Abstract: A system for meta-indexing, search, compliance, and test framework for software development is provided, comprising an indexing service configured to create a dataset by processing and indexing source code of a project provided by a developer, perform a code audit on the indexed source code, store results from the code audit in the dataset, gather additional information relating to the provided project, store the additional information in the dataset, and store the dataset into memory; and a monitoring service configured to continuously monitor the project for at least source code changes and make changes to the dataset as needed.

Abstract: A system for mitigation of cyberattacks employing an advanced cyber decision platform comprising a time series data store, a directed computational graph module, an action outcome simulation module, and observation and state estimation module, wherein the state of a network is monitored and used to produce a cyber-physical graph representing network resources, simulated network events are produced and monitored, and the network events and their effects are analyzed to produce security recommendations.

Abstract: A system and method for the prevention, mitigation, and detection of cyberattack attacks on computer networks by identifying weaknesses in directory access object allowances and providing professionals with centralized graph-centric tools to maintain and observe key security and performance insights into their security posture. The system uses an interrogation agent to collect Active Directory configuration parameters and activity information about a forest and the devices operating within. Cyber-physical graphs and histograms using persisted time-series data provides critical information, patterns, and alerts about configurations, attack vectors, and vulnerabilities which enable information technology and cybersecurity professionals greater leverage and control over their infrastructure.

Abstract: A system for transfer learning and domain adaptation using distributable data models is provided, comprising a network-connected distributable model configured to serve instances of a plurality of distributable models; and a directed computation graph module configured to receive at least an instance of at least one of the distributable models from the network-connected computing system, create a second dataset from machine learning performed by a transfer engine, train the instance of the distributable model with the second dataset, and generate an update report based at least in part by updates to the instance of the distributable model.

Abstract: A system for contextual data collection and extraction is provided, comprising an extraction engine configured to receive context from a user for desired information to extract, connect to a data source providing a richly formatted dataset, retrieve the richly formatted dataset, process the richly formatted dataset and extract information from a plurality of linguistic modalities within the richly formatted, and transform the extracted data into a extracted dataset; and a knowledge base construction service configured to retrieve the extracted dataset, create a knowledge base for storing the extracted dataset, and store the knowledge base in a data store.

Abstract: A system and method for cybersecurity reconnaissance, analysis, and scoring that uses distributed, cloud-based computing services to provide sufficient scalability for analysis of enterprise IT networks using only publicly available characterizations. The system and method comprise an in-memory associative array which manages a queue of vulnerability search tasks through a public-facing proxy network. The public-facing proxy network has search nodes configurable to present the network to search tools in a desired manner to control certain aspects of the search to obtain the desired results. A distributed data processing engine and cloud-based storage are used to provide scalable computing power and storage. Each of the cloud-based computing services is containerized and orchestrated for management and efficient scaling purposes.

Abstract: A system and method to identify and prevent cybersecurity attacks on modern, highly-interconnected networks, to identify attacks before data loss occurs, using a combination of human level, device level, system level, and organizational level monitoring.

Abstract: A system for fully integrated predictive decision-making and simulation having a high-volume deep web scraper system, a data retrieval engine, a directed computational graph module, and a decision and action path simulation engine.

Abstract: A system and method for collaborative cybersecurity defensive strategy analysis that predicts the evolution of new cybersecurity attack strategies and creates a virtual network space that provides a virtual reality environment for collaborative insights into network dynamics during a cyberattack. makes recommendations for cybersecurity improvements to networked systems based on a cost/benefit analysis. The system and method use machine learning algorithms to run simulated attack and defense strategies against a virtual network space model of the networked system created using a virtual network space manager. A simulation interaction server can facilitate secure sharing of virtual network spaces and simulations between and among various real and virtual actors to provide a collaborative space where one or more organization's network can be tested for resilience and mitigation. Recommendations are generated based on an analysis of the simulation results against a variety of cost/benefit indicators.

Abstract: A system and method for the privilege assurance of enterprise computer network environments using attack path detection and prediction. The system uses local session monitors to monitor logon sessions within a network, track session details, and log session and network host details. Cyber-physical graphs are produced and used to identify paths within the network based on the logged information, and to apply risk weighting to the identified paths and determine likely attack paths an attacker may use.

Abstract: A system and method for a flexible, high-speed Managed Detection and Response platform that ingests, parses, normalizes, monitors, and correlates nearly any log source or security tool output. The MDR comprising of a declarative connector service that tags events with appropriate data source labels to facilitating data isolation, proper handling, and provenance across multiple customers and security products but otherwise aggregate alerts into a single data stream for consumption by the MDR SOC operators. A connector service further provides a programmatic (API-based) means to interchange data securely across environments. Event data is aggregated by the Managed Detection and Response platform that then utilizes enhanced log ingest capabilities to process the data allowing SOC operators to be able to write rules against the alerts.

