Abstract: This disclosure provides a system and method for deploying and configuring a cyber-security protection solution using a portable storage device. The portable storage device may include a memory storing instructions to be executed by a computing device. When executed, the instructions may cause the computing device to implement a cyber-security protection solution that is configured to scan a second storage device and determine whether the second storage device is usable in a protected environment.

Abstract: A blockchain-based network arrangement includes member nodes joined by a multicast network including a trusted node configured for creating at least one cryptographic key and for distributing copies of the cryptographic key over the multicast network as a multicast blockchain transmission to other member nodes. A requesting node outside the member nodes is configured for initiating a smart contract containing its blockchain address and for sending the smart contract as a request for group access with an address of the trusted node. The trusted node is configured for receiving the smart contract and a decides to accept or reject the smart contract, and records the decision in the blockchain by updating the smart contract. An accept decision results in a member node sending the cryptographic key to the requesting node.

Abstract: A method includes detecting a connection attempt from a device, quarantining the device to prevent the device from substantially interacting with a host system, and determining whether the device requires verification while the device is quarantined. The method also includes, in response to determining that the device requires verification, presenting at least one authorization challenge to a user while the device is quarantined. The at least one authorization challenge requests that the user provide at least one specified response. The method further includes, in response to determining that the device requires verification, determining whether the user correctly provided the at least one specified response while the device is quarantined, granting access to the device in response to determining that the user correctly provided the at least one specified response, and continuing to quarantine the device in response to determining that the user did not correctly provide the at least one specified response.

Abstract: An apparatus includes at least one processor configured to determine whether a blockchain identifies a valid smart contract indicating that communication with a specified node is permitted. In response to determining that the blockchain does identify the valid smart contract, the at least one processor is configured to establish a secure communication session with the specified node. In response to determining that the blockchain does not identify the valid smart contract, the at least one processor is configured to generate a new smart contract associated with the specified node, establish the secure communication session with the specified node in response to user approval of the new smart contract, and not establish the secure communication session with the specified node in response to user rejection of the new smart contract.

Abstract: This disclosure provides a system and method for deploying and configuring a cyber-security protection solution using a portable storage device. The portable storage device may include a memory storing instructions to be executed by a computing device. When executed, the instructions may cause the computing device to implement a cyber-security protection solution that is configured to scan a second storage device and determine whether the second storage device is usable in a protected environment.

Abstract: This disclosure provides a security system and method for using machine learning to improve cybersecurity operations in an industrial control networks and other systems. A method includes collecting, by a security system, current communications channel information for a plurality of devices in a control system. The method includes analyzing, by the security system, the current communications channel information according to one or more device models. The method includes producing, by the security system and according to the analysis, a risk report that identifies an abnormal device among the plurality of devices.

Abstract: A blockchain-based network arrangement includes member nodes joined by a multicast network including a trusted node configured for creating at least one cryptographic key and for distributing copies of the cryptographic key over the multicast network as a multicast blockchain transmission to other member nodes. A requesting node outside the member nodes is configured for initiating a smart contract containing its blockchain address and for sending the smart contract as a request for group access with an address of the trusted node. The trusted node is configured for receiving the smart contract and a decides to accept or reject the smart contract, and records the decision in the blockchain by updating the smart contract. An accept decision results in a member node sending the cryptographic key to the requesting node.

Abstract: An apparatus includes at least one processor configured to determine whether a blockchain identifies a valid smart contract indicating that communication with a specified node is permitted. In response to determining that the blockchain does identify the valid smart contract, the at least one processor is configured to establish a secure communication session with the specified node. In response to determining that the blockchain does not identify the valid smart contract, the at least one processor is configured to generate a new smart contract associated with the specified node, establish the secure communication session with the specified node in response to user approval of the new smart contract, and not establish the secure communication session with the specified node in response to user rejection of the new smart contract.

Abstract: A method includes obtaining first data identifying first user interactions with one or more computing or networking resources during at least one first user session that is known to be valid. The method also includes generating one or more profiles defining typical user interactions with the one or more resources based on the first data. The method further includes obtaining second data identifying second user interactions with at least one of the one or more resources during a subsequent second user session. The method also includes determining whether the second user session is valid based on the second data and at least one of the one or more profiles by comparing the second user interactions to the typical user interactions defined in the at least one profile. In addition, the method includes taking one or more actions in response to determining that the second user session is not valid.

Abstract: This disclosure provides a security system and method for using machine learning to improve cybersecurity operations in an industrial control networks and other systems. A method includes collecting, by a security system, current communications channel information for a plurality of devices in a control system. The method includes analyzing, by the security system, the current communications channel information according to one or more device models. The method includes producing, by the security system and according to the analysis, a risk report that identifies an abnormal device among the plurality of devices.

Abstract: This disclosure provides a security system and method for using machine learning to improve cybersecurity operations in an industrial control networks and other systems. A method includes collecting, by a security system, current process information for a plurality of processes in a control system. The method includes analyzing, by the security system, the current process information according to one or more process models. The method includes producing, by the security system and according to the analysis, a risk report that identifies an abnormal process among the plurality of processes.

Abstract: A method includes detecting a connection attempt from a device, quarantining the device to prevent the device from substantially interacting with a host system, and determining whether the device requires verification while the device is quarantined. The method also includes, in response to determining that the device requires verification, presenting at least one authorization challenge to a user while the device is quarantined. The at least one authorization challenge requests that the user provide at least one specified response. The method further includes, in response to determining that the device requires verification, determining whether the user correctly provided the at least one specified response while the device is quarantined, granting access to the device in response to determining that the user correctly provided the at least one specified response, and continuing to quarantine the device in response to determining that the user did not correctly provide the at least one specified response.