Abstract: Cybersecurity reconnaissance, analysis, and scoring uses distributed, cloud or edge-based pools of computing services to provide sufficient scalability for analysis of IT/OT networks using only publicly available characterizations. An in-memory associative array manages a queue of configuration and vulnerability search tasks through at least one public-facing proxy network which uses configurable search nodes to approach the target network with search tools in a desired manner to control certain aspects of the search in order to obtain the desired results, especially when target network behavior adjusts based on counterparty characteristics. A data packet modifier reveals IP addresses of threat actors behind port scans and subsequently block the threat actors.

Abstract: A system and method to identify and prevent cybersecurity attacks on modern, highly-interconnected networks, to identify attacks before data loss occurs, using a combination of human level, device level, system level, and organizational level monitoring.

Abstract: A system and method for providing access and agency to individual entities and people over their data for the purpose of data set validation to facilitate data set and algorithm bias certification and scoring. A first data set is filtered to extract its core information content and to create a certified data set. A certified model is created by training a machine learning algorithm on the certified data set, which certified model is then used to evaluate the bias of subsequent data sets. The data set may be given a value score which represents the overall validity of the data set and its bias characterization. A bias characterization audit can help identify the root causes of bias outcomes from predictive software and algorithms that perform third party tasks and services. The score can be used as a metric to further facilitate market transactions.

Abstract: A system and methods for the creation of domain-specific languages that are both domain-agnostic and language-agnostic for use in a multi-language abstract digital simulation model generation and execution, comprising an onboarding module that creates domain specific models from declarative languages, domain-specific language engine, that uses the declarative domain-specific models to create a domain specific language, a meta-model structuring and creation system, meta-model mapping table, remote server, simulation execution process, computer domain-specific language, and methods for user-creation and editing of meta-models, simulation models, and parametrization of simulation environments, actors, objects, and events in real-time using heuristic searching.

Abstract: A system for fully integrated collection of business impacting data, analysis of that data and generation of both analysis-driven business decisions and analysis driven simulations of alternate candidate business actions has been devised and reduced to practice. This business operating system may be used predict the outcome of enacting candidate business decisions based upon past and current business data retrieved from both within the corporation and from a plurality of external sources pre-programmed into the system. Both single parameter set and multiple parameter set analyses are supported. Risk to value estimates of candidate decisions are also calculated.

Abstract: A system for contextual and risk-based multi-factor authentication having a multi-dimensional time series data server configured to monitor and record a network's traffic data and to serve the traffic data to other modules and a directed computation graph module configured to receive network traffic data from the multi-dimensional time series data server, determine a network traffic baseline from the network traffic data, and determine a verification score needed before granting access based at least in part by the network traffic baseline. A plurality of verification methods build up a user's verification score to required level to gain access.

Abstract: Autonomous management of risk transfer is provided using an automated underwriting processor that creates a contract block by compiling the request into a computational graph-based format, links the contract block to the requester, stores the contract block into memory, retrieves a plurality of available underwriting agreements from memory, and creates an offer list by perform computational graph operations on the contract block to determine viable risk-transfer agreements; and presenting the offer list to the requester.

Abstract: A system and methods for integrating datasets and automating transformation workflows using a distributed computational graph comprising modules that represent various stages within a data processing workflow. The system detects new datasets and automatically selects or assembles a workflow to process the new data, and integrates new data through a series of identification, transformation, and metadata enrichment pipelines.

Abstract: A system and method for network cybersecurity analysis that uses user and entity behavioral analysis combined with network topology information to provide improved cybersecurity. The system and method involve gathering network entity information, establishing baseline behaviors for each entity, and monitoring each entity for behavioral anomalies that might indicate cybersecurity concerns. Further, the system and method involve incorporating network topology information into the analysis by generating a model of the network, annotating the model with risk and criticality information for each entity in the model and with a vulnerability level between entities, and using the model to evaluate cybersecurity risks to the network. Risks and vulnerabilities associated with user entities may be represented, in part or in whole, by the behavioral analyses and monitoring of those user entities.

Abstract: A system and method for automated cybersecurity defensive strategy analysis that predicts the evolution of new cybersecurity attack strategies and makes recommendations for cybersecurity improvements to networked systems based on a cost/benefit analysis. The system and method use machine learning algorithms to run simulated attack and defense strategies against a model of the networked system created using a directed graph. Recommendations are generated based on an analysis of the simulation results against a variety of cost/benefit indicators.

