Abstract: Implementations of the present disclosure include providing, by a security platform, graph data defining a graph that is representative of an enterprise network, the graph including nodes and edges between nodes, a set of nodes representing respective assets within the enterprise network, and a node representing a process executed within a system of the enterprise, each edge representing at least a portion of one or more lateral paths between assets in the enterprise network, determining, for each asset, a contribution value indicating a contribution of a respective asset to operation of the process, determining, for each asset, an impact value based on a total value of the process and a respective contribution value of the asset, and implementing one or more remediations based on a set of impact values determined for the assets, each remediation mitigating a cyber-security risk within the enterprise network.

Abstract: Implementations of the present disclosure include providing a graph that is representative of an enterprise network and includes nodes and edges, a set of nodes representing assets within the enterprise network, each edge representing a lateral movement path between assets, determining, for each asset, a contribution value indicating a contribution of an asset, determining lateral movements paths between a first asset and a second asset, providing a lateral movement path value representative of a difficulty in traversing a respective lateral movement path, identifying a set of remediations based on remediations defined for one or more vulnerabilities associated with issues identified for assets, each remediation mitigating a cyber-security risk within the enterprise network, and prioritizing the two or more remediations based on contribution values of assets, lateral movement path values of paths, and one of lateral movement complexity values of respective segments of paths and costs of respective remediation

Abstract: Implementations of the present disclosure include receiving, from an agile security platform, attack graph (AG) data representative of one or more AGs, each AG representing one or more lateral paths within an enterprise network for reaching a target asset from one or more assets within the enterprise network, processing, by a security platform, data from one or more data sources to selectively generate at least one event, the at least one event representing a potential security risk within the enterprise network, and selectively generating, within the security platform, an alert representing the at least one event, the alert being associated with a priority within a set of alerts, the priority being is based on the AG data.

Abstract: Implementations are directed to an agile security platform for enterprise-wide cyber-security and performing actions of receiving, from an agile security platform, analytical attack graph (AAG) data representative of one or more AAGs, each AAG representing one or more lateral paths within an enterprise network for reaching a target asset from one or more assets within the enterprise network, determining, for each instance of a plurality of instances of the AAG, a graph value representing a measure of hackability of the enterprise network at respective times, providing a profile of the enterprise network based on a set of graph values determined for instances of the AAG, the profile representing changes in graph values over time, determining an effectiveness of one or more security controls based on the profile, and selectively executing one or more remedial actions in response to the effectiveness.

Abstract: Implementations of the present disclosure include providing, by a security platform, graph data defining a graph that is representative of an enterprise network, the graph including nodes and edges between nodes, a set of nodes representing respective assets within the enterprise network, and a node representing a process executed within a system of the enterprise, each edge representing at least a portion of one or more lateral paths between assets in the enterprise network, determining, for each asset, a contribution value indicating a contribution of a respective asset to operation of the process, determining, for each asset, an impact value based on a total value of the process and a respective contribution value of the asset, and implementing one or more remediations based on a set of impact values determined for the assets, each remediation mitigating a cyber-security risk within the enterprise network.

Abstract: Implementations of the present disclosure include receiving, from an agile security platform, attack graph (AG) data representative of one or more AGs, each AG representing one or more lateral paths within an enterprise network for reaching a target asset from one or more assets within the enterprise network, processing, by a security platform, data from one or more data sources to selectively generate at least one event, the at least one event representing a potential security risk within the enterprise network, and selectively generating, within the security platform, an alert representing the at least one event, the alert being associated with a priority within a set of alerts, the priority being is based on the AG data.

Abstract: Implementations of the present disclosure include providing, by a security platform, graph data defining a graph that is representative of an enterprise network, the graph including nodes and edges between nodes, a set of nodes representing respective assets within the enterprise network, and a node representing a process executed within a system of the enterprise, each edge representing at least a portion of one or more lateral paths between assets in the enterprise network, determining, for each asset, a contribution value indicating a contribution of a respective asset to operation of the process, determining, for each asset, an impact value based on a total value of the process and a respective contribution value of the asset, and implementing one or more remediations based on a set of impact values determined for the assets, each remediation mitigating a cyber-security risk within the enterprise network.

Abstract: Implementations of the present disclosure include receiving, from an agile security platform, attack graph (AG) data representative of one or more AGs, each AG representing one or more lateral paths within an enterprise network for reaching a target asset from one or more assets within the enterprise network, processing, by a security platform, data from one or more data sources to selectively generate at least one event, the at least one event representing a potential security risk within the enterprise network, and selectively generating, within the security platform, an alert representing the at least one event, the alert being associated with a priority within a set of alerts, the priority being is based on the AG data.

