Abstract: A system for predictive analysis of very large data sets using a distributed computational graph has been developed. Data receipt software receives streaming data from one or more sources. In a batch data pathway, data formalization software formats input data for storage. A batch event analysis server inspects stored data for trends, situations, or knowledge. Aggregated data is passed to message handler software. System sanity software receives status information from message handler and optimizes system performance. In the streaming pathway, transformation pipeline software manipulates the data stream, provides results back to the system, receives directives from the system sanity and retrain software.

Abstract: A system for predictive analysis of very large data sets using a distributed computational graph has been developed. Data receipt software receives streaming data from one or more sources. In a batch data pathway, data formalization software formats input data for storage. A batch event analysis server inspects stored data for trends, situations, or knowledge. Aggregated data is passed to message handler software. System sanity software receives status information from message handler and optimizes system performance. In the streaming pathway, transformation pipeline software manipulates the data stream, provides results back to the system, receives directives from the system sanity and retrain software.

Abstract: A system for predictive analysis of very large data sets using a distributed computational graph has been developed. Data receipt software receives streaming data from one or more sources. In a batch data pathway, data formalization software formats input data for storage. A batch event analysis server inspects stored data for trends, situations, or knowledge. Aggregated data is passed to message handler software. System sanity software receives status information from message handler and optimizes system performance. In the streaming pathway, transformation pipeline software manipulates the data stream, provides results back to the system, receives directives from the system sanity and retrain software.

Abstract: A system and method for the privilege assurance of enterprise computer network environments using lateral movement detection and prevention. The system uses local session monitors to monitor logon sessions within a network, generating and verifying event logs and authentication records to ensure the legitimacy of authenticated user sessions and to revoke credentials when an illicit session is detected, halting lateral movement in real-time.

Abstract: A system and method for the privilege assurance of enterprise computer network environments using attack path detection and prediction. The system uses local session monitors to monitor logon sessions within a network, track session details, and log session and network host details. Cyber-physical graphs are produced and used to identify paths within the network based on the logged information, and to apply risk weighting to the identified paths and determine likely attack paths an attacker may use.

Abstract: A system and method for providing time-series geospatial data and a world-scale simulation platform used to generate simulated-world environments by rendering data-dense geographical regions corresponding to heterogenous sourced data and formats for highly scalable parallel simulations, and comprised of a multi-dimensional time-series database used for enabling query support across multiple simulations via individual simulation and entity swimlanes for cyber, physical and cyber-physical entities and regions.

Abstract: A system and method for analyzing integrated operational technology and information technology systems with sufficient granularity to predict key elements of their composite behavior. The system and method involve creating high-fidelity models of the operational technology and information technology systems using one or more cyber-physical graphs, performing parametric analyses of the models to identify key components, scaling the parametric analyses of the models to analyze the key components at a greater level of granularity, and iteratively improving the models via ongoing search and testing against observed data from the real-world systems.

Abstract: A system and method for the prevention, mitigation, and detection of cyberattack attacks on computer networks using logon session tracking and logging. The system uses local session monitors to monitor logon sessions within a network, track session details, and generate an event log for any suspicious sessions or details. Cyber-physical graphs and histograms using persisted time-series data provides critical information, patterns, and alerts about configurations, attack vectors, and vulnerabilities which enable information technology and cybersecurity professionals greater leverage and control over their infrastructure.

Abstract: A system and method for cybersecurity risk analysis and anomaly detection using active and passive external reconnaissance, that identifies critical network entities within a cyber-physical graph, identifies anomalous events within the network, determines the risk of identified anomalies based on the value of the entities involved, and determines an effectiveness score for the network based on the identified risks.

Abstract: A system and method for trigger-based scanning of cyber-physical assets, including a distributed operating system, parameter evaluation engine, at least one cyber-physical asset, at least one crypt-ledger, a network, and a scanner that detects trigger conditions and events and performs scans of cyber-physical assets based on the trigger and any relevant stored scan rules before storing scan results as time-series data.

Abstract: A system and methods for automated Internet-scale vulnerability scanning and enhanced security profiling. The system utilizes a scheduler that directs web crawlers to scan domains retrieved from a database, interact with the contents of any retrieved web pages using fuzz testing, index and store the results of the scan, and provide the indexed results via an API for inclusion in cybersecurity scoring.

