Abstract: A method and system for modeling and processing vehicular traffic data and information, comprising: (a) transforming a spatial representation of a road network into a network of spatially interdependent and interrelated oriented road sections, for forming an oriented road section network; (b) acquiring a variety of the vehicular traffic data and information associated with the oriented road section network, from a variety of sources; (c) prioritizing, filtering, and controlling, the vehicular traffic data and information acquired from each of the variety of sources; (d) calculating a mean normalized travel time (NTT) value for each oriented road section of said oriented road section network using the prioritized, filtered, and controlled, vehicular traffic data and information associated with each source, for forming a partial current vehicular traffic situation picture associated with each source; (e) fusing the partial current traffic situation picture associated with each source, for generating a single co

Abstract: A method and system for modeling and processing vehicular traffic data and information, comprising: (a) transforming a spatial representation of a road network into a network of spatially interdependent and interrelated oriented road sections, for forming an oriented road section network; (b) acquiring a variety of the vehicular traffic data and information associated with the oriented road section network, from a variety of sources; (c) prioritizing, filtering, and controlling, the vehicular traffic data and information acquired from each of the variety of sources; (d) calculating a mean normalized travel time (NTT) value for each oriented road section of said oriented road section network using the prioritized, filtered, and controlled, vehicular traffic data and information associated with each source, for forming a partial current vehicular traffic situation picture associated with each source; (e) fusing the partial current traffic situation picture associated with each source, for generating a single co

Abstract: A method for simulation aided security event management, the method comprises: generating attack simulation information that comprises multiple simulation data items of at least one data item type out of vulnerability instances data items, attack step data items and attack simulation scope data items; wherein the generating of attack simulation information is responsive to a network model, at least one attack starting point and attack action information; identifying security events in response to a correlation between simulation data items and event data; and prioritizing identified security events.

Abstract: Log based analysis systems and methods for protecting computers and networks from malicious communications and malware attacks by analyzing log data obtained from client networks having network entities representing business units or customers. The system may further comprise a plurality of client asset machines, each operable to execute a security product associated with a security product vendor and log associated information of the network entities into at least one log file. The log files may be uploaded onto a log-analytics detection platform for analysis using learning algorithms operable to generate a risk factor attribute for at least one entity.

Abstract: A method and system for modeling and processing vehicular traffic data and information, comprising: (a) transforming a spatial representation of a road network into a network of spatially interdependent and interrelated oriented road sections, for forming an oriented road section network; (b) acquiring a variety of the vehicular traffic data and information associated with the oriented road section network, from a variety of sources; (c) prioritizing, filtering, and controlling, the vehicular traffic data and information acquired from each of the variety of sources; (d) calculating a mean normalized travel time (NTT) value for each oriented road section of said oriented road section network using the prioritized, filtered, and controlled, vehicular traffic data and information associated with each source, for forming a partial current vehicular traffic situation picture associated with each source; (e) fusing the partial current traffic situation picture associated with each source, for generating a single co

Abstract: A crowdsourcing log analysis system and methods for protecting computers and networks from malware attacks by analyzing data log information obtained from a plurality of client network. The client networks are associated with a set of network entities representing a plurality of business units or customers. The system may further comprise a plurality of server machines, each operable to execute a security product associated with a security product vendor and log associated information of at the network entities into at least one log file. The log files may be uploaded onto a breach detection platform for analysis based upon crowdsourcing principles and is operable to generate a risk factor attribute for at least one suspect entity.

Abstract: A method for evaluating a deployment of a network access change request, the method includes: (a) formatting a network access change request to provide a formatted network access change request; wherein the formatted network access change request includes multiple formatted request items; wherein the multiple formatted request items includes a requested access type, an address of an access source, an address of an access destination; (b) determining multiple relationships between the multiple formatted request items and corresponding items of at least one entity out of a network model and a current network policy; and (c) responding to the network access change request in response to the multiple determined relationships.

Abstract: A method, system and computer program product for evaluating an IDP entity, the method includes evaluating an effect of at least one IDP rule applied by the IDP entity on legitimate traffic, based upon a network model; evaluating an effect of at least one IDP rule applied by the IDP entity based upon a network model and an attack model; determining an effectiveness of the IDP entity in response to the evaluated effects.

Abstract: A method and system for modeling and processing vehicular traffic data and information, comprising: (a) transforming a spatial representation of a road network into a network of spatially interdependent and interrelated oriented road sections, for forming an oriented road section network; (b) acquiring a variety of the vehicular traffic data and information associated with the oriented road section network, from a variety of sources; (c) prioritizing, filtering, and controlling, the vehicular traffic data and information acquired from each of the variety of sources; (d) calculating a mean normalized travel time (NTT) value for each oriented road section of said oriented road section network using the prioritized, filtered, and controlled, vehicular traffic data and information associated with each source, for forming a partial current vehicular traffic situation picture associated with each source; (e) fusing the partial current traffic situation picture associated with each source, for generating a single co

Abstract: A method for evaluating a deployment of a network access change request, the method includes: (a) formatting a network access change request to provide a formatted network access change request; wherein the formatted network access change request includes multiple formatted request items; wherein the multiple formatted request items includes a requested access type, an address of an access source, an address of an access destination; (b) determining multiple relationships between the multiple formatted request items and corresponding items of at least one entity out of a network model and a current network policy; and (c) responding to the network access change request in response to the multiple determined relationships.

Abstract: A method for evaluating a deployment of a network access change request, the method includes: (a) formatting a network access change request to provide a formatted network access change request; wherein the formatted network access change request includes multiple formatted request items; wherein the multiple formatted request items includes a requested access type, an address of an access source, an address of an access destination; (b) determining multiple relationships between the multiple formatted request items and corresponding items of at least one entity out of a network model and a current network policy; and (c) responding to the network access change request in response to the multiple determined relationships.

Abstract: A method for simulation aided security event management, the method comprises: generating attack simulation information that comprises multiple simulation data items of at least one data item type out of vulnerability instances data items, attack step data items and attack simulation scope data items; wherein the generating of attack simulation information is responsive to a network model, at least one attack starting point and attack action information; identifying security events in response to a correlation between simulation data items and event data; and prioritizing identified security events.

Abstract: A method for simulation aided security event management, the method includes: generating attack simulation information that comprises multiple simulation data items of at least one data item type out of vulnerability instances data items, attack step data items and attack simulation scope data items; wherein the generating of attack simulation information is responsive to a network model, at least one attack starting point and attack action information; identifying security events in response to a correlation between simulation data items and event data; and prioritizing identified security events.

Abstract: A method, system and computer program product for evaluating an IDP entity, the method includes evaluating an effect of at least one IDP rule applied by the IDP entity on legitimate traffic, based upon a network model; evaluating an effect of at least one IDP rule applied by the IDP entity based upon a network model and an attack model; determining an effectiveness of the IDP entity in response to the evaluated effects.

Abstract: A method for evaluating potential attacks of worms, the method includes: associating, in response to information representative of a network and of worm entities, between worm entities and potential worm sources to provide associated worm sources; determining potential worm attacks that start from the associated worm sources; and evaluating at least one potential worm attack security metric associated with the potential worm attacks.

Abstract: A method for evaluating access rules violations, the method includes: receiving, a model of a computer network; and determining security metrics associated with a violation of an access rule in response to: the model of the computer network, multiple network nodes of the computer network accessible according to at least one violated access rule or according to the network model, at least one vulnerability associated with the multiple network nodes, and damage associated with an exploitation of the at least one vulnerability.

Abstract: A method, system and computer program product for evaluating an IDP entity, the method includes evaluating an effect of at least one IDP rule applied by the IDP entity on legitimate traffic, based upon a network model; evaluating an effect of at least one IDP rule applied by the IDP entity based upon a network model and an attack model; determining an effectiveness of the IDP entity in response to the evaluated effects.

Abstract: A method for evaluating potential attacks of worms, the method includes: associating, in response to information representative of a network and of worm entities, between worm entities and potential worm sources to provide associated worm sources; determining potential worm attacks that start from the associated worm sources; and evaluating at least one potential worm attack security metric associated with the potential worm attacks.

Abstract: A method, system and computer program product for evaluating an IDP entity, the method includes evaluating an effect of at least one IDP rule applied by the IDP entity on legitimate traffic, based upon a network model; evaluating an effect of at least one IDP rule applied by the IDP entity based upon a network model and an attack model; determining an effectiveness of the IDP entity in response to the evaluated effects.

Abstract: A method and system for modeling and processing vehicular traffic data and information, comprising: (a) transforming a spatial representation of a road network into a network of spatially interdependent and interrelated oriented road sections, for forming an oriented road section network; (b) acquiring a variety of the vehicular traffic data and information associated with the oriented road section network, from a variety of sources; (c) prioritizing, filtering, and controlling, the vehicular traffic data and information acquired from each of the variety of sources; (d) calculating a mean normalized travel time (NTT) value for each oriented road section of said oriented road section network using the prioritized, filtered, and controlled, vehicular traffic data and information associated with each source, for forming a partial current vehicular traffic situation picture associated with each source; (e) fusing the partial current traffic situation picture associated with each source, for generating a single co