Abstract: A system for comprehensive cybersecurity analysis and rating based on heterogeneous data and reconnaissance is provided, comprising a multidimensional time-series data server configured to create a dataset with at least time-series data gathered from passive network reconnaissance of a client; and a cybersecurity scoring engine configured to retrieve the dataset from the multidimensional time-series data server, process the dataset using at least computational graph analysis, and generate an aggregated cybersecurity score based at least on results of processing the dataset.

Abstract: A system and method for the detection and mitigation of Kerberos golden ticket, silver ticket, and related identity-based cyberattacks by passively monitoring and analyzing Kerberos and authentication operations within the network. The system and method provide real-time detections of identity attacks using time-series data and data pipelines, and by transforming the stateless Kerberos protocol into stateful protocol. A packet capturing agent is deployed on the network where captured time-series Kerberos and related event and log information is processed in distributed computational graph (DCG) stages where declarative rules determine if an attack is being carried out and what type of attack it is.

Abstract: A system for autonomous issuance and management of insurance policies for computer and information technology related risks, including but not limited to losses due to system availability, cloud computing failures, current and past data breaches, and data integrity issues. The system will use a variety of current risk information to assess the likelihood of operational interruption or loss due to both accidental issues and malicious activity. Based on these assessments, the system will be able to autonomously issue policies, adjust premium pricing, process claims, and seek re-insurance opportunities with a minimum of human input.

Abstract: A system for predicting future outcomes of dynamic and complex systems using simulation results driven by a parametric and blended analytic and modeling approach. A model engine and simulation engine in combination with a visualization engine using such an approach has been developed to produce geospatial and temporal context aware system models for use in generating predictive results which may be used to recommend future outcomes from continuously competing models derived from ingesting large amounts of varied but related data.

Abstract: A system and method for the contextualization and management of collaborative databases in an adversarial information environment. The system and method feature the ability to scan for, ingest and process, and then use relational, wide column, and graph stores for capturing entity data, their relationships, and actions associated with them. Furthermore, meta-data is gathered and linked to the ingested data, which provides a broader contextual view of the environment leading up to and during an event of interest. The gathered data and meta-data is used to manage the reputation of the contributing data sources. The system links each successive data set, algorithm, or meta-data which might pertain to its unique identification and to its ultimate reputation, utility, or fitness for purpose.

Abstract: A system for meta-indexing, search, compliance, and test framework for software development is provided, comprising an indexing service configured to create a dataset by processing and indexing source code of a project provided by a developer, perform a code audit on the indexed source code, store results from the code audit in the dataset, gather additional information relating to the provided project, store the additional information in the dataset, and store the dataset into memory; and a monitoring service configured to continuously monitor the project for at least source code changes and make changes to the dataset as needed.

Abstract: A system for mitigation of cyberattacks employing an advanced cyber decision platform comprising a time series data store, a directed computational graph module, an action outcome simulation module, and observation and state estimation module, wherein the state of a network is monitored and used to produce a cyber-physical graph representing network resources, simulated network events are produced and monitored, and the network events and their effects are analyzed to produce security recommendations.

Abstract: A system and method for the prevention, mitigation, and detection of cyberattack attacks on computer networks by identifying weaknesses in directory access object allowances and providing professionals with centralized graph-centric tools to maintain and observe key security and performance insights into their security posture. The system uses an interrogation agent to collect Active Directory configuration parameters and activity information about a forest and the devices operating within. Cyber-physical graphs and histograms using persisted time-series data provides critical information, patterns, and alerts about configurations, attack vectors, and vulnerabilities which enable information technology and cybersecurity professionals greater leverage and control over their infrastructure.

Abstract: A system for transfer learning and domain adaptation using distributable data models is provided, comprising a network-connected distributable model configured to serve instances of a plurality of distributable models; and a directed computation graph module configured to receive at least an instance of at least one of the distributable models from the network-connected computing system, create a second dataset from machine learning performed by a transfer engine, train the instance of the distributable model with the second dataset, and generate an update report based at least in part by updates to the instance of the distributable model.

Abstract: A system for contextual data collection and extraction is provided, comprising an extraction engine configured to receive context from a user for desired information to extract, connect to a data source providing a richly formatted dataset, retrieve the richly formatted dataset, process the richly formatted dataset and extract information from a plurality of linguistic modalities within the richly formatted, and transform the extracted data into a extracted dataset; and a knowledge base construction service configured to retrieve the extracted dataset, create a knowledge base for storing the extracted dataset, and store the knowledge base in a data store.

