Abstract: A system and method that detects and mitigates zero-day exploits and other vulnerabilities by analyzing event logs and external databases, forcing reauthentication of at-risk and comprised systems and accounts during an identified threat or potential security risk.

Abstract: A reconnaissance engine gathers data about a client's computer network from the client, from devices and systems on the client's network, and from the Internet regarding various aspects of cybersecurity. Each of these aspects is evaluated independently, weighted, and cross-referenced to generate a cybersecurity score by aggregating individual vulnerability and risk factors together to provide a comprehensive characterization of cybersecurity risk using a transparent and traceable methodology. The scoring system itself can be used as a state machine with the cybersecurity score acting as a feedback mechanism, in which a cybersecurity score can be set at a level appropriate for a given organization, and data from clients or groups of clients with more extensive reporting can be used to supplement data for clients or groups of clients with less extensive reporting to enhance cybersecurity analysis and scoring.

Abstract: A system and method to identify and prevent cybersecurity attacks on modern, highly-interconnected networks, to identify attacks before data loss occurs, using a combination of human level, device level, system level, and organizational level monitoring.

Abstract: Cybersecurity reconnaissance, analysis, and scoring uses distributed, cloud or edge-based pools of computing services to provide sufficient scalability for analysis of IT/OT networks using only publicly available characterizations. An in-memory associative array manages a queue of configuration and vulnerability search tasks through at least one public-facing proxy network which uses configurable search nodes to approach the target network with search tools in a desired manner to control certain aspects of the search in order to obtain the desired results, especially when target network behavior adjusts based on counterparty characteristics. A data packet modifier reveals IP addresses of threat actors behind port scans and subsequently block the threat actors.

Abstract: A system for fully integrated collection of business impacting data, analysis of that data and generation of both analysis-driven business decisions and analysis driven simulations of alternate candidate business actions has been devised and reduced to practice. This business operating system may be used predict the outcome of enacting candidate business decisions based upon past and current business data retrieved from both within the corporation and from a plurality of external sources pre-programmed into the system. Both single parameter set and multiple parameter set analyses are supported. Risk to value estimates of candidate decisions are also calculated.

Abstract: A system and methods for the creation of domain-specific languages that are both domain-agnostic and language-agnostic for use in a multi-language abstract digital simulation model generation and execution, comprising an onboarding module that creates domain specific models from declarative languages, domain-specific language engine, that uses the declarative domain-specific models to create a domain specific language, a meta-model structuring and creation system, meta-model mapping table, remote server, simulation execution process, computer domain-specific language, and methods for user-creation and editing of meta-models, simulation models, and parametrization of simulation environments, actors, objects, and events in real-time using heuristic searching.

Abstract: Autonomous management of risk transfer is provided using an automated underwriting processor that creates a contract block by compiling the request into a computational graph-based format, links the contract block to the requester, stores the contract block into memory, retrieves a plurality of available underwriting agreements from memory, and creates an offer list by perform computational graph operations on the contract block to determine viable risk-transfer agreements; and presenting the offer list to the requester.

Abstract: A system for contextual and risk-based multi-factor authentication having a multi-dimensional time series data server configured to monitor and record a network's traffic data and to serve the traffic data to other modules and a directed computation graph module configured to receive network traffic data from the multi-dimensional time series data server, determine a network traffic baseline from the network traffic data, and determine a verification score needed before granting access based at least in part by the network traffic baseline. A plurality of verification methods build up a user's verification score to required level to gain access.

Abstract: A system and method for automated cybersecurity defensive strategy analysis that predicts the evolution of new cybersecurity attack strategies and makes recommendations for cybersecurity improvements to networked systems based on a cost/benefit analysis. The system and method use machine learning algorithms to run simulated attack and defense strategies against a model of the networked system created using a directed graph. Recommendations are generated based on an analysis of the simulation results against a variety of cost/benefit indicators.

Abstract: A system and methods for integrating datasets and automating transformation workflows using a distributed computational graph comprising modules that represent various stages within a data processing workflow. The system detects new datasets and automatically selects or assembles a workflow to process the new data, and integrates new data through a series of identification, transformation, and metadata enrichment pipelines.

