Abstract: A breach detection engine detects and mitigates the effects of breaches across one or more data sources. An index is generated based on one or more data sources and the index is queried using keywords indicative of potential breaches. A database of potential breaches is populated based on the query of the index. The potential breach database is queried using keywords associated with a system identity (e.g., a third party). A likelihood of a candidate breach is identified based on a set of breach criteria weights. A network node associated with a candidate breach determined to be an actual breach is identified for isolation or for the performance of one or more additional security actions.

Abstract: An internal network can include a plurality of linked internal nodes, each internal node being configured to communicate with other internal nodes or with one or more external servers over an external network. The internal network can analyze the configuration of the internal nodes and the network traffic between internal nodes of the internal network and external servers. Based on the analysis, a network vulnerability score measuring the vulnerability of the internal network to attack can be determined. If the vulnerability score is below a threshold, the internal network can be isolated from the external network, for example by preventing internal nodes from communicating with or over the external network.

Abstract: An operator node is configured to enable the management of nodes communicatively coupled to the operator node via a network. A selection of node objects is received by the operator node, the selected node objects including software components for inclusion within a node configuration. A configuration policy is generated based on the selected objects, the configuration policy including a set of tests (such as scripts or executables) that, when run, test for the presence of one or more of the selected node objects. A target node is scanned to determine the configuration of the target node, and the set of tests are applied to identify a set of objects identified by the policy but not installed at the target node. The target node is then re-configured to install the identified set of objects at the target node.

Abstract: An internal network can include a plurality of linked internal nodes, each internal node being configured to communicate with other internal nodes or with one or more external servers over an external network. The internal network can analyze the configuration of the internal nodes and the network traffic between internal nodes of the internal network and external servers. Based on the analysis, a network vulnerability score measuring the vulnerability of the internal network to attack can be determined. If the vulnerability score is below a threshold, the internal network can be isolated from the external network, for example by preventing internal nodes from communicating with or over the external network.

Abstract: An operator node is configured to enable the management of nodes communicatively coupled to the operator node via a network. A selection of node objects is received by the operator node, the selected node objects including software components for inclusion within a node configuration. A configuration policy is generated based on the selected objects, the configuration policy including a set of tests (such as scripts or executables) that, when run, test for the presence of one or more of the selected node objects. A target node is scanned to determine the configuration of the target node, and the set of tests are applied to identify a set of objects identified by the policy but not installed at the target node. The target node is then re-configured to install the identified set of objects at the target node.

Abstract: An internal network can include a plurality of linked internal nodes, each internal node being configured to communicate with other internal nodes or with one or more external servers over an external network. The internal network can analyze the configuration of the internal nodes and the network traffic between internal nodes of the internal network and external servers. Based on the analysis, a network vulnerability score measuring the vulnerability of the internal network to attack can be determined. If the vulnerability score is below a threshold, the internal network can be isolated from the external network, for example by preventing internal nodes from communicating with or over the external network.

Abstract: An operator node is configured to generate a visualization of the configurations of nodes communicatively coupled to the operator node via a network. The operator node scans target nodes in a network and identifies a set of attributes describing various configuration properties of each node. The operator node compares corresponding attributes across nodes and determines for each attribute a measure of variance. The variance for each attribute is displayed in a grid view, allowing a user to observe the level of similarity or dissimilarity of each attribute across the target nodes of the network. The operator node also defines and implements a policy describing a set of configuration properties with which target nodes must comply. The operator node determines if one or more target nodes is in violation of the policy, displays a differential visualization associated with each policy failure event, and enables an operator to re-configure target nodes accordingly.

Abstract: An internal network can include a plurality of linked internal nodes, each internal node being configured to communicate with other internal nodes or with one or more external servers over an external network. The internal network can analyze the configuration of the internal nodes and the network traffic between internal nodes of the internal network and external servers. Based on the analysis, a network vulnerability score measuring the vulnerability of the internal network to attack can be determined. If the vulnerability score is below a threshold, the internal network can be isolated from the external network, for example by preventing internal nodes from communicating with or over the external network.

Abstract: An operator node is configured to generate a visualization of the configurations of nodes communicatively coupled to the operator node via a network. The operator node scans target nodes in a network and identifies a set of attributes describing various configuration properties of each node. The operator node compares corresponding attributes across nodes and determines for each attribute a measure of variance. The variance for each attribute is displayed in a grid view, allowing a user to observe the level of similarity or dissimilarity of each attribute across the target nodes of the network. The operator node also defines and implements a policy describing a set of configuration properties with which target nodes must comply. The operator node determines if one or more target nodes is in violation of the policy, displays a differential visualization associated with each policy failure event, and enables an operator to re-configure target nodes accordingly.