Abstract: Implementations of the present disclosure include providing a graph that is representative of an enterprise network and includes nodes and edges, a set of nodes representing assets within the enterprise network, each edge representing a lateral movement path between assets, determining, for each asset, a contribution value indicating a contribution of an asset, determining lateral movements paths between a first asset and a second asset, providing a lateral movement path value representative of a difficulty in traversing a respective lateral movement path, identifying a set of remediations based on remediations defined for one or more vulnerabilities associated with issues identified for assets, each remediation mitigating a cyber-security risk within the enterprise network, and prioritizing the two or more remediations based on contribution values of assets, lateral movement path values of paths, and one of lateral movement complexity values of respective segments of paths and costs of respective remediation

Abstract: Implementations of the present disclosure include providing a graph that is representative of an enterprise network and includes nodes and edges, a set of nodes representing assets within the enterprise network, each edge representing a lateral movement path between assets, determining, for each asset, a contribution value indicating a contribution of an asset, determining lateral movements paths between a first asset and a second asset, providing a lateral movement path value representative of a difficulty in traversing a respective lateral movement path, identifying a set of remediations based on remediations defined for one or more vulnerabilities associated with issues identified for assets, each remediation mitigating a cyber-security risk within the enterprise network, and prioritizing the two or more remediations based on contribution values of assets, lateral movement path values of paths, and one of lateral movement complexity values of respective segments of paths and costs of respective remediation

Abstract: A device may obtain user activity data associated with a plurality of processes being run by the device, where the user activity data identifies user interactions with one or more user input devices, where the plurality of processes is associated with a plurality of process identifiers, and where the user activity data is associated with the plurality of process identifiers. The device may detect an attempt, initiated by a first process having a first process identifier, to access a data file of a file system, and may compare the first process identifier and the plurality of process identifiers to determine whether the first process is associated with a first user interaction included in the user activity data, and may selectively grant the first process access to the data file based on determining whether the first process is associated with the first user interaction.

Abstract: Implementations are directed to an agile security platform for enterprise-wide cyber-security and performing actions of receiving, from an agile security platform, analytical attack graph (AAG) data representative of one or more AAGs, each AAG representing one or more lateral paths within an enterprise network for reaching a target asset from one or more assets within the enterprise network, determining, for each instance of a plurality of instances of the AAG, a graph value representing a measure of hackability of the enterprise network at respective times, providing a profile of the enterprise network based on a set of graph values determined for instances of the AAG, the profile representing changes in graph values over time, determining an effectiveness of one or more security controls based on the profile, and selectively executing one or more remedial actions in response to the effectiveness.

Abstract: Implementations of the present disclosure include providing, by a security platform, graph data defining a graph that is representative of an enterprise network, the graph including nodes and edges between nodes, a set of nodes representing respective assets within the enterprise network, and a node representing a process executed within a system of the enterprise, each edge representing at least a portion of one or more lateral paths between assets in the enterprise network, determining, for each asset, a contribution value indicating a contribution of a respective asset to operation of the process, determining, for each asset, an impact value based on a total value of the process and a respective contribution value of the asset, and implementing one or more remediations based on a set of impact values determined for the assets, each remediation mitigating a cyber-security risk within the enterprise network.

Abstract: Implementations of the present disclosure include providing a graph that is representative of an enterprise network and includes nodes and edges, a set of nodes representing assets within the enterprise network, each edge representing a lateral movement path between assets, determining, for each asset, a contribution value indicating a contribution of an asset, determining lateral movements paths between a first asset and a second asset, providing a lateral movement path value representative of a difficulty in traversing a respective lateral movement path, identifying a set of remediations based on remediations defined for one or more vulnerabilities associated with issues identified for assets, each remediation mitigating a cyber-security risk within the enterprise network, and prioritizing the two or more remediations based on contribution values of assets, lateral movement path values of paths, and one of lateral movement complexity values of respective segments of paths and costs of respective remediation

Abstract: Implementations of the present disclosure include receiving, from an agile security platform, attack graph (AG) data representative of one or more AGs, each AG representing one or more lateral paths within an enterprise network for reaching a target asset from one or more assets within the enterprise network, processing, by a security platform, data from one or more data sources to selectively generate at least one event, the at least one event representing a potential security risk within the enterprise network, and selectively generating, within the security platform, an alert representing the at least one event, the alert being associated with a priority within a set of alerts, the priority being is based on the AG data.

Abstract: A device may obtain user activity data associated with a plurality of processes being run by the device, where the user activity data identifies user interactions with one or more user input devices, where the plurality of processes is associated with a plurality of process identifiers, and where the user activity data is associated with the plurality of process identifiers. The device may detect an attempt, initiated by a first process having a first process identifier, to access a data file of a file system, and may compare the first process identifier and the plurality of process identifiers to determine whether the first process is associated with a first user interaction included in the user activity data, and may selectively grant the first process access to the data file based on determining whether the first process is associated with the first user interaction.