Abstract: One or more systems, devices, computer program products and/or computer-implemented methods provided herein relate to prioritization of attack techniques and cyber security events. According to an embodiment, an attack prioritization engine can receive security events, train an artificial intelligence model to rank respective cyber security events as a function of risk, and output a prioritization of security events to address. A mapping component can map asset vulnerabilities to attack techniques. A calculation component can calculate and aggregate scores for respective attack techniques. An attack surface component can extract features from the aggregation of scores to rank attack techniques and determine an attack surface. The mapping component can further map security events to the attack techniques.

Abstract: Systems, computer-implemented methods, and computer program products that facilitate vulnerability and attack technique association are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a map component that defines mappings between vulnerability data representing a vulnerability of a computing resource and attack data representing at least one attack technique. The computer executable components can further comprise an estimation component that analyzes the mappings to estimate a probability that the vulnerability will be exploited to attack the computing resource.

Abstract: Systems and techniques that facilitate compliance enforcement via service discovery analytics are provided. In various embodiments, a system can comprise a receiver component that can access one or more declarative deployment manifests associated with a computing application. In various instances, the system can comprise a dependency component that can build a dependency topology based on the one or more declarative deployment manifests. In various cases, the dependency topology can indicate dependencies among one or more computing objects that are declared by the one or more declarative deployment manifests. In various aspects, the system can comprise a compliance component that can determine, based on the dependency topology, whether the computing application satisfies one or more compliance standards.

Abstract: An apparatus, a method, and a computer program product are provided that combine policy compliance with vulnerability management to provide a more accurate risk assessment of an environment. The method includes training a policy machine learning model using a first training dataset to generate a policy machine learning model to produce mitigation technique classifications and training a vulnerability machine learning model using a second training dataset to generate a vulnerability machine learning model to produce weakness type classifications. The method also includes mapping the mitigation technique classifications to attack techniques to produce a policy mapping and mapping the weakness type classifications to the attack techniques to produce a vulnerability mapping. The method further includes producing a risk assessment of a vulnerability based on the policy mapping and the vulnerability mapping.

Abstract: Techniques for managing and processing of configuration changes associated with a service container associated with a service mesh are presented. An application management component can determine immutable configuration data (ICD) relating to configuration change processing for the service container based on policies received from an application owner. A message processing component (MMC) of a service proxy associated with the service container can receive, via a control plane, a message associated with an untrusted entity. MMC can determine whether the message comprises a configuration change request relating to interaction between the application and the service mesh, and, if so, can determine whether to allow the service proxy to process the configuration change based on analysis of the configuration change and ICD. If ICD indicates the configuration change is not allowed, service proxy can discard the request.

Abstract: Users of an endpoint remediation system can be assigned to different roles, from which they can request exceptions, approve exceptions, and/or enable remediation on endpoint devices. The compliance scanning and enforcing process can be automated, while allowing entities to request and/or approve certain exceptions. Therefore, security compliance for customers can be actively managed to provide visibility to the endpoint device compliance state at any time.

Abstract: Computer implemented reconstruction of compliance mapping due to an update in a regulation in the compliance mapping by a computing device includes comparing a first version of a regulation in the compliance mapping to a second, updated version of the first regulation. A change in the second version with respect to the first version is identified. The change may be an added control description, a deleted control description, or an updated control description. Upon determining that the change is an updated control description, the updated control description is analyzed to determine a type of update. The mapping of the regulation is reconstructed based on the change and, if the change is an updated control description, the type of update, using at least one of natural language processing and/or machine learning. The risk of the reconstructed mapping is assessed, and a service owner is notified about the risk of the changes.

Abstract: Users of an endpoint remediation system can be assigned to different roles, from which they can request exceptions, approve exceptions, and/or enable remediation on endpoint devices. The compliance scanning and enforcing process can be automated, while allowing entities to request and/or approve certain exceptions. Therefore, security compliance for customers can be actively managed to provide visibility to the endpoint device compliance state at any time.

Abstract: Techniques facilitating maintenance of tribal knowledge for accelerated compliance control deployment are provided. In one example, a system includes a memory that stores computer executable components and a processor that executes computer executable components stored in the memory, wherein the computer executable components include a knowledge base generation component that generates a knowledge graph corresponding to respective commitments created via tribal exchanges, the knowledge graph comprising a semantic level and an operational level; a semantic graph population component that populates the semantic level of the knowledge graph based on identified parties to the respective commitments; and an operational graph population component that populates the operational level of the knowledge graph based on tracked status changes associated with the respective commitments.

