Abstract: Disclosed herein are systems and method for detecting malicious activity on a web server. A method may include: retrieving a first backup and a second backup of a web server from a backup archive that stores a plurality of backups of the web server, wherein the first backup was generated at a first time and the second backup was generated at a second time; detecting at least one change between the first backup and the second backup; determining whether the at least one change is associated with malicious activity based on a plurality of security rules and a plurality of machine learning models and a severity of the malicious activity; and in response to determining that the severity is greater than a threshold severity, executing a rollback function of the web server to a backup that does not include the malicious activity.

Abstract: Disclosed herein are systems and method for reference-based detection of phishing webpages. In one aspect, a method includes inputting, for a webpage with a first domain, (1) textual data into a machine learning model (MLM) that outputs a first vector with probabilities of the textual data being associated with known brands, (2) HTML data into an MLM that outputs a second vector with probabilities of the HTML data being associated with the known brands, (3) at least one image into an MLM that outputs a third vector with probabilities of the at least one image being associated with the known brands. The model may input the first, second, and third vectors into an MLM that outputs a brand of the webpage. The method may block the webpage in response to determining that the first domain of the webpage does not match at least one domain corresponding to the brand.

Abstract: Systems and methods for simplified software backup. Generative artificial intelligence (AI) based on a large language model (LLM) is utilized to determine a backup restore operation for a backup request for a target system using a metadata tracked during a previous backup of the target system, and execute the backup restore operation to satisfy the backup request.

Abstract: Systems and methods for safeguarding the authenticity and integrity of a real-time video feed generated by a webcam. A video frame includes a sequence of frame images and key frames within the sequence. A method includes generating the video feed by the webcam at a first computing device, identifying a key frame [kf] in the video feed, digitally signing the key frame [kf] using a private key of a private key-public key pair, embedding the digitally signed key frame [kf] in the video feed, transmitting the video feed to second computing device, identifying the next key frame [kf+1] in the video feed, and determining a similarity value of the next key frame [kf+1] and the key frame [kf] to determine whether to digitally sign and embed the digitally signed key frame [kf+1] in the video feed.

Abstract: Systems and methods for mitigating potential security incidents. A system includes a data ingestion module, a graphical user interface (GUI), a generative AI model, an enrichment module, and a mitigation module. The generative AI model is pretrained on a large language model (LLM) using a dataset of known security incidents and the computer system's infrastructure, and analyses potential security incidents and generates incident overviews, leveraging its understanding of attack frameworks and previous incident data. The enrichment module incorporates user interactions, enhancing the incident overviews with accurate information. The mitigation module proposes mitigation actions based on the generative AI model's insights gained from prior incidents. The system enables natural language interaction through the GUI and provides graphical representations of the incidents.

Abstract: Systems and methods for generating synthetic test data for testing a software solution. Systems and methods include receiving a testing task from a user, identifying test properties of the testing task, gathering initial information based on the test properties of the testing task, forming a training dataset based on the initial information and the test properties, pretraining a generative AI model based on a large language model (LLM) using the training dataset, configuring synthetic test data based on the test properties, and generating synthetic test data according to the testing task using the generative AI model.

Abstract: Systems and methods for detecting malicious activity on an endpoint, the endpoint having executing processes, including tracking behavior of executing processes, generating a provenance graph to group the behavior events, transforming the provenance graph into a sequence of behavior events, training a sequence classification machine learning model based on the sequence of behavior events, processing a sequence of test behavior events using the sequence classification machine learning model to generate a probability of maliciousness, and alerting for malicious activity when the probability of maliciousness for the sequence of test behavior events is greater than a threshold.

Abstract: The present disclosure relates to a system and method of automatically updating the set of security controls in the production environment using AI based on historical data generated in the test management system TMS during the system's testing in the testing environment including information about its elements, their properties, testing environment, its characteristics, and security controls with their settings. Once the AI has sufficient historical data from a testing environment, every time a change is detected to the system in the production environment, its elements, their properties, or at least one characteristic of the production environment, the AI system makes a recommendation to update the set of security controls in the production environment.

Abstract: Systems and methods for detecting a phishing attack in an email message. The method includes intercepting and evaluating an email, and generating a reputation score based on the evaluation of the email message. If the malicious component is detected, the email is blocked, if not, a trust score is generated. A determination is made whether the email is generated by AI, based on LLM. A certainty score is generated which is indicative of intentions and context of the email message being malicious. When the certainty score is higher than a threshold, a combined score by combining the reputation score, the trust score, and the certainty score. When the combined reputation score is higher than a threshold, the email is blocked, and if lower, a summary is generated by a summary AI engine. Based on a comparison with known malware summaries, the email is flagged or blocked.

Abstract: Systems and methods for the protection of information systems utilize business impact analysis (BIA) data to assess the risk of security mitigation operations. A detected security incident is enriched using BIA data. A proposed mitigation action and a risk of implementing the proposed mitigation action are determined using the enriched data so that an administrator user can understand the impact or risk to the business for the proposed mitigation action.

