Abstract: In an aspect, a machine-learning (ML)-based classifier or regressor associated with a respective cloud resource class by is trained inputting information samples and resource criticality scores for the respective cloud resource class as training data. In a further aspect, the ML-based classifier or regressor is further utilized to assign a resource criticality score to a particular cloud resource in the respective cloud resource class.

Abstract: In an embodiment, a software object development system generates a pre-release version of a machine image of a software object, and transmits information associated with the pre-release version of the software object to a vulnerability management system. The vulnerability management system performs a vulnerability scan for known vulnerabilities(s) on the information associated with the pre-release version of the machine image of the software object. The vulnerability management system determines scan result(s) based on the vulnerability scan, and transmits, to the software object development system, a report comprising the scan result(s).

Abstract: In an embodiment, a component of a web application scanner for scanning of a web application obtains a set of user credentials during a scan configuration session, the set of user credentials associated with a plurality of authentication types, and generates a first configuration associated with a first authentication type of the plurality of authentication types based on the set of user credentials. The component performs a first attempt to authenticate the web application scanner with the web application based on the first configuration. The component automatically and selectively performs a second attempt to authenticate the web application scanner using the set of credentials via a different authentication type based on whether the first attempt is verified as successful.

Abstract: Techniques, methods and/or apparatuses are disclosed that enable prioritization of vulnerabilities in different applications or the same application on different assets. A risk assessment component collects information related to the use environment, activity, functions, and configuration of a device and each of its applications. This collected information is analyzed to prioritize vulnerabilities that may be common across applications but have different levels of risk of exploitation based on their environment, activity, functions, or configuration. The risk of exploitation of a vulnerability is calculated for each asset, for each application, and each application on an asset.

Abstract: In an aspect, a component generates a domain-specific language (DSL) query comprising an ordered set of data source-specific queries that comprises a set of chained data source-specific queries. The set of chained data source-specific queries comprises a first data source-specific query and a second data source-specific query that is configured to be executed after the first data source-specific query, with the second data source-specific query being chained to the first data source-specific query via a first field of the second data source-specific query that is linked to a first intermediate result of the first data source-specific query. The component executes the DSL query to derive a set of results comprising: a DSL query result associated with the set of chained data source-specific queries, and a set of intermediate results associated with the set of chained data source-specific queries. The component reports information associated with the set of results.

Abstract: Techniques, methods and/or apparatuses are disclosed that enable prediction of cyber risks of assets of networks. Through the disclosed techniques, a cyber risk prediction model, which may be a form of a machine learning model, may be trained to predict cyber risks. The cyber risk model may be provided to a cyber risk predictor two predict cyber risks of an asset, without the need to scan the asset at a very deep scan level.

Abstract: In an embodiment, a management system obtains a criticality rules table that includes a plurality of rules mapped to corresponding criticality scores indicative of a level of risk in the event that an associated asset of a managed network is compromised by a third party. The one embodiment, the criticality rules table is updated based upon machine learning and/or feedback from an operator of the managed network. In another embodiment, the criticality rules table is used to assign one or more criticality scores to one or more assets based on one or more attributes of one or more assets, and the criticality rules table.

Abstract: Techniques, methods and/or apparatuses that enable generation of vulnerability vectors of newly identified vulnerabilities (e.g., Common Vulnerability Exposures (CVEs)). Based on the textual description of the vulnerability, vulnerability vectors are generated. The generated vulnerability vectors may represent a prediction of how a third-party vulnerability scorer (e.g., United State National Vulnerability Database (US NVD)) would score the identified vulnerability.

Abstract: In an embodiment, a vulnerability scanner component determines one or more target software objects of a remote file system for a vulnerability scan, and performs, via a file system application programming interface (API), a file system decoding procedure based on information associated with the remote file system to determine a subset of disk blocks of the remote file system that comprise the one or more target software objects. The vulnerability scanner component transmits, to a remote device, a read request associated with the subset of disk blocks, and obtains, in response to the read request, the subset of disk blocks (e.g., rather than a full disk image). The vulnerability scanner component extracts the one or more target software objects from the subset of disk blocks, and performs the vulnerability scan on the extracted one or more target software objects.

Abstract: A system and method are disclosed for automatic management of a capture-the-flag competition and the visual display of the scoring thereof. The system includes a team-specific virtual control system with flags distributed throughout it, a scoring component for receiving the flags and tracking the score for the teams of the competition, and a physical model for visually displaying the completed challenges of the competition on the physical model. The physical model may rotate through display states that each depict the completed challenges for a particular team.

