Abstract: Techniques are disclosed relate to systems, methods, and non-transitory computer readable media for implementing a browser extension for cyber threat intelligence and response. One system to perform operations comprising: scanning, in a sandbox of a browser by a browser extension, at least part of a web page to produce a set of items of interests; transmitting the set of items of interests to a cloud-based enrichment and analysis of cybersecurity threat intelligence system to request information on the set of items; receiving a response from the cloud-based enrichment and analysis of cybersecurity threat intelligence system, the response including a scan result based on the transmitted set of items of interests, and the scan result including at least one of an indicator of compromise of the at least scanned part of the web page; and displaying the scan results including the at least one of an indicator of compromise.

Abstract: Systems, methods, and computer-readable storage devices are disclosed for improve cybersecurity intelligence by launching applications ahead of time. One method including: receiving, over a communications network, at least one threat model; determining whether a performance of an orchestrated response is triggered based on the at least one threat model, wherein the orchestrated response includes a plurality of applications to be executed in a predetermined sequence; and launching, when the performance of the orchestrated response is triggered, a first application and a second application of the plurality of applications of the orchestrated response, wherein the second application executes after execution of the first application has completed execution.

Abstract: Techniques are disclosed relate to systems, methods, and non-transitory computer readable media for implementing a browser extension for cyber threat intelligence and response. One system to perform operations comprising: receiving, in a sandbox of a browser by a browser extension, a selection of at least one particular indicator of compromise of the at least one of the indicator of compromise of at least scanned part of a web page; displaying one or more orchestrated responses; receiving a selection of at least one particular orchestrated response of the one or more orchestrated responses; transmitting the selected at least one particular orchestrated response to the cloud-based enrichment and analysis of cybersecurity threat intelligence system; receiving a response including a result of the at least one particular orchestrated response; and displaying the result of the at least one particular orchestrated response.

Abstract: Techniques are disclosed relate to systems, methods, and non-transitory computer readable media for improved cybersecurity intelligence using custom trigger events. One system may include a non-transitory memory configured to store at least threat model data; and one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising: receiving, over a communications network, the at least one custom trigger event for a threat model which identifies a cybersecurity threat; determining whether the cybersecurity threat triggers the performance of the orchestrated response based on the custom trigger event; and launching, when the cybersecurity threat triggers the performance of the orchestrated response, a first application and a second application of the plurality of applications of the orchestrated response.

Abstract: Techniques are disclosed relate to systems, methods, and non-transitory computer readable media for implementing a browser extension for cyber threat intelligence and response. One system to perform operations comprising: scanning, in a sandbox of a browser by a browser extension, at least part of a web page to produce a set of items of interests; transmitting the set of items of interests to a cloud-based enrichment and analysis of cybersecurity threat intelligence system to request information on the set of items; receiving a response from the cloud-based enrichment and analysis of cybersecurity threat intelligence system, the response including a scan result based on the transmitted set of items of interests, and the scan result including at least one of an indicator of compromise of the at least scanned part of the web page; and displaying the scan results including the at least one of an indicator of compromise.

Abstract: Techniques are disclosed relate to systems, methods, and non-transitory computer readable media for implementing a browser extension for cyber threat intelligence and response. One system to perform operations comprising: receiving, in a sandbox of a browser by a browser extension, a selection of at least one particular indicator of compromise of the at least one of the indicator of compromise of at least scanned part of a web page; displaying one or more orchestrated responses; receiving a selection of at least one particular orchestrated response of the one or more orchestrated responses; transmitting the selected at least one particular orchestrated response to the cloud-based enrichment and analysis of cybersecurity threat intelligence system; receiving a response including a result of the at least one particular orchestrated response; and displaying the result of the at least one particular orchestrated response.

Abstract: Techniques are disclosed relate to systems, methods, and non-transitory computer readable media for improved cybersecurity intelligence using custom trigger events. One system may include a non-transitory memory configured to store at least threat model data; and one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising: receiving, over a communications network, the at least one custom trigger event for a threat model which identifies a cybersecurity threat; determining whether the cybersecurity threat triggers the performance of the orchestrated response based on the custom trigger event; and launching, when the cybersecurity threat triggers the performance of the orchestrated response, a first application and a second application of the plurality of applications of the orchestrated response.

