Abstract: Techniques, methods and/or apparatuses are disclosed that enable passive scanning of a network. Through the disclosed techniques, methods and/or apparatuses, endpoint passive scanners are deployed at endpoints of the network to provide more comprehensive view of assets and asset information of the network. Also, this can enable better correlation of network data to location, and also enable improved vulnerability analysis for endpoint products.

Abstract: In an embodiment, a management system obtains a criticality rules table that includes a plurality of rules mapped to corresponding criticality scores indicative of a level of risk in the event that an associated asset of a managed network is compromised by a third party. The one embodiment, the criticality rules table is updated based upon machine learning and/or feedback from an operator of the managed network. In another embodiment, the criticality rules table is used to assign one or more criticality scores to one or more assets based on one or more attributes of one or more assets, and the criticality rules table.

Abstract: Techniques, methods and/or apparatuses are disclosed that enable prediction of cyber risks of assets of networks. Through the disclosed techniques, a cyber risk prediction model, which may be a form of a machine learning model, may be trained to predict cyber risks. The cyber risk model may be provided to a cyber risk predictor two predict cyber risks of an asset, without the need to scan the asset at a very deep scan level.

Abstract: Techniques, methods and/or apparatuses are disclosed that enable detection of an operating system of a host. Through the disclosed techniques, an operating system detection model, which may be a form of a machine learning model, may be trained to detect operating system. The operating system detection model may be provided to an operating system detector to detect operating system of a host utilizing transport layer probes without the need to have credentialed access to the host.

Abstract: In an embodiment, a semantic model and a semantic model training method that obtains a textual description of one or more features associated with a first vulnerability that has been used in one or more attacks. Text is parsed from the first textual description in accordance with one or more rules. The system determines a first label for the first vulnerability that is associated with one or more of a plurality of stages of an attack chain taxonomy. The model is generated or refined to map the parsed text to the first label associated with the one or more stages of the attack chain taxonomy.

Abstract: The disclosure generally relates to a vulnerability management system configured to implement an asset-based identification algorithm to identify, update, and otherwise reconcile assets in a network according to various identification attributes that are ordered on a spectrum from authoritative to speculative based on an ability that each identification attribute has to accurately link a host to a given asset. The identification algorithm may further enable an elastic asset-based licensing approach, wherein each asset that is scanned in a current licensing period consumes a single license and licenses are reclaimed from any old assets that are not scanned in a current licensing period (i.e., the old assets do not count towards a total licensed asset count. Furthermore, asset counts may be allowed to temporarily exceed the total licensed asset count without requiring license upsells, with true-up payments only required if and/or when asset counts reflect general expansion of a customer network.

Abstract: Techniques, methods and/or apparatuses are disclosed that enable facilitation of remediation of one or more vulnerabilities detected in a web application. Through the disclosed techniques, methods and/or apparatuses, users will be able to navigate to respective web pages of the detected vulnerabilities and snap directly to the vulnerabilities within the webpages. This allows the users to immediately know the location of the vulnerability, and inline feedback can be provided on the issue, including description, severity, solution and plugin outputs.

Abstract: In an embodiment, a vulnerability scanner component determines one or more target software objects of a remote file system for a vulnerability scan, and performs, via a file system application programming interface (API), a file system decoding procedure based on information associated with the remote file system to determine a subset of disk blocks of the remote file system that comprise the one or more target software objects. The vulnerability scanner component transmits, to a remote device, a read request associated with the subset of disk blocks, and obtains, in response to the read request, the subset of disk blocks (e.g., rather than a full disk image). The vulnerability scanner component extracts the one or more target software objects from the subset of disk blocks, and performs the vulnerability scan on the extracted one or more target software objects.

Abstract: In an embodiment, a security auditing component obtains a solution set that is based upon a security audit of an enterprise network, the solution set characterizing a set of solutions associated with a set of security issues associated with one or more assets of the enterprise network, detects that the solution set can be condensed into a condensed solution set that mitigates the set of security issues to the same degree as the solution set, the detection being based at least in part upon (i) one or more rules applied to one or more solution texts and/or (ii) asset-specific metadata and/or (iii) static metadata, and condenses, based on the detecting, the solution set into the condensed solution set by combining two or more subsets of related solutions and/or filtering the solution set to remove one or more subsets of redundant or superseded solutions.

Abstract: System, device, and method of determining cyber-attack vectors and mitigating cyber-attacks.

Abstract: In an embodiment, an asset may utilize one or more scanning techniques to detect a first set of software components that is not being natively tracked by an operating system of the asset, the one or more scanning techniques comprising one or more of an evaluation of metadata associated with one or more running processes of the asset, and an evaluation of file system information that characterizes the first set of software components. The asset may further store an indication of the first set of software components detected in accordance with the one or more scanning techniques, and may optionally report the indication to an external entity (e.g., a vulnerability management system).

