Abstract: A method of establishing secure communication between a client and a server using a rotating key mechanism. The method comprises receiving a message requesting communication from a client, returning information for establishing communication to the client, including a set of cipher suites supported, receiving from the client one or more selected cipher suites from the set of cipher suites, sending rotation key mechanism attributes (RKM attributes) including a number of keys for rotation, a valid time period for each key, and a server criticality level and establishing communication between the client and server based on the rotation key mechanism attributes. The RKM attributes establish terms for key rotation when a valid time period of an active key elapses.

Abstract: Implementations provide a computer-implemented method that includes: accessing, by a node of a blockchain network, a first set of data encoding a set of transaction records, wherein the blockchain network comprises a plurality of consensus nodes; at least based on the first set of data, generating, by the node, a transaction hash for the set of transaction; accessing a second set of data encoding a compliance status of the node of the blockchain network; at least based on the second set of data; generating, by the node, a compliance hash for the node of blockchain network; generating, by the node, a root hash that combines the transaction hash and the compliance hash; and submitting, by the node and to the plurality of consensus nodes of the blockchain network, a block that includes the root hash for entry into the blockchain.

Abstract: The present disclosure relates to systems and methods for detecting unauthorized system configuration changes. For example, metadata can be extracted from network traffic captured by one or more different network tools and/or network devices and provided to a metadata evaluator. As an example, the one or more different network tools and/or devices can include a switch port analyzer tool, a security information and event management tool, and/or a test access port device. The metadata evaluator can process the extracted metadata to detect a system configuration change in a system on a network that includes the network traffic. The metadata evaluator can determine whether the system configuration change is an authorized system configuration change. In some examples, the metadata evaluator can determine whether the system configuration change is an authorized system configuration change based on change management data from a change management system.

Abstract: Methods and systems, including computer programs encoded on a computer storage medium, implement compliance testing to evaluate controls used to protect assets of a target system. A respective first score is generated for each control based on compliance tests performed to detect each of the controls at the target system. A compliance model is generated that integrates machine-learning algorithms to classify inputs corresponding to a compliance test and to enable predictive analytics of the compliance model using the classified inputs. The compliance model derives a negative compliance test (nCT) for each of the compliance tests by applying the predictive analytics to a data set that includes the first score for each control. An nCT is performed for each control detected at the target system and a second score is generated for each nCT. An assurance score characterizing effectiveness of the control is generated based on the first and second scores.

Abstract: Systems and methods include a computer-implemented method for presenting a model of cybersecurity. Questionnaire answers corresponding to individual components of each of three elements contributing to cybersecurity risk and maturity for a computer system are received by a four-dimensional cybersecurity assurance model application. Three scores corresponding to dimensions of cybersecurity assurance for the computer system are generated by the four-dimensional cybersecurity assurance model application using the questionnaire answers. A three-dimensional graph presenting a four-dimensional model of cybersecurity assurance for the computer system is generated by the four-dimensional cybersecurity assurance model application using the three scores and temporal information.

Abstract: Systems and methods include a penetration testing device. The device comprises: a memory and a processing unit arranged to perform operations including: determining a device mode of operation from one of a headless and remote mode. In the headless mode, the operations comprise: determining a test script customized for a target application; in response to receiving an instruction to perform a penetration test, executing the script to perform the test on the application; based on results of the test, and compiling data indicative of security vulnerabilities in the application. And in the remote mode, the operations comprise: establishing a secure connection between the device and a remote computing device; receiving from the remote computing device instructions for performing a remote penetration test on the application; performing the instructions to determine the security vulnerabilities of the application; and providing the remote computing device with a compilation of the security vulnerabilities.

Abstract: A method may include obtaining a request to unblock a predetermined website in a network and that is associated with a predetermined list. The predetermined list may be used to determine whether a respective user device among various user devices can access one or more websites. The method may further include determining an impact level of the predetermined website for an organization using a machine-learning algorithm and website gateway data. The method may further include determining a probability of a security breach using the machine-learning algorithm and threat data. The method may further include determining whether to unblock the predetermined website based on the impact level and the probability of a security breach. The method may further include transmitting, in response to determining that the predetermined website should be unblocked, a command that modifies the predetermined list to enable the respective user device to access the predetermined website.

Abstract: Methods and systems, including computer programs encoded on a computer storage medium, implement compliance testing to evaluate controls used to protect assets of a target system. A respective first score is generated for each control based on compliance tests performed to detect each of the controls at the target system. A compliance model is generated that integrates machine-learning algorithms to classify inputs corresponding to a compliance test and to enable predictive analytics of the compliance model using the classified inputs. The compliance model derives a negative compliance test (nCT) for each of the compliance tests by applying the predictive analytics to a data set that includes the first score for each control. An nCT is performed for each control detected at the target system and a second score is generated for each nCT. An assurance score characterizing effectiveness of the control is generated based on the first and second scores.

Abstract: Systems and methods include a method for detecting and identifying access points. Signals transmitted by access points in one or more mobile telecommunications networks within range of a mobile wireless scanning system are received by the mobile wireless scanning system. A presence of the access points is detected by the mobile wireless scanning system. Locations of the access points are determined by the mobile wireless scanning system using the signals transmitted by the access points. The locations of the access points are logged by the mobile wireless scanning system. Location and identifying information for the access points are provided by the mobile wireless scanning system to a receiving client.

Abstract: A method may include obtaining a request to unblock a predetermined website in a network and that is associated with a predetermined list. The predetermined list may be used to determine whether a respective user device among various user devices can access one or more websites. The method may further include determining an impact level of the predetermined website for an organization using a machine-learning algorithm and website gateway data. The method may further include determining a probability of a security breach using the machine-learning algorithm and threat data. The method may further include determining whether to unblock the predetermined website based on the impact level and the probability of a security breach. The method may further include transmitting, in response to determining that the predetermined website should be unblocked, a command that modifies the predetermined list to enable the respective user device to access the predetermined website.

Abstract: Systems and methods include a method for detecting and identifying access points. Signals transmitted by access points in one or more mobile telecommunications networks within range of a mobile wireless scanning system are received by the mobile wireless scanning system. A presence of the access points is detected by the mobile wireless scanning system. Locations of the access points are determined by the mobile wireless scanning system using the signals transmitted by the access points. The locations of the access points are logged by the mobile wireless scanning system. Location and identifying information for the access points are provided by the mobile wireless scanning system to a receiving client.

Abstract: Systems and methods include a penetration testing device. The device comprises: a memory and a processing unit arranged to perform operations including: determining a device mode of operation from one of a headless and remote mode. In the headless mode, the operations comprise: determining a test script customized for a target application; in response to receiving an instruction to perform a penetration test, executing the script to perform the test on the application; based on results of the test, and compiling data indicative of security vulnerabilities in the application. And in the remote mode, the operations comprise: establishing a secure connection between the device and a remote computing device; receiving from the remote computing device instructions for performing a remote penetration test on the application; performing the instructions to determine the security vulnerabilities of the application; and providing the remote computing device with a compilation of the security vulnerabilities.