Abstract: An information security monitoring system can import indicators of compromise (IOC) definitions in disparate formats from third-party source systems, convert them into editable security definitions in an internal system format, and provide a user interface for composing or editing these security definitions with enhancements, including complex security definitions such as those having a nested Boolean structure and/or those that reference one or more security definitions, a behavioral rule, and/or a vulnerability description. One or more whitelists can be added to handle exceptions. Each composed or modified security definition is then compiled into an executable rule. The executable rule, when evaluated, produces a result indicative of an endpoint security action needed in view of an endpoint event that meets the composed or modified security definition.

Abstract: Systems and methods are provided for splicing airframe components. One embodiment is a method for assembling an airframe of an aircraft. The method includes forming a first skin of a first circumferential section of fuselage, the first skin including a distal portion comprising a lip and a shoulder, aligning a second skin of a second circumferential section of fuselage with the shoulder such that the lip overlaps the second skin, and affixing the first skin and the second skin together via a circumferential splice.

Abstract: An endpoint protection system implementing a new blocking strategy allows a user to specify an arbitrary number of protection rules through a user interface. In user mode, the protection rules are compiled into a single expression tree, which is then compiled into byte code. In kernel mode, the byte code is dynamically loaded in memory (e.g., kernel space) and the assembler validates the byte code and performs a plurality of security checks, then ultimately assembles the byte code into machine code that is native to the processor. Because complex detection/protection logic is compiled in user mode, the invention allows for highly expressive and powerful protection rules. Further, because complex detection/protection logic is not manually written in kernel mode, but validated then evaluated via simple machine code instructions in the privileged mode, the invention is safer and will not slow down the entire operating system.

Abstract: Systems and methods for event threat prioritization are provided. In some embodiments, an event priority engine receives event data detected by event agents executing on devices. The events are prioritized and ranked according to threat scores for events generated according to threat indicators which are fed event data and threat data. In some embodiments, security systems may take the approach of prioritizing events based on the endpoints from which they originate using attributes associated with those endpoints. In this way, events can be prioritized at least in part based on the damage to the enterprise that may occur if those events were to compromise security, not just the likelihood of those events actually resulting in a security breach.

Abstract: An endpoint security system having a Secured Authentication For Enterprise (SAFE) server is enhanced with an auxiliary service. The auxiliary service receives a request to run a job on an endpoint of an enterprise computer network, queues up the job in a central job store, and monitors whether an agent on the endpoint has checked in with the SAFE server. Responsive to the agent on the endpoint checking in with the SAFE server, the auxiliary service establishes, through a secure connection with the SAFE server, a connection with the agent on the endpoint and determines whether the agent has any jobs queued up in the central job store. If so, the auxiliary service dispatches the job from the central job store to the agent on the endpoint through the secure connection with the SAFE server and starts the job by the agent on the endpoint.

Abstract: Reaming tools for reaming a borehole and related systems and methods are described herein. In an embodiment, the tool includes a body having a central axis, and a plurality of blades. Each of the plurality of blades includes an uphole section that extends in a first helical direction, a downhole section that extends in a second helical direction that is opposite the first helical direction, and an arcuate central section that continuously extends from the uphole section to the downhole section. The plurality of blades are eccentric about the central axis such that the reaming tool is configured to pass axially through a first diameter and is configured to ream a borehole to a second diameter that is greater than the first diameter when the tool is rotated about the central axis in a cutting direction.

Abstract: Reaming tools for reaming a borehole and related systems and methods are described herein. In an embodiment, the tool includes a body having a central axis, and a plurality of blades. Each of the plurality of blades includes an uphole section that extends in a first helical direction, a downhole section that extends in a second helical direction that is opposite the first helical direction, and an arcuate central section that continuously extends from the uphole section to the downhole section. The plurality of blades are eccentric about the central axis such that the reaming tool is configured to pass axially through a first diameter and is configured to ream a borehole to a second diameter that is greater than the first diameter when the tool is rotated about the central axis in a cutting direction.

Abstract: An information security monitoring system can import indicators of compromise (IOC) definitions in disparate formats from third-party source systems, convert them into editable security definitions in an internal system format, and provide a user interface for composing or editing these security definitions with enhancements, including complex security definitions such as those having a nested Boolean structure and/or those that reference one or more security definitions, a behavioral rule, and/or a vulnerability description. One or more whitelists can be added to handle exceptions. Each composed or modified security definition is then compiled into an executable rule. The executable rule, when evaluated, produces a result indicative of an endpoint security action needed in view of an endpoint event that meets the composed or modified security definition.

Abstract: An endpoint agent is enhanced with a kernel-level event tracing facility, an event manager having telemetry filters, a persistence manager, and a detection engine. The endpoint agent receives an instruction from a controller system to enable a selection of filters, including a custom-built telemetry filter for the kernel-level event tracing facility which feeds events to the event manager as they are occurring. The event manager determines which enabled telemetry filters are applicable to the events, apply them to identify events of interest, and provide those events to the detection engine which, in turn, applies detection filters to the events of interest to detect possible threats to the endpoint. The telemetry filters are evaluated in memory as the events are occurring. To increase the speed of processing, expression trees representing the telemetry filters can be compiled into machine code just in time of execution. The machine code executes extremely fast natively.

Abstract: An information security monitoring system can import indicators of compromise (IOC) definitions in disparate formats from third-party source systems, convert them into editable security definitions in an internal system format, and provide a user interface for composing or editing these security definitions with enhancements, including complex security definitions such as those having a nested Boolean structure and/or those that reference one or more security definitions, a behavioral rule, and/or a vulnerability description. One or more whitelists can be added to handle exceptions. Each composed or modified security definition is then compiled into an executable rule. The executable rule, when evaluated, produces a result indicative of an endpoint security action needed in view of an endpoint event that meets the composed or modified security definition.

Abstract: An endpoint security system having a Secured Authentication For Enterprise (SAFE) server is enhanced with an auxiliary service. The auxiliary service receives a request to run a job on an endpoint of an enterprise computer network, queues up the job in a central job store, and monitors whether an agent on the endpoint has checked in with the SAFE server. Responsive to the agent on the endpoint checking in with the SAFE server, the auxiliary service establishes, through a secure connection with the SAFE server, a connection with the agent on the endpoint and determines whether the agent has any jobs queued up in the central job store. If so, the auxiliary service dispatches the job from the central job store to the agent on the endpoint through the secure connection with the SAFE server and starts the job by the agent on the endpoint.

Abstract: An information security monitoring system can import indicators of compromise (IOC) definitions in disparate formats from third-party source systems, convert them into editable security definitions in an internal system format, and provide a user interface for composing or editing these security definitions with enhancements, including complex security definitions such as those having a nested Boolean structure and/or those that reference one or more security definitions, a behavioral rule, and/or a vulnerability description. One or more whitelists can be added to handle exceptions. Each composed or modified security definition is then compiled into an executable rule. The executable rule, when evaluated, produces a result indicative of an endpoint security action needed in view of an endpoint event that meets the composed or modified security definition.