Abstract: Systems and methods for simplified software backup. Generative artificial intelligence (AI) based on a large language model (LLM) is utilized to determine a backup restore operation for a backup request for a target system using a metadata tracked during a previous backup of the target system, and execute the backup restore operation to satisfy the backup request.

Abstract: Systems and methods for verifying a production system automatically by testing a backup copy of the production system. The system comprises a backup transporter configured to copy or move a set of backup files from the backup generated of the production system and replicate the set of files on a testing computer, a mounting module configured to instantiate a copy of the production system on the testing computer, and a testing module configured to apply a set of automatic pre-defined tests to the application on the testing computer to analyze the application for vulnerabilities and defects, and generate a list of results of execution of each of the pre-defined tests on the testing computer, the list of results indicative of the vulnerabilities and defects.

Abstract: Systems and methods for verifying a production system automatically by testing a mirror copy of the production system on a testing computer. The system includes a mirror update transporter to deliver a mirror update from the production system to the mirror system, a mounting module to apply the mirror update to the mirror system, a testing computer on which the mirror system is running, a testing module to automatically execute a set of tests on the mirror system, and a communication module to communicate the results of the tests.

Abstract: Disclosed herein are systems and methods for detecting anomalous behavior (e.g., attacks) in devices within a network. In an exemplary aspect, a method includes intercepting a first plurality of packets being transmitted in a network with a plurality of devices; identifying, from the first plurality of packets, a subset of packets corresponding to a device of the network; extracting a plurality of deterministic features from the subset of packets; calculating, based on the subset of packets, a risk score associated with the device based on a deviation of the features from a deterministic profile of the device, a first probability of the subset of packets exhibiting anomalous behavior based on a per-device model, and a second probability of the plurality of packets exhibiting anomalous behavior based on a network model; classifying anomalies into attack categories, and executing a remediation action to resolve anomalous behavior in the device.

Abstract: Disclosed herein are systems and method for detecting usage anomalies based on environmental sensor data. A method may include: receiving a physical user input at a computing device located in an environment; determining whether the physical user input was received from an authorized user of the computing device by: retrieving environmental sensor data from at least one sensor located in the environment; identifying a window of time during which the physical user input was received; and verifying a presence of the authorized user at the environment during the window of time based on the environmental sensor data; and in response to determining that the authorized user was not present in the environment during the window of time, detecting a usage anomaly and not executing the physical user input.

Abstract: Disclosed herein are systems and methods for selecting files for malware analysis. In one aspect, a method may include identifying, in a cloud network, a backup of a client machine; extracting, from the backup, at least one file of a given file type; determining whether to include the at least one file in a sandbox of the cloud network by performing a static analysis of the at least one file; selecting the at least one file for inclusion in the sandbox based on the static analysis; monitoring, for a period of time, a behavior of the at least one file in the sandbox by performing a dynamic analysis of the at least one file; and in response to determining that the at least one file is malicious based on the dynamic analysis, performing a remediation action on the at least one file.

Abstract: The present disclosure relates to a system and method of automatically updating change test scenarios based on historical data about the system under test (SUT), its elements, their properties, testing environment, its characteristics and testing steps with their settings using AI. Once the AI has enough historical data, every time a change is made to the SUT, its elements, their properties, or at least one characteristic of the testing environment, the AI system makes a recommendation to update at least one setting of at least one test step in testing scenario.

Abstract: The present disclosure relates to a system and method of automatically updating the set of security controls in the production environment using AI based on historical data generated in the test management system TMS during the system's testing in the testing environment including information about its elements, their properties, testing environment, its characteristics, and security controls with their settings. Once the AI has sufficient historical data from a testing environment, every time a change is detected to the system in the production environment, its elements, their properties, or at least one characteristic of the production environment, the AI system makes a recommendation to update the set of security controls in the production environment.

Abstract: Disclosed herein are systems and method for performing failover during a cyberattack. In one exemplary aspect, a method comprises monitoring a computing device for the cyberattack and detecting that the cyberattack is in progress. While the cyberattack is in progress, the method comprises identifying a failover device that corresponds to the computing device, hardening the failover device to prevent the cyberattack from affecting the failover device, and performing failover by switching from the computing device to the failover device.

Abstract: Disclosed herein are systems and method for adjusting data protection levels based on system metadata. A method may include monitoring a computing device for a cyberattack, wherein a kernel driver of the computing device is configured to allow access to kernel control paths and hash tables in accordance with a first protection level, and detecting that the cyberattack is in progress. While the cyberattack is in progress, the method may include identifying kernel control paths and hashes of software objects that will be affected by the cyberattack, and configuring the kernel driver to disable access to the identified kernel control paths and hashes of the software objects in accordance with a second protection level, wherein the second protection level includes greater access restrictions to the computing device than the first protection level.