Abstract: In an embodiment, a threat score prediction model is generated for assigning a threat score to a software vulnerability. The threat score prediction model may factor one or more of (i) a degree to which the software vulnerability is described across a set of public media sources, (ii) a degree to which one or more exploits that have already been developed for the software vulnerability are described across one or more public exploit databases, (iii) information from one or more third party threat intelligence sources that characterizes one or more historic threat events associated with the software vulnerability, and/or (iv) information that characterizes at least one behavior of an enterprise network in association with the software vulnerability.

Abstract: Techniques, methods and/or apparatuses are disclosed that enable of cyber risks on assets of networks to be evaluated in presence of security controls on the assets. In this way, effect of security controls already in place may be quantified. A novel scoring technique is presented. Also, use of causal inference is in the context of security risk assessment is described.

Abstract: Techniques, methods and/or apparatuses are disclosed that enable passive scanning of a network. Through the disclosed techniques, methods and/or apparatuses, endpoint passive scanners are deployed at endpoints of the network to provide more comprehensive view of assets and asset information of the network. Also, this can enable better correlation of network data to location, and also enable improved vulnerability analysis for endpoint products.

Abstract: In an embodiment, a management system obtains a criticality rules table that includes a plurality of rules mapped to corresponding criticality scores indicative of a level of risk in the event that an associated asset of a managed network is compromised by a third party. The one embodiment, the criticality rules table is updated based upon machine learning and/or feedback from an operator of the managed network. In another embodiment, the criticality rules table is used to assign one or more criticality scores to one or more assets based on one or more attributes of one or more assets, and the criticality rules table.

Abstract: Techniques, methods and/or apparatuses are disclosed that enable prediction of cyber risks of assets of networks. Through the disclosed techniques, a cyber risk prediction model, which may be a form of a machine learning model, may be trained to predict cyber risks. The cyber risk model may be provided to a cyber risk predictor two predict cyber risks of an asset, without the need to scan the asset at a very deep scan level.

Abstract: Techniques, methods and/or apparatuses are disclosed that enable detection of an operating system of a host. Through the disclosed techniques, an operating system detection model, which may be a form of a machine learning model, may be trained to detect operating system. The operating system detection model may be provided to an operating system detector to detect operating system of a host utilizing transport layer probes without the need to have credentialed access to the host.

Abstract: In an embodiment, a semantic model and a semantic model training method that obtains a textual description of one or more features associated with a first vulnerability that has been used in one or more attacks. Text is parsed from the first textual description in accordance with one or more rules. The system determines a first label for the first vulnerability that is associated with one or more of a plurality of stages of an attack chain taxonomy. The model is generated or refined to map the parsed text to the first label associated with the one or more stages of the attack chain taxonomy.

Abstract: The disclosure generally relates to a vulnerability management system configured to implement an asset-based identification algorithm to identify, update, and otherwise reconcile assets in a network according to various identification attributes that are ordered on a spectrum from authoritative to speculative based on an ability that each identification attribute has to accurately link a host to a given asset. The identification algorithm may further enable an elastic asset-based licensing approach, wherein each asset that is scanned in a current licensing period consumes a single license and licenses are reclaimed from any old assets that are not scanned in a current licensing period (i.e., the old assets do not count towards a total licensed asset count. Furthermore, asset counts may be allowed to temporarily exceed the total licensed asset count without requiring license upsells, with true-up payments only required if and/or when asset counts reflect general expansion of a customer network.

Abstract: Techniques, methods and/or apparatuses are disclosed that enable facilitation of remediation of one or more vulnerabilities detected in a web application. Through the disclosed techniques, methods and/or apparatuses, users will be able to navigate to respective web pages of the detected vulnerabilities and snap directly to the vulnerabilities within the webpages. This allows the users to immediately know the location of the vulnerability, and inline feedback can be provided on the issue, including description, severity, solution and plugin outputs.

Abstract: In an embodiment, a vulnerability scanner component determines one or more target software objects of a remote file system for a vulnerability scan, and performs, via a file system application programming interface (API), a file system decoding procedure based on information associated with the remote file system to determine a subset of disk blocks of the remote file system that comprise the one or more target software objects. The vulnerability scanner component transmits, to a remote device, a read request associated with the subset of disk blocks, and obtains, in response to the read request, the subset of disk blocks (e.g., rather than a full disk image). The vulnerability scanner component extracts the one or more target software objects from the subset of disk blocks, and performs the vulnerability scan on the extracted one or more target software objects.