Abstract: Computer nodes in a network manage the configuration of neighbor nodes and enforce policy compliance by scanning neighboring nodes and taking corrective action based on consensus. A testing node scans a neighboring target node and identifies if the target node violates the policy. The testing node requests common neighbors of the target node to repeat the scan. If the common neighbors agree that the target node violates the policy, a corrective action is taken to ensure compliance with the policy. Corrective action includes reconfiguration of the target node. Nodes also perform negative checking to ensure adherence to separation rules restricting interaction between neighboring nodes. A testing node attempts to perform a restricted action with a neighboring restricted node. If the restricted action is successful, the testing node takes corrective action on the target node to ensure that subsequent attempts to perform the restriction action are denied access in compliance with the policy.

Abstract: An internal network can include a plurality of linked internal nodes, each internal node being configured to communicate with other internal nodes or with one or more external servers over an external network. The internal network can analyze the configuration of the internal nodes and the network traffic between internal nodes of the internal network and external servers. Based on the analysis, a network vulnerability score measuring the vulnerability of the internal network to attack can be determined. If the vulnerability score is below a threshold, the internal network can be isolated from the external network, for example by preventing internal nodes from communicating with or over the external network.

Abstract: An operator node is configured to enable the management of nodes communicatively coupled to the operator node via a network. A selection of node objects is received by the operator node, the selected node objects including software components for inclusion within a node configuration. A configuration policy is generated based on the selected objects, the configuration policy including a set of tests (such as scripts or executables) that, when run, test for the presence of one or more of the selected node objects. A target node is scanned to determine the configuration of the target node, and the set of tests are applied to identify a set of objects identified by the policy but not installed at the target node. The target node is then re-configured to install the identified set of objects at the target node.

Abstract: An operator node is configured to enable the management of nodes communicatively coupled to the operator node via a network. A selection of node objects is received by the operator node, the selected node objects including software components for inclusion within a node configuration. A configuration policy is generated based on the selected objects, the configuration policy including a set of tests (such as scripts or executables) that, when run, test for the presence of one or more of the selected node objects. A target node is scanned to determine the configuration of the target node, and the set of tests are applied to identify a set of objects identified by the policy but not installed at the target node. The target node is then re-configured to install the identified set of objects at the target node.

Abstract: Computer nodes in a network manage the configuration of neighbor nodes and enforce policy compliance by scanning neighboring nodes and taking corrective action based on consensus. A testing node scans a neighboring target node and identifies if the target node violates the policy. The testing node requests common neighbors of the target node to repeat the scan. If the common neighbors agree that the target node violates the policy, a corrective action is taken to ensure compliance with the policy. Corrective action includes reconfiguration of the target node. Nodes also perform negative checking to ensure adherence to separation rules restricting interaction between neighboring nodes. A testing node attempts to perform a restricted action with a neighboring restricted node. If the restricted action is successful, the testing node takes corrective action on the target node to ensure that subsequent attempts to perform the restriction action are denied access in compliance with the policy.

Abstract: An operator node is configured to generate a visualization of the configurations of nodes communicatively coupled to the operator node via a network. The operator node scans target nodes in a network and identifies a set of attributes describing various configuration properties of each node. The operator node compares corresponding attributes across nodes and determines for each attribute a measure of variance. The variance for each attribute is displayed in a grid view, allowing a user to observe the level of similarity or dissimilarity of each attribute across the target nodes of the network. The operator node also defines and implements a policy describing a set of configuration properties with which target nodes must comply. The operator node determines if one or more target nodes is in violation of the policy, displays a differential visualization associated with each policy failure event, and enables an operator to re-configure target nodes accordingly.

Abstract: An operator node is configured to enable the management of nodes communicatively coupled to the operator node via a network. A selection of node objects is received by the operator node, the selected node objects including software components for inclusion within a node configuration. A configuration policy is generated based on the selected objects, the configuration policy including a set of tests (such as scripts or executables) that, when run, test for the presence of one or more of the selected node objects. A target node is scanned to determine the configuration of the target node, and the set of tests are applied to identify a set of objects identified by the policy but not installed at the target node. The target node is then re-configured to install the identified set of objects at the target node.