Abstract: A vulnerability management method includes analyzing a system environment to uncover one or more vulnerabilities. The method includes subsequently identifying one or more system weaknesses corresponding to the one or more uncovered vulnerabilities and analyzing a set of historical data to identify similar past vulnerabilities. The method further includes analyzing available information to extract one or more impacts of the identified similar past vulnerabilities and determining one or more impacts to the present system environment that would correspond to the extracted one or more impacts of the identified similar past vulnerabilities. The method additionally includes recommending one or more actions to remediate the uncovered vulnerabilities.

Abstract: Users of an endpoint remediation system can be assigned to different roles, from which they can request exceptions, approve exceptions, and/or enable remediation on endpoint devices. The compliance scanning and enforcing process can be automated, while allowing entities to request and/or approve certain exceptions. Therefore, security compliance for customers can be actively managed to provide visibility to the endpoint device compliance state at any time.

Abstract: Systems and techniques that facilitate compliance enforcement via service discovery analytics are provided. In various embodiments, a system can comprise a receiver component that can access one or more declarative deployment manifests associated with a computing application. In various instances, the system can comprise a dependency component that can build a dependency topology based on the one or more declarative deployment manifests. In various cases, the dependency topology can indicate dependencies among one or more computing objects that are declared by the one or more declarative deployment manifests. In various aspects, the system can comprise a compliance component that can determine, based on the dependency topology, whether the computing application satisfies one or more compliance standards.

Abstract: Systems, computer-implemented methods, and computer program products that can facilitate compliance process risk assessment are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a metric assignment component that assigns one or more risk assessment metrics based on vulnerability data of a compliance process. The computer executable components can further comprise a risk assignment component that assigns a risk score of the compliance process based on the one or more risk assessment metrics.

Abstract: Systems, computer-implemented methods, and computer program products that facilitate vulnerability and attack technique association are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a map component that defines mappings between vulnerability data representing a vulnerability of a computing resource and attack data representing at least one attack technique. The computer executable components can further comprise an estimation component that analyzes the mappings to estimate a probability that the vulnerability will be exploited to attack the computing resource.

Abstract: Using a first key, an encrypted file fingerprint is decrypted, the decrypting resulting in a decrypted file fingerprint. Using a hash function on a script file, a script file fingerprint is computed, the script file intended to be executed by an interpreter. Responsive to the script file fingerprint matching the decrypted file fingerprint, the script file is executed.

Abstract: Streamlining compliance reporting and remediation through clustering compliance deviations by receiving inspection scan compliance deviation report data, analyzing the inspection scan compliance deviation report data, in response to the analysis, creating normalized deviation report documents, comparing the normalized deviation report documents, in response to the comparisons, clustering the normalized deviation report documents, creating a common cluster deviation profile comprising clustered deviation reports, and generating a summary system asset compliance report comprising the common cluster deviation profile.

Abstract: Computer implemented reconstruction of compliance mapping due to an update in a regulation in the compliance mapping by a computing device includes comparing a first version of a regulation in the compliance mapping to a second, updated version of the first regulation. A change in the second version with respect to the first version is identified. The change may be an added control description, a deleted control description, or an updated control description. Upon determining that the change is an updated control description, the updated control description is analyzed to determine a type of update. The mapping of the regulation is reconstructed based on the change and, if the change is an updated control description, the type of update, using at least one of natural language processing and/or machine learning. The risk of the reconstructed mapping is assessed, and a service owner is notified about the risk of the changes.

Abstract: Using a first key, an encrypted file fingerprint is decrypted, the decrypting resulting in a decrypted file fingerprint. Using a hash function on a script file, a script file fingerprint is computed, the script file intended to be executed by an interpreter. Responsive to the script file fingerprint matching the decrypted file fingerprint, the script file is executed.

Abstract: Streamlining compliance reporting and remediation through clustering compliance deviations by receiving inspection scan compliance deviation report data, analyzing the inspection scan compliance deviation report data, in response to the analysis, creating normalized deviation report documents, comparing the normalized deviation report documents, in response to the comparisons, clustering the normalized deviation report documents, creating a common cluster deviation profile comprising clustered deviation reports, and generating a summary system asset compliance report comprising the common cluster deviation profile.

Abstract: Systems, computer-implemented methods, and computer program products that can facilitate compliance process risk assessment are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a metric assignment component that assigns one or more risk assessment metrics based on vulnerability data of a compliance process. The computer executable components can further comprise a risk assignment component that assigns a risk score of the compliance process based on the one or more risk assessment metrics.