Abstract: A system and method for technology analysis utilizing high-performance, scalable, multitenant, dynamically specifiable, knowledge graph information storage and utilization. The system uses an in-memory associative array for high-performance graph storage and access, with a non-volatile distributed database for scalable backup storage, a scalable, distributed graph service for graph creation, an indexing search engine to increase searching performance, and a graph crawler for graph traversal. One or more of these components may be in the form of a cloud-based service, and in some embodiments the cloud-based services may be containerized to allow for multitenant co-existence with no possibility of data leakage or cross-over. The system uses a cyber-physical graph to represent an enterprise's cyber-physical system and can provide graph analysis, graph security, and graph fusion related tasks to identify potential operational risks.

Abstract: A system for risk analysis using port scanning for multi-factor authentication having a multi-dimensional time series data server configured to monitor and record a network's traffic data and to serve the traffic data to other modules and a directed computational graph module configured to scan open ports on connection destinations, analyze the scan results, and determine a verification score needed before granting access based at least in part on the analysis of the received responses. A plurality of verification methods build up a user's verification score to required level to gain access.

Abstract: A system and method for automatically assessing and improving a cybersecurity risk score, wherein a cybersecurity risk score and cyber-physical graph for a network are retrieved and analyzed to identify potential improvements that can be made to network topography and device configurations, changes are applied automatically and an updated cyber-physical graph reflecting the applied changes is produced, and the updated cyber-physical graph is reassessed to determine the effect of the changes that were applied.

Abstract: A system for detecting and mitigating attacks using forged authentication objects within a domain is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to retrieve the new authentication object from the authentication object inspector, calculate a cryptographic hash for the new authentication object, and store the cryptographic hash for the new authentication object in a data store; wherein subsequent access requests accompanied by authentication objects are validated by comparing hashes for each authentication object to previous generated hashes.

Abstract: A system and method for self-adjusting cybersecurity analysis and score generation, wherein a reconnaissance engine gathers data about a client's computer network from the client, from devices and systems on the client's network, and from the Internet regarding various aspects of cybersecurity. Each of these aspects is evaluated independently, weighted, and cross-referenced to generate a cybersecurity score by aggregating individual vulnerability and risk factors together to provide a comprehensive characterization of cybersecurity risk using a transparent and traceable methodology. The scoring system itself can be used as a state machine with the cybersecurity score acting as a feedback mechanism, in which a cybersecurity score can be set at a level appropriate for a given organization, and data from clients or groups of clients with more extensive reporting can be used to supplement data for clients or groups of clients with less extensive reporting to enhance cybersecurity analysis and scoring.

Abstract: A system and method for fingerprint-based network mapping of cyber-physical assets, including a distributed operating system, parameter evaluation engine, at least one cyber-physical asset, at least one crypt-ledger, a network, and a scanner that retrieves stored fingerprint records and performs scans of cyber-physical assets to compare against corresponding fingerprints and update a cyber-physical graph based on the success or failure of fingerprint matching.

Abstract: A system and method for self-adjusting cybersecurity analysis and score generation, wherein a reconnaissance engine gathers data about a client's computer network from the client, from devices and systems on the client's network, and from the Internet regarding various aspects of cybersecurity. Each of these aspects is evaluated independently, weighted, and cross-referenced to generate a cybersecurity score by aggregating individual vulnerability and risk factors together to provide a comprehensive characterization of cybersecurity risk using a transparent and traceable methodology. The scoring system itself can be used as a state machine with the cybersecurity score acting as a feedback mechanism, in which a cybersecurity score can be set at a level appropriate for a given organization, and data from clients or groups of clients with more extensive reporting can be used to supplement data for clients or groups of clients with less extensive reporting to enhance cybersecurity analysis and scoring.

Abstract: A system for web-rendering data-dense geographical regions that correspond to heterogenous sourced data and formats for highly scalable parallel simulations, comprising a multi-dimensional time-series database enabling single-query support over all simulations via individual simulation swimlanes.

Abstract: A system and method for the detection and mitigation of data source compromises in an adversarial information environment. The system and method feature the ability to scan for, ingest and process, and then use relational, wide column, and graph stores for capturing entity data, their relationships, and actions associated with them. Furthermore, meta-data is gathered and linked to the ingested data, which provides a broader contextual view of the environment leading up to and during an event of interest. Data quality analysis is conducted on the data as it is ingested in order to identify various data source metrics and determine if a data source may be compromised. The results of the data quality analysis, the identified metrics, the gathered data, and meta-data are used to manage the reputation of the contributing data sources. The system can make recommendations on data sources based on the data source reputation scoring.