Abstract: A system and method for the secure and private demonstration of cloud-based cyber-security tools. Using an advanced sandboxing design patterns, isolated instances of virtual networks allow a potential client to compare their existing cyber defense tools against a set of cloud-based tools. Capitalizing on non-persistent and secure sandboxes allow the invention to demonstrate fully functional and devastating cyber-attacks while guaranteeing strict privacy and security to both existing customers and potential ones. Additionally, instantiating separate sandboxed observed systems in a single multi-tenant infrastructure provide each customer with the ability to rapidly create actual representations of their enterprise environment offering the most realistic and accurate demonstration and comparison between products.

Abstract: A system and method for cybersecurity risk analysis and anomaly detection using active and passive external reconnaissance, that identifies critical network entities within a cyber-physical graph, identifies anomalous events within the network, determines the risk of identified anomalies based on the value of the entities involved, and determines an effectiveness score for the network based on the identified risks.

Abstract: A system for contextual and risk-based multi-factor authentication having a multi-dimensional time series data server configured to monitor and record a network's traffic data and to serve the traffic data to other modules and a directed computation graph module configured to receive network traffic data from the multi-dimensional time series data server, determine a network traffic baseline from the network traffic data, and determine a verification score needed before granting access based at least in part by the network traffic baseline. A plurality of verification methods build up a user's verification score to required level to gain access.

Abstract: A system and method for attacker interdiction using user-level network trace and tracking which leverages the uniqueness of verified authentication objects as metadata tags on captured network packets to gain insight at the user-level of how a network and various applications interact. The tagged network packets may be tracked, and the resulting data formed into a trace and track dataset to create one or more user-level dependency graphs alongside captured temporal dynamics. The trace and track dataset may be enriched with application trace information and runtime instruction data to improve the dependency graphs and provide deeper insight into application and user security on a given network. Attacks may be detected by analyzing the dependency graphs, and attacker interdiction may be implemented by actively orchestrating network security and IT devices using SOAR workflows.

Abstract: A system and method for detection and prevention of ticket forgery cyberattacks by improving host-level analytics and monitoring and extending the improved host-level analytics and monitoring to endpoints of a network. The methodology described herein comprises the use of a ticket-granting log extension utility which stores every logon session on a network, queries the local ticket cache, and generates additional custom data as a part of an event log stream such as a start time, end time, renew time, and related session data. This comprehensive log extension data can be used to identify certain types of ticket forgery cyberattacks by comparing the user session name with the client name identified in the ticket presented for access to network resources and other means. This host-level ticket forgery detection can be extended to network endpoints for additional security.

Abstract: A system and method for user-level network trace and tracking which leverages the uniqueness of verified authentication objects as metadata tags on captured network packets to gain insight at the user-level of how a network and various applications interact. The tagged network packets may be tracked, and the resulting data formed into a trace and track dataset to create one or more user-level dependency graphs alongside captured temporal dynamics. The trace and track dataset may be enriched with application trace information and runtime instruction data to improve the executable graph and provide deeper insight into application and user security on a given network.

Abstract: A system and method for comprehensive data utilization and tracking comprising an ontological engine which in some embodiments is configured to create and curate various industry-specific ontologies which can be used to provide deeper context to an enterprise's network traffic and data transmission. The system and method further comprise a tagging and tracking engine configured to inspect network packets, apply a first tag associated with an authentication object, apply a second tag associated with an identified ontology, and track the tagged packets as they traverse the enterprise network, generating data utilization tracking information as the packets move through the network. A scoring engine may leverage the data utilization tracking information in combination with user entity and behavior data to compute a risk score associated with data utilization on the enterprise network.

Abstract: A system and method for the privilege assurance of enterprise computer network environments using lateral movement detection and prevention. The system uses local session monitors to monitor logon sessions within a network, generating and verifying event logs and authentication records to ensure the legitimacy of authenticated user sessions and to revoke credentials when an illicit session is detected, halting lateral movement in real-time.

Abstract: A system and method for correlating network event anomalies to identify attack information, that identifies anomalous events within the network, identifies correlations between anomalies and other network events and resources, generates a behavior graph describing an attack pathway derived from the correlations, and determines an attack point of origin using the behavior graph.

Abstract: A system and methods for Kerberos protocol collection, interdiction and decryption for real-time analysis to aid in both operational and security functions in SSO-enabled networks, using agent processes that intercept and decrypt Kerberos traffic to identify compromised credentials and accounts in real-time without exposing sensitive information.