Abstract: A highly scalable distributed connection interface for data capture from multiple network service sources, comprising a connector module wherein, the connector module retrieves a plurality of data from a plurality of network data sources; employs a plurality of application programming interface routines to communicate with the plurality of data sources; accepts a plurality of analysis parameters and control commands directly from human interface devices or from one or more command and control storage devices; and specifies the action or actions to be taken on the retrieved data.

Abstract: A system for detecting and mitigating forged authentication object attacks in federated environments is provided, comprising an event inspector to monitor logs and detect vulnerable events, an authentication object inspector configured to observe a new authentication object generated by an identity provider, and intercept the new authentication object; and a hashing engine configured to calculate a cryptographic hash for the new authentication object, and store the cryptographic hash for the new authentication object in the SAML response; wherein subsequent access requests accompanied by authentication objects are validated by comparing hashes for each authentication object to previous generated hashes.

Abstract: A system and method for automated cybersecurity defensive strategy analysis that predicts the evolution of new cybersecurity attack strategies and makes recommendations for cybersecurity improvements to networked systems based on a cost/benefit analysis. The system and method use machine learning algorithms to run simulated attack and defense strategies against a model of the networked system created using a directed graph. Recommendations are generated based on an analysis of the simulation results against a variety of cost/benefit indicators.

Abstract: A system for insurance process management employing an advanced decision platform has been developed. A high speed data retrieval and storage module retrieves insurance related data from a plurality of sources. A predictive analytics module performs predictive analytics functions on normalized insurance related data. A predictive simulation module performs predictive simulation functions on normalized insurance related data. An interactive display module displays results of activity of the predictive analytics module and the predictive simulation module as pre-programmed by analysts of an investigation, and re-display results in ways differing by additional representation programming instructions over the course of a viewing session.

Abstract: A system for insurance process management employing an advanced insurance management platform has been developed. A high speed data retrieval and storage module retrieves insurance related data from a plurality of sources. A data analysis module determines an activeness metric for an object, such as a physical asset, in order to categorize risk and also receives a plurality of individual, entity, and object data to create one or more cognitive maps which may analyzed to determine a propensity for risk. The data analysis module generates a cognitive density metric based on the activeness metric and cognitive map. A predictive analytics module performs predictive analytics functions on normalized insurance related data and using the cognitive density metric. A predictive simulation module performs predictive simulation functions on normalized insurance related data. As a result, the system can produce various models to determine risk and loss associated with an insured physical asset.

Abstract: A system and method for crowdsensing-based determination of risk management and contract validation, comprising at least a heterogeneous mixture of sensors and data-gathering techniques, a sensor fusion suite, and a business operating system, which ingests, transforms if necessary, and analyzes received data and develops and applies models of prediction of consequences of the sensor data and future events based on such data for purposes such as insurance liability and risk assessment, emergency services planning, and financial market predictions, and comparing historical models and data with current data and models to attempt to refine and utilize a more precise predictive model for these purposes.

Abstract: A system and method for self-adjusting cybersecurity analysis and score generation, wherein a reconnaissance engine gathers data about a client's computer network from the client, from devices and systems on the client's network, and from the Internet regarding various aspects of cybersecurity. Each of these aspects is evaluated independently, weighted, and cross-referenced to generate a cybersecurity score by aggregating individual vulnerability and risk factors together to provide a comprehensive characterization of cybersecurity risk using a transparent and traceable methodology. The scoring system itself can be used as a state machine with the cybersecurity score acting as a feedback mechanism, in which a cybersecurity score can be set at a level appropriate for a given organization, and data from clients or groups of clients with more extensive reporting can be used to supplement data for clients or groups of clients with less extensive reporting to enhance cybersecurity analysis and scoring.

Abstract: A system and method for automatically assessing and improving a cybersecurity risk score, wherein a cybersecurity risk score and cyber-physical graph for a network are retrieved and analyzed to identify potential improvements that can be made to network topography and device configurations, changes are applied automatically and an updated cyber-physical graph reflecting the applied changes is produced, and the updated cyber-physical graph is reassessed to determine the effect of the changes that were applied.

Abstract: A system and method for network cybersecurity analysis that uses user and entity behavioral analysis combined with network topology information to provide improved cybersecurity. The system and method involve gathering network entity information, establishing baseline behaviors for each entity, and monitoring each entity for behavioral anomalies that might indicate cybersecurity concerns. Further, the system and method involve incorporating network topology information into the analysis by generating a model of the network, annotating the model with risk and criticality information for each entity in the model and with a vulnerability level between entities, and using the model to evaluate cybersecurity risks to the network. Risks and vulnerabilities associated with user entities may be represented, in part or in whole, by the behavioral analyses and monitoring of those user entities.