Abstract: Systems and methods that facilitate operational support for network infrastructures are discussed. The disclosed system and method facilitate a unified view of the current state of