Abstract: A threat monitoring and vulnerability management system is disclosed. The system includes one or more sensors configured to scan a frequency spectrum of a project 25 (P25) network and to collect data on the P25 network.

Abstract: A System and Method is provided that enable identifying cyber security attacks using observation and monitoring of end point activity. By following and monitoring the wireless connection related activities of endpoint devices as they cycle through various steps leading to establishing a connection to the secure network, a knowledge base is established in the cloud by analysis of the actions, and communication to build the confidence that the users of the network are where they should be. In one embodiment, no access is provided until a user presents valid credentials. Based on these credentials the network then builds a specific path based on access controls, tunnels or other techniques to control the user's communication and access to specific targets within the network.

Abstract: An autonomic incident response system (AIRS) that can be used within any cyber system (computing systems, network devices, applications, cyber-physical systems, data, and files). If a cyber system is attacked, the cyberattack pattern type can be seamlessly identified by the AIRS along with the method used to launch the attack, the vulnerability that was exploited, the impact and consequence of the attack, and finally the recovery actions that can be taken automatically or semi-automatically to stop the attack or mitigate its impact on cyber system operations.

Abstract: Methods and systems for threat monitoring and analysis are disclosed. Data is collected, over a protected network, from a data stream provided by at least one data source connecting to the protected network. Machine learning (ML) models are trained for the data stream utilizing the collected data. The ML models include a first ML model to establish a baseline value, an allowed threshold value range, and a threshold value for the data from the data source, and a second ML model to identify outlier data. The outlier data is outside of the allowed threshold value range from the baseline value and exceeds the threshold value in the data stream. The ML models are used to determine whether one or more anomalies indicating a cyber threat exist within the collected data. Responsive to determining that the anomalies exist, it is determined whether to provide a response action.

Abstract: A threat monitoring and vulnerability management system is disclosed. The system includes one or more sensors configured to scan a frequency spectrum of a project 25 (P25) network and to collect data on the P25network.

Abstract: A System and Method is provided that enable identifying cyber security attacks using observation and monitoring of end point activity. By following and monitoring the wireless connection related activities of endpoint devices as they cycle through various steps leading to establishing a connection to the secure network, a knowledge base is established in the cloud by analysis of the actions, and communication to build the confidence that the users of the network are where they should be. In one embodiment, no access is provided until a user presents valid credentials. Based on these credentials the network then builds a specific path based on access controls, tunnels or other techniques to control the user’s communication and access to specific targets within the network.

Abstract: A threat monitoring and vulnerability management system is disclosed. The system includes one or more sensors configured to scan a frequency spectrum of a project 25 (P25) network and to collect data on the P25 network.

Abstract: A System and Method is provided that enable identifying cyber security attacks using observation and monitoring of end point activity. By following and monitoring the wireless connection related activities of endpoint devices as they cycle through various steps leading to establishing a connection to the secure network, a knowledge base is established in the cloud by analysis of the actions, and communication to build the confidence that the users of the network are where they should be. In one embodiment, no access is provided until a user presents valid credentials. Based on these credentials the network then builds a specific path based on access controls, tunnels or other techniques to control the user's communication and access to specific targets within the network.

Abstract: Security is provided for enterprise local area networks (LANs) by pre-vetting and identifying the security characteristic and actions of any new wireless networks that tries to connect to a secure LAN network. The disclosure herein provides for identification and classification of IEEE 802.11 wireless networks by using monitoring sensor system within and managed by a centralized cloud. The monitoring sensors interrogate the network mimicking the behavior of known platforms, such as an end-user's workstation or mobile device followed by random actions simulating a human person. The response characteristics of the wireless network including the behavior patterns relating to the LAN system and human behavior are collected.

Abstract: A threat monitoring and vulnerability management system is disclosed. The system includes one or more sensors configured to scan a frequency spectrum of a project 25 (P25) network and to collect data on the P25 network.

Abstract: Security is provided for enterprise local area networks (LANs) by pre-vetting and identifying the security characteristic and actions of any new wireless networks that tries to connect to a secure LAN network. The disclosure herein provides for identification and classification of IEEE 802.11 wireless networks by using monitoring sensor system within and managed by a centralized cloud. The monitoring sensors interrogate the network mimicking the behavior of known platforms, such as an end-user's workstation or mobile device followed by random actions simulating a human person. The response characteristics of the wireless network including the behavior patterns relating to the LAN system and human behavior are collected.

Abstract: A system and method are provided that enable identifying and trapping cyber security attacks via wireless connectivity on enterprise and corporate networks. A deceptive network emulation of a specific customer network is used to invite and draw in possible attackers. The attacker is also enticed to initiate attack on the emulated deceptive network. Packet header inspection and deep packet evaluation of the attack are used for generating possible signatures of the attacker and the attack. The information from deep packet inspection combined with the understanding of attack modality derived from enablement of attack on the deceptive network are used to generate detailed defensive methodologies, response capabilities and attack signatures, so that various types of cyber attacks including zero-day attacks from the attacker can be identified, prevented or addressed and responded to.