The comparison of functions can be iterated and can be refined and can be further used to carry out a further, stricter comparison of functions found to correspond to reduce the chance of falsely finding a function in the second code to be accountable in the first code.

Abstract: A method includes: receiving a request regarding access by a first computing device (e.g., a mobile device of a user) to a service; in response to the request, performing, by a second computing device (e.g., a device risk evaluation server, or a server of an identity provider), an evaluation that includes creating a fingerprint of the first computing device; and determining, by the second computing device, whether the fingerprint matches a fingerprint of one or more other computing devices. The second computing devices determines whether to authorize access to the service based on the evaluation.

Abstract: A method includes: receiving a request regarding access by a first computing device (e.g., a mobile device of a user) to a service; in response to the request, performing, by a second computing device (e.g., a device risk evaluation server, or a server of an identity provider), an evaluation of the first computing device; and performing, by the second computing device, an action (e.g., authorizing access to the service) based on the evaluation.

Abstract: A method includes: receiving a request regarding access by a first computing device (e.g., a mobile device of a user) to a service; in response to the request, performing, by a second computing device (e.g., a device risk evaluation server, or a server of an identity provider), an evaluation of the first computing device; and performing, by the second computing device, an action (e.g., authorizing access to the service) based on the evaluation.

Abstract: A protection system for a telecommunications network includes an evaluation engine that receives information about threats from user devices using the network and determines a threat level to the network. Threats to the network are mitigated based on the determined threat level.

Abstract: The subject matter disclosed herein relates to intelligent electronic devices (IEDs), and, more specifically, to systems and methods for initial configuration or commissioning of IEDs after installation. In an embodiment, a system includes an intelligent electronic device (IED) configuring system having an IED that is configured with a wireless network configuration prior to deployment that enables the IED to automatically connect to a particular wireless network when it is detected. The IED configuring system also includes an IED configuring device configured to host the particular wireless network according to the wireless network configuration of the IED. Furthermore, the IED configuring device is configured to communicate a plurality of configuration settings to the IED via the wireless network to commission the IED once the IED has connected to the wireless network.

Abstract: A system includes reception of data at a computing network, generation of alerts at the computing network based on received data and on cyber sensor data, the cyber sensor data defining data attribute, reception of alerts from the computing network at a defense engine, detection of events based on the received alerts at the defense engine, generation threat data based on the detected events, generation of first cyber sensor data based on the threat data, and initiation of deployment of the first cyber sensor data within the computing network.

Abstract: The embodiments described herein provide a system including an intelligent electronic device (IED) comprising a first processor configured to communicate control commands to power equipment, receive measurements from the power equipment, use a secure wireless system to send data to an access point, wherein the data includes the measurements, and use the secure system to communicate with a management device, via the access point, to receive configuration information, command information, or any combination thereof.

Abstract: The embodiments described herein provide a system including an intelligent electronic device (IED) comprising a first processor configured to communicate control commands to power equipment, receive measurements from the power equipment, use a secure wireless system to send data to an access point, wherein the data includes the measurements, and use the secure system to communicate with a management device, via the access point, to receive configuration information, command information, or any combination thereof.

Abstract: A system and method are provided for detecting malicious or unwanted software, or malicious or unauthorized access to cyber-physical system devices. The activity and applications on the device are analyzed by various methods including machine learning algorithms and the results are reported. Malicious or unwanted 5 activity or applications can be stopped by the device user or other authorized person.

Abstract: Provided is an arbitrary automation system for secure communications. The system includes a utility device configured for processing critical data associated with the arbitrary automation system, the critical data being structured in accordance with utility device access levels. A key management module (i) provides a data protection key (DPK) for protecting the critical data in accordance with each of the utility device access levels and (ii) generates a user key encryption key (UKEK) for encrypting the DPK based upon the device access levels. The system additionally includes a software module configured for masking an execution state of software within the utility device and the key management module via principles of evasion and resistance.

Abstract: A system includes reception of data at a computing network, generation of alerts at the computing network based on received data and on cyber sensor data, the cyber sensor data defining data attribute, reception of alerts from the computing network at a defense engine, detection of events based on the received alerts at the defense engine, generation threat data based on the detected events, generation of first cyber sensor data based on the threat data, and initiation of deployment of the first cyber sensor data within the computing network.

Abstract: A protection system for a telecommunications network includes an evaluation engine that receives information about threats from user devices using the network and determines a threat level to the network. Threats to the network are mitigated based on the determined threat level.

Abstract: The embodiments described herein include a system and a method. In one embodiment, a system includes a device monitoring component configured to measure control system behavior and an intrusion prevention system communicatively coupled to the device monitoring component and a communications network. The intrusion prevention system includes a control system analysis component configured to analyze the control system behavior measured by the device monitoring component against a first rule set to determine whether an anomaly, an intrusion, or both are present.

Abstract: Provided is an arbitrary automation system for secure communications. The system includes a utility device configured for processing critical data associated with the arbitrary automation system, the critical data being structured in accordance with utility device access levels. A key management module (i) provides a data protection key (DPK) for protecting the critical data in accordance with each of the utility device access levels and (ii) generates a user key encryption key (UKEK) for encrypting the DPK based upon the device access levels. The system additionally includes a software module configured for masking an execution state of software within the utility device and the key management module via principles of evasion and resistance.