Abstract: Systems and methods for reconnaissance of computer environments can include performing, by one or more processors, a hierarchical process to discover information of a computer environment. The one or more processors can discover a plurality of assets and a plurality of features of the computer environment, responsive to performing the hierarchical process. The one or more processors can generate, using the plurality of assets and the plurality of features of the computer environment, a representation of an architecture of the computer environment. The one or more processors can generate, based at least on the representation of the architecture of the computer environment, one or more attack vectors of the computer environment.

Abstract: Systems and methods for reconnaissance of computer environments can include performing, by one or more processors, a hierarchical process to discover information of a computer environment. The one or more processors can discover a plurality of assets and a plurality of features of the computer environment, responsive to performing the hierarchical process. The one or more processors can generate, using the plurality of assets and the plurality of features of the computer environment, a representation of an architecture of the computer environment. The one or more processors can generate, based at least on the representation of the architecture of the computer environment, one or more attack vectors of the computer environment.

Abstract: Systems and methods for managing asset risk in computer environment can include receiving, by one or more processors, data indicative of attributes of an asset of the computer environment. The one or more processors can determine a risk context based on the data indicative of the attributes of the asset. The one or more processors can update a risk score of the asset based at least on the risk context. The one or more processors can adjust, responsive to the risk score of the asset, a configuration parameter of at least one of the asset or another asset to mitigate a security risk associated with the asset.

Abstract: Systems and methods for determining subsystems of a computer environment that are in a mutual independence state can include a computing device obtaining information indicative of a group of assets of a subsystem of a computer environment. For each asset of the group of assets, the computing device can identify one or more first assets on which the asset depends and one or more second assets that depend on the asset, and determine whether the one or more first assets and the one or more second assets belong to the group of assets. The computing device can determine that the subsystem is in a mutual independence state upon determining, for each asset of the group of assets, that the first and second assets belong to the group of assets. The computing device can update a data record to indicate the determined state of subsystem of the computer environment.

Abstract: Systems and methods for determining subsystems of a computer environment that are in a mutual independence state can include a computing device obtaining information indicative of a group of assets of a subsystem of a computer environment. For each asset of the group of assets, the computing device can identify one or more first assets on which the asset depends and one or more second assets that depend on the asset, and determine whether the one or more first assets and the one or more second assets belong to the group of assets. The computing device can determine that the subsystem is in a mutual independence state upon determining, for each asset of the group of assets, that the first and second assets belong to the group of assets. The computing device can update a data record to indicate the determined state of subsystem of the computer environment.

Abstract: Systems and methods for identifying and managing solution stacks integrated within a computer environment include one or more computing devices receiving information identifying one or more first assets as belonging to a solution stack integrated within a computer environment. The computing devices can iteratively identify additional assets of the computer environment related to, but not part of, the assets already identified as belonging to the solution stack, and determine, based on a comparison of attributes of the additional assets to attributes of the assets already identified as belonging to the solution stack, whether any of the additional assets belongs to the solution stack. The one or more computing devices can repeat these steps until no additional is identified as belonging to the solution stack. The computing devices can generate a current state of the solution stack defining at least a complete set of assets forming the solution stack.

Abstract: Systems and methods for monitoring states of operation of a computer environment can include one or more computer servers identifying a target asset of the computer environment and establishing a communication link with a computing device associated with the target asset. The one or more computer servers can determine a first set of parameters for profiling the target asset, transmit a first query for the first set of parameters to the computing device via the communication link, and receive one or more first parameter values corresponding to the first set of parameters responsive to the query. The one or more computer servers can compare the one or more first parameter values to one or more first criteria or threshold values, an determine a state of operation of the target asset based on the comparison. The state of operation can be indicative of an abnormal behavior associated with the target asset.

Abstract: Systems and methods for threat response in computer environments can include detecting, by one or more processors, using performance data of a computer environment, an event that occurred and that is indicative of abnormal performance of the computer environment. The one or more processors can identify, among a plurality of assets of the computer environment, a subset of assets associated with the event, and determine from a predefined set of resolutions a plurality of resolutions executable to address a cause of the event. The one or more processors can execute, for each resolution of the plurality of resolutions, a trained model to simulate the resolution for the subset of assets, and select, based at least on results of simulation of each resolution, a resolution among the plurality of resolutions to be implemented.

Abstract: Systems and methods for reconnaissance of computer environments can include performing, by one or more processors, a hierarchical process to discover information of a computer environment. The one or more processors can discover a plurality of assets and a plurality of features of the computer environment, responsive to performing the hierarchical process. The one or more processors can generate, using the plurality of assets and the plurality of features of the computer environment, a representation of an architecture of the computer environment. The one or more processors can generate, based at least on the representation of the architecture of the computer environment, one or more attack vectors of the computer environment.

Abstract: Systems and methods for displaying computer environment monitoring data can include a multi-tier cache memory associated with a processor of a first device. The multi-tier cache memory can include a first cache layer, and a second cache layer having a higher data access rate than the first cache layer. The first device can receive, from a second device, a data block including monitoring data selected based on user profile information associated with a user of the first device. The first device can store the data block in the first cache layer, and generate a first data sub-block using data from the data block having a higher priority for display as compared to other data of the data block. The first device can store the first data sub-block in the second cache layer, and provide the first data sub-block for display on a display device from the second cache layer.

Abstract: Systems and methods for determining priority levels to process vulnerabilities associated with a networked computer system can include a data collection engine receiving a plurality of specification profiles, each defining one or more specification variables of the networked computer system or a respective asset. The data collection engine can receive, from a vulnerability scanner, vulnerability data indicative of a vulnerability associated with the networked computer system. A profiling engine can interrogate a computing device of the networked computer system, and receive one or more respective profiling parameters from that computing device. A ranking engine can compute a priority ranking value of the computing device based on the profile specification variables, the vulnerability data and the profiling parameters.

Abstract: Systems and methods for identifying and managing solution stacks integrated within a computer environment include one or more computing devices receiving information identifying one or more first assets as belonging to a solution stack integrated within a computer environment. The computing devices can iteratively identify additional assets of the computer environment related to, but not part of, the assets already identified as belonging to the solution stack, and determine, based on a comparison of attributes of the additional assets to attributes of the assets already identified as belonging to the solution stack, whether any of the additional assets belongs to the solution stack. The one or more computing devices can repeat these steps until no additional is identified as belonging to the solution stack. The computing devices can generate a current state of the solution stack defining at least a complete set of assets forming the solution stack.

Abstract: Systems and methods for monitoring states of operation of a computer environment can include one or more computer servers identifying a target asset of the computer environment and establishing a communication link with a computing device associated with the target asset. The one or more computer servers can determine a first set of parameters for profiling the target asset, transmit a first query for the first set of parameters to the computing device via the communication link, and receive one or more first parameter values corresponding to the first set of parameters responsive to the query. The one or more computer servers can compare the one or more first parameter values to one or more first criteria or threshold values, an determine a state of operation of the target asset based on the comparison. The state of operation can be indicative of an abnormal behavior associated with the target asset.

Abstract: Systems and methods for monitoring states of operation of a computer environment can include one or more computer servers identifying a target asset of the computer environment and establishing a communication link with a computing device associated with the target asset. The one or more computer servers can determine a first set of parameters for profiling the target asset, transmit a first query for the first set of parameters to the computing device via the communication link, and receive one or more first parameter values corresponding to the first set of parameters responsive to the query. The one or more computer servers can compare the one or more first parameter values to one or more first criteria or threshold values, an determine a state of operation of the target asset based on the comparison. The state of operation can be indicative of an abnormal behavior associated with the target asset.

Abstract: Systems and methods for displaying computer environment monitoring data can include a multi-tier cache memory associated with a processor of a first device. The multi-tier cache memory can include a first cache layer, and a second cache layer having a higher data access rate than the first cache layer. The first device can receive, from a second device, a data block including monitoring data selected based on user profile information associated with a user of the first device. The first device can store the data block in the first cache layer, and generate a first data sub-block using data from the data block having a higher priority for display as compared to other data of the data block. The first device can store the first data sub-block in the second cache layer, and provide the first data sub-block for display on a display device from the second cache layer.

Abstract: Systems and methods for determining priority levels to process vulnerabilities associated with a networked computer system can include a data collection engine receiving a plurality of specification profiles, each defining one or more specification variables of the networked computer system or a respective asset. The data collection engine can receive, from a vulnerability scanner, vulnerability data indicative of a vulnerability associated with the networked computer system. A profiling engine can interrogate a computing device of the networked computer system, and receive one or more respective profiling parameters from that computing device. A ranking engine can compute a priority ranking value of the computing device based on the profile specification variables, the vulnerability data and the profiling parameters.

Abstract: Systems and methods for monitoring states of operation of a computer environment can include one or more computer servers identifying a target asset of the computer environment and establishing a communication link with a computing device associated with the target asset. The one or more computer servers can determine a first set of parameters for profiling the target asset, transmit a first query for the first set of parameters to the computing device via the communication link, and receive one or more first parameter values corresponding to the first set of parameters responsive to the query. The one or more computer servers can compare the one or more first parameter values to one or more first criteria or threshold values, an determine a state of operation of the target asset based on the comparison. The state of operation can be indicative of an abnormal behavior associated with the target asset.

Abstract: Systems and methods for determining priority levels to process vulnerabilities associated with a networked computer system can include a data collection engine receiving a plurality of specification profiles, each defining one or more specification variables of the networked computer system or a respective asset. The data collection engine can receive, from a vulnerability scanner, vulnerability data indicative of a vulnerability associated with the networked computer system. A profiling engine can interrogate a computing device of the networked computer system, and receive one or more respective profiling parameters from that computing device. A ranking engine can compute a priority ranking value of the computing device based on the profile specification variables, the vulnerability data and the profiling parameters.

Abstract: Systems and methods for determining priority levels to process vulnerabilities associated with a networked computer system can include a data collection engine receiving a plurality of specification profiles, each defining one or more specification variables of the networked computer system or a respective asset. The data collection engine can receive, from a vulnerability scanner, vulnerability data indicative of a vulnerability associated with the networked computer system. A profiling engine can interrogate a computing device of the networked computer system, and receive one or more respective profiling parameters from that computing device. A ranking engine can compute a priority ranking value of the computing device based on the profile specification variables, the vulnerability data and the profiling parameters.

Abstract: Systems and methods for monitoring states of operation of a computer environment can include one or more computer servers identifying a target asset of the computer environment and establishing a communication link with a computing device associated with the target asset. The one or more computer servers can determine a first set of parameters for profiling the target asset, transmit a first query for the first set of parameters to the computing device via the communication link, and receive one or more first parameter values corresponding to the first set of parameters responsive to the query. The one or more computer servers can compare the one or more first parameter values to one or more first criteria or threshold values, an determine a state of operation of the target asset based on the comparison. The state of operation can be indicative of an abnormal behavior associated with the target asset.