Abstract: In an embodiment, a threat score prediction model is generated for assigning a threat score to a software vulnerability. The threat score prediction model may factor one or more of (i) a degree to which the software vulnerability is described across a set of public media sources, (ii) a degree to which one or more exploits that have already been developed for the software vulnerability are described across one or more public exploit databases, (iii) information from one or more third party threat intelligence sources that characterizes one or more historic threat events associated with the software vulnerability, and/or (iv) information that characterizes at least one behavior of an enterprise network in association with the software vulnerability.

Abstract: In an embodiment, a management system obtains a criticality rules table that includes a plurality of rules mapped to corresponding criticality scores indicative of a level of risk in the event that an associated asset of a managed network is compromised by a third party. The one embodiment, the criticality rules table is updated based upon machine learning and/or feedback from an operator of the managed network. In another embodiment, the criticality rules table is used to assign one or more criticality scores to one or more assets based on one or more attributes of one or more assets, and the criticality rules table.

Abstract: The system and method described herein may leverage active network scanning and passive network monitoring to provide strategic anti-malware monitoring in a network. In particular, the system and method described herein may remotely connect to managed hosts in a network to compute hashes or other signatures associated with processes running thereon and suspicious files hosted thereon, wherein the hashes may communicated to a cloud database that aggregates all known virus or malware signatures that various anti-virus vendors have catalogued to detect malware infections without requiring the hosts to have a local or resident anti-virus agent. Furthermore, running processes and file system activity may be monitored in the network to further detect malware infections. Additionally, the network scanning and network monitoring may be used to detect hosts that may potentially be participating in an active botnet or hosting botnet content and audit anti-virus strategies deployed in the network.

Abstract: The disclosure generally relates to a vulnerability management system configured to implement an asset-based identification algorithm to identify, update, and otherwise reconcile assets in a network according to various identification attributes that are ordered on a spectrum from authoritative to speculative based on an ability that each identification attribute has to accurately link a host to a given asset. The identification algorithm may further enable an elastic asset-based licensing approach, wherein each asset that is scanned in a current licensing period consumes a single license and licenses are reclaimed from any old assets that are not scanned in a current licensing period (i.e., the old assets do not count towards a total licensed asset count. Furthermore, asset counts may be allowed to temporarily exceed the total licensed asset count without requiring license upsells, with true-up payments only required if and/or when asset counts reflect general expansion of a customer network.

Abstract: The system and method described herein may leverage active network scanning and passive network monitoring to provide strategic anti-malware monitoring in a network. In particular, the system and method described herein may remotely connect to managed hosts in a network to compute hashes or other signatures associated with processes running thereon and suspicious files hosted thereon, wherein the hashes may communicated to a cloud database that aggregates all known virus or malware signatures that various anti-virus vendors have catalogued to detect malware infections without requiring the hosts to have a local or resident anti-virus agent. Furthermore, running processes and file system activity may be monitored in the network to further detect malware infections. Additionally, the network scanning and network monitoring may be used to detect hosts that may potentially be participating in an active botnet or hosting botnet content and audit anti-virus strategies deployed in the network.

Abstract: The system and method described herein may leverage active network scanning and passive network monitoring to provide strategic anti-malware monitoring in a network. In particular, the system and method described herein may remotely connect to managed hosts in a network to compute hashes or other signatures associated with processes running thereon and suspicious files hosted thereon, wherein the hashes may communicated to a cloud database that aggregates all known virus or malware signatures that various anti-virus vendors have catalogued to detect malware infections without requiring the hosts to have a local or resident anti-virus agent. Furthermore, running processes and file system activity may be monitored in the network to further detect malware infections. Additionally, the network scanning and network monitoring may be used to detect hosts that may potentially be participating in an active botnet or hosting botnet content and audit anti-virus strategies deployed in the network.

Abstract: In some embodiments, a set of hashes that are associated with files of a user system, and a reference set of hashes that are associated with files of a reference system, may be obtained. An additional subset of hashes (included in the set of hashes and not included in the reference set of hashes) may be obtained based on a comparison between the set of hashes and the reference set of hashes. A file may be predicted to be exclusive for certain users or user systems, where the file is associated with a hash included in the additional subset of hashes. Other user systems may be scanned to determine what files are on the other user systems, where each of the other user systems is assigned to another user or is not one of the user systems. An alert indicating unauthorized activity may be generated based on the scan.

Abstract: The system and method described herein may leverage active network scanning and passive network monitoring to provide strategic anti-malware monitoring in a network. In particular, the system and method described herein may remotely connect to managed hosts in a network to compute hashes or other signatures associated with processes running thereon and suspicious files hosted thereon, wherein the hashes may communicated to a cloud database that aggregates all known virus or malware signatures that various anti-virus vendors have cataloged to detect malware infections without requiring the hosts to have a local or resident anti-virus agent. Furthermore, running processes and file system activity may be monitored in the network to further detect malware infections. Additionally, the network scanning and network monitoring may be used to detect hosts that may potentially be participating in an active botnet or hosting botnet content and audit anti-virus strategies deployed in the network.