Abstract: A system and method for cybersecurity reconnaissance, analysis, and scoring that uses distributed, cloud-based computing services to provide sufficient scalability for analysis of enterprise IT networks using only publicly available characterizations. The system and method comprise an in-memory associative array which manages a queue of vulnerability search tasks through a public-facing proxy network. The public-facing proxy network has search nodes configurable to present the network to search tools in a desired manner to control certain aspects of the search to obtain the desired results. A distributed data processing engine and cloud-based storage are used to provide scalable computing power and storage. Each of the cloud-based computing services is containerized and orchestrated for management and efficient scaling purposes.

Abstract: A system for fully integrated predictive decision-making and simulation having a high-volume deep web scraper system, a data retrieval engine, a directed computational graph module, and a decision and action path simulation engine.

Abstract: A system and method to identify and prevent cybersecurity attacks on modern, highly-interconnected networks, to identify attacks before data loss occurs, using a combination of human level, device level, system level, and organizational level monitoring.

Abstract: A system and method for network cybersecurity analysis that uses user and entity behavioral analysis combined with network topology information to provide improved cybersecurity. The system and method involve gathering network entity information, establishing baseline behaviors for each entity, and monitoring each entity for behavioral anomalies that might indicate cybersecurity concerns. Further, the system and method involve incorporating network topology information into the analysis by generating a model of the network, annotating the model with risk and criticality information for each entity in the model and with a vulnerability level between entities, and using the model to evaluate cybersecurity risks to the network. Risks and vulnerabilities associated with user entities may be represented, in part or in whole, by the behavioral analyses and monitoring of those user entities.

Abstract: A system and method for network cybersecurity analysis that uses user and entity behavioral analysis combined with network topology information to provide improved cybersecurity. The system and method involve gathering network entity information, establishing baseline behaviors for each entity, and monitoring each entity for behavioral anomalies that might indicate cybersecurity concerns. Further, the system and method involve incorporating network topology information into the analysis by generating a model of the network, annotating the model with risk and criticality information for each entity in the model and with a vulnerability level between entities, and using the model to evaluate cybersecurity risks to the network. Risks and vulnerabilities associated with user entities may be represented, in part or in whole, by the behavioral analyses and monitoring of those user entities.

Abstract: A system for customized crowd-sourced data gathering and extraction wherein a client may request that certain data be gathered, and the system will optimally provide the data through a combination of stored data, one or more remote devices with sensing capabilities, and human operators. The system has predictive capability to optimize notifications to human operators likely to be in the area of a data gathering request at the necessary time and likely to be available to gather the requested data. Human operators may be compensated for their data gathering, and may gather data, or parts thereof, as an adjunct to other activities.

Abstract: A system for contextual data collection and extraction is provided, comprising an extraction engine configured to receive context from a user for desired information to extract, connect to a data source providing a richly formatted dataset, retrieve the richly formatted dataset, process the richly formatted dataset and extract information from a plurality of linguistic modalities within the richly formatted, and transform the extracted data into a extracted dataset; and a knowledge base construction service configured to retrieve the extracted dataset, create a knowledge base for storing the extracted dataset, and store the knowledge base in a data store.

Abstract: A system and method for comprehensive cybersecurity threat assessment of software applications based on the totality of vulnerabilities from all levels of the software supply chain. The system and method comprising analyzing the code and/or operation of a software application to determine components comprising the software, identifying the source of such components, determining vulnerabilities associated with those components, compiling a list of such components, creating a directed graph of relationships between the components and their sources, and evaluating the overall threat associated with the software application based its software supply chain vulnerabilities.

Abstract: A system for contextual and risk-based multi-factor authentication having a multi-dimensional time series data server configured to monitor and record a network's traffic data and to serve the traffic data to other modules and a directed computation graph module configured to receive network traffic data from the multi-dimensional time series data server, determine a network traffic baseline from the network traffic data, and determine a verification score needed before granting access based at least in part by the network traffic baseline. A plurality of verification methods build up a user's verification score to required level to gain access.

Abstract: A highly scalable distributed connection interface for data capture from multiple network service sources, comprising a connector module wherein, the connector module retrieves a plurality of operational data from a plurality of network data sources; employs a plurality of application programming interface routines to communicate with the plurality of operational data sources; accepts a plurality of analysis parameters and control commands directly from human interface devices or from one or more command and control storage devices; and specifies the action or actions to be taken on the retrieved operational data.