Abstract: Techniques are disclosed which can provide an orchestrated response to a cybersecurity threat. This orchestrated response may be based upon, at least in part, a reputation score. Threat model(s) may be received that identify cybersecurity threat(s). An indication of observations, false positives, and/or page views for the threat may be obtained. Data feeds may be received including known good data feeds, known bad data feeds, and enrichment data feeds. The data feeds may provide information about one or more indicators of compromise (IOC). For each IOC, a weighted criticality score may be determined. The weighted criticality score may be mapped to a corresponding point value. An aggregated score may be determined based upon at least the corresponding point value. A reputation score may be computed, and in some configurations, provided to a user.

Abstract: Systems, methods, and computer-readable storage devices are disclosed for improve cybersecurity intelligence by launching applications ahead of time. One method including: receiving, over a communications network, at least one threat model; determining whether a performance of an orchestrated response is triggered based on the at least one threat model, wherein the orchestrated response includes a plurality of applications to be executed in a predetermined sequence; and launching, when the performance of the orchestrated response is triggered, a first application and a second application of the plurality of applications of the orchestrated response, wherein the second application executes after execution of the first application has completed execution.

Abstract: Systems, methods, and computer-readable storage devices are disclosed for improve cybersecurity intelligence by launching applications ahead of time. One method including: receiving, over a communications network, at least one threat model; determining whether a performance of an orchestrated response is triggered based on the at least one threat model, wherein the orchestrated response includes a plurality of applications to be executed in a predetermined sequence; and launching, when the performance of the orchestrated response is triggered, a first application and a second application of the plurality of applications of the orchestrated response, wherein the second application executes after execution of the first application has completed execution.

Abstract: Techniques are disclosed which can provide an orchestrated response to a cybersecurity threat. This orchestrated response may be based upon, at least in part, a reputation score. Threat model(s) may be received that identify cybersecurity threat(s). An indication of observations, false positives, and/or page views for the threat may be obtained. Data feeds may be received including known good data feeds, known bad data feeds, and enrichment data feeds. The data feeds may provide information about one or more indicators of compromise (IOC). For each IOC, a weighted criticality score may be determined. The weighted criticality score may be mapped to a corresponding point value. An aggregated score may be determined based upon at least the corresponding point value. A reputation score may be computed, and in some configurations, provided to a user.

Abstract: Techniques are disclosed which can provide an orchestrated response to a cybersecurity threat. This orchestrated response may be based upon, at least in part, a reputation score. Threat model(s) may be received that identify cybersecurity threat(s). An indication of observations, false positives, and/or page views for the threat may be obtained. Data feeds may be received including known good data feeds, known bad data feeds, and enrichment data feeds. The data feeds may provide information about one or more indicators of compromise (IOC). For each IOC, a weighted criticality score may be determined. The weighted criticality score may be mapped to a corresponding point value. An aggregated score may be determined based upon at least the corresponding point value. A reputation score may be computed, and in some configurations, provided to a user.

Abstract: Systems, methods, and computer-readable storage devices are disclosed for improve cybersecurity intelligence by launching applications ahead of time. One method including: receiving, over a communications network, at least one threat model; determining whether a performance of an orchestrated response is triggered based on the at least one threat model, wherein the orchestrated response includes a plurality of applications to be executed in a predetermined sequence; and launching, when the performance of the orchestrated response is triggered, a first application and a second application of the plurality of applications of the orchestrated response, wherein the second application executes after execution of the first application has completed execution.

Abstract: In some embodiments, an apparatus includes a memory and a processor operatively coupled to the memory. The processor is configured to receive a set of domain name resolutions associated with a domain. Each domain name resolution from the set of domain name resolutions includes a mapping between a domain name and an Internet Protocol (IP) address. The processor is then configured to determine, based on the set of domain name resolutions, a set of resolution metrics associated with a first geolocation and a set of resolution metrics associated with a second geolocation. The processor is also configured to compare and identify a role of an adversary infrastructure at the first geolocation and a role of an adversary infrastructure at the second geolocation, and subsequently send a signal such that a remedy response associated with at least one of the set of IP addresses or the domain name is initiated.