Abstract: A system and method for the secure and private demonstration of cloud-based cyber-security tools. Using an advanced sandboxing design patterns, isolated instances of virtual networks allow a potential client to compare their existing cyber defense tools against a set of cloud-based tools. Capitalizing on non-persistent and secure sandboxes allow the invention to demonstrate fully functional and devastating cyber-attacks while guaranteeing strict privacy and security to both existing customers and potential ones. Additionally, instantiating separate sandboxed observed systems in a single multi-tenant infrastructure provide each customer with the ability to rapidly create actual representations of their enterprise environment offering the most realistic and accurate demonstration and comparison between products.

Abstract: A system and method for network cybersecurity analysis that uses user and entity behavioral analysis combined with network topology information to provide improved cybersecurity. The system and method involve gathering network entity information, establishing baseline behaviors for each entity, and monitoring each entity for behavioral anomalies that might indicate cybersecurity concerns. Further, the system and method involve incorporating network topology information into the analysis by generating a model of the network, annotating the model with risk and criticality information for each entity in the model and with a vulnerability level between entities, and using the model to evaluate cybersecurity risks to the network. Risks and vulnerabilities associated with user entities may be represented, in part or in whole, by the behavioral analyses and monitoring of those user entities.

Abstract: A system for contextual and risk-based multi-factor authentication having a multi-dimensional time series data server configured to monitor and record a network's traffic data and to serve the traffic data to other modules and a directed computation graph module configured to receive network traffic data from the multi-dimensional time series data server, determine a network traffic baseline from the network traffic data, and determine a verification score needed before granting access based at least in part by the network traffic baseline. A plurality of verification methods build up a user's verification score to required level to gain access.

Abstract: A system and method for generating and applying meta-models in simulated environments, in which an agent simulation is selected, one or more agent goals are received, and agents are created which are individual instances of the agent simulation with each agent having at least one of the agent goals, wherein the agents are used in the execution of an environment simulation which dynamically changes based on the collective behavior of the agents. The agents operate in the environment simulation using meta-models which describe how the agents interact with other agent and how the agents interact within the simulation.

Abstract: A system and method for correlating network event anomalies to identify attack information, that identifies anomalous events within the network, identifies correlations between anomalies and other network events and resources, generates a behavior graph describing an attack pathway derived from the correlations, and determines an attack point of origin using the behavior graph.

Abstract: A system and methods for cybersecurity rating using active and passive external reconnaissance, comprising a web crawler that send message prompts to external hosts and receives responses from external hosts, a time-series data store that produces time-series data from the message responses, and a directed computational graph module that probes, scans, and fingerprints devices within a cyber-physical graph and analyzes the results as time-series data to produce a weighted score representing the overall cybersecurity state of an organization.

Abstract: A system for probe-based risk analysis for multi-factor authentication having a multi-dimensional time series data server configured to monitor and record a network's traffic data and to serve the traffic data to other modules and a directed computational graph module configured to probe connection destinations for a response, analyze any received responses, and determine a verification score needed before granting access based at least in part on the analysis of the received responses. A plurality of verification methods build up a user's verification score to required level to gain access.

Abstract: A system and method for automated cybersecurity defensive strategy analysis that predicts the evolution of new cybersecurity attack strategies and makes recommendations for cybersecurity improvements to networked systems based on a cost/benefit analysis. The system and method use machine learning algorithms to run simulated attack and defense strategies against a model of the networked system created using a directed graph. Recommendations are generated based on an analysis of the simulation results against a variety of cost/benefit indicators.

Abstract: A system for fully integrated collection of business impacting data, analysis of that data and generation of both analysis driven business decisions and analysis driven simulations of alternate candidate business actions has been devised and reduced to practice. This business operating system may be used to monitor and predictively warn of events that impact the security of business infrastructure and may also be employed to monitor client-facing services supported by both software and hardware to alert in case of reduction or failure and also predict deficiency, service reduction or failure based on current event data.

Abstract: A distributed computing cluster includes first, second, and third pluralities of computer systems. A first computer of the first plurality applies a first transformation pipeline to a stream of data to generate a output data, and transmits the output data to a computer of the second plurality, which is distinct from the first plurality. A second computer of the second plurality applies a second transformation pipeline. The second transformation pipeline includes a first storage transformation. A third computer of the third plurality stores a representation of a distributed computational graph (DCG), which includes a representation of a portion of the second transformation pipeline. The third computer processes the representation of the DCG, and determines whether the second transformation pipeline includes a storage transformation. The third computer monitors the second transformation pipeline, and in response, causes a fourth computer of the third plurality to apply a second storage transformation.