Abstract: The present invention relates to a method for verifying vulnerabilities of network device using CVE entries comprising generating a CVE tree from each of the CVE entry, defining an indexed CVE entry, wherein the generating comprises identifying the vulnerable configuration fields and extracting, for each of the vulnerable configuration field, the set of vulnerable conditions comprising the operator attribute and the nested CPE records, wherein the CVE tree is provided with the operator attribute as node and with the CPE records as leaves from the node, wherein the decoding comprises tokenizing of the decoded string in a sequence of plurality of n-grams having predefined sizes, and wherein the matching comprises a lookup of the sequence of plurality of n-grams into the CVE tree, raising an alert if, when the operator attribute corresponds to OR, a match between at least one of the CPE records is found and raising an alert if, when the operator attribute corresponds to AND, a match between all of the CPE record

Abstract: The present invention relates to a method and an apparatus for detecting anomalies of a DNS traffic in a network comprising analysing, through a network analyser connected to said network, each data packets exchanged in the network, isolating, through the network analyser, from each of the analysed data packets the related DNS packet, evaluating, through a computerized data processing unit, each of the DNS packets generating a DNS packet status, signaling, through the computerized data processing unit, an anomaly of the DNS traffic when the DNS packet status defines a critical state, wherein the evaluating further comprises assessing, through the computerized data processing unit, each of the DNS packet by a plurality of evaluating algorithms generating a DNS packet classification for each of the evaluating algorithms, aggregating, through the computerized data processing unit, the DNS packet classifications generating the DNS packet status, and wherein the critical state is identified when the DNS packet sta

Abstract: The present invention relates to a method for assessing the quality of network-related Indicators of Compromise comprising the phase of calculating, by a computerized data processing unit, a quality score for Indicators of Compromise of the IP Address type, the steps of assigning an autonomous system score of the IP Address according to a predefined range of values based on a database of autonomous system owners, assigning a subnet score of said IP Address according to a predefined range of values based on a database of subnet owners, assigning a services hosted score of the IP Address according to a predefined range of values based on known malicious services hosted by the IP Address before the phase of calculating the quality score, calculating the IP Address quality score as sum of the autonomous system score, subnet score and services hosted score and wherein the method comprises a phase of evaluating the calculated quality score comprises, for each of the Indicators of Compromise of the IP Address type,

Abstract: The present invention relates to a method for forecasting health status of a distributed network by an artificial neural network comprising the phase of identifying one or more sites, one or more assets of the sides and the links between the identified assets in said distributed network, comprising the phase of evaluating the actual health status of each of the identified assets, the phase of evaluating the actual health status of each of said identified sites and the phase of forecasting, by the artificial neural network, the subsequent health status of each of the identified sites according to a forecasting function based on a set of values comprising the actual asset health status rank, the actual asset infection risk, the actual asset infection factor, the actual site health status rank and the actual site infection risk.

Abstract: The present invention relates to a method for detecting anomalies in an infrastructure comprising the step of analyzing each of the data packets (PD) exchanged in the telecommunication system; identifying for each of the analysed data packets (PD) all the network protocols used and at least one field of each of the protocols; generating a virtual representation of the infrastructure (1) for each of the exchanged data packets (PD) and on the basis of the identified protocols and fields; storing the virtual representation generated for each of the exchanged data packets (PD); comparing the virtual representation stored with at least one comparison element, identifying at least one critical state of the infrastructure from the differences and/or similarities between the stored virtual representation and the comparison elements; signaling, by means of the computerized data processing means, an anomaly of the infrastructure when at least one of the critical states is identified in the virtual representation.

Abstract: The present invention relates to a method for detecting anomalies in an infrastructure comprising the step of analyzing each of the data packets (PD) exchanged in the telecommunication system; identifying for each of the analysed data packets (PD) all the network protocols used and at least one field of each of the protocols; generating a virtual representation of the infrastructure (1) for each of the exchanged data packets (PD) and on the basis of the identified protocols and fields; storing the virtual representation generated for each of the exchanged data packets (PD); comparing the virtual representation stored with at least one comparison element, identifying at least one critical state of the infrastructure from the differences and/or similarities between the stored virtual representation and the comparison elements; signaling, by means of the computerized data processing means, an anomaly of the infrastructure when at least one of the critical states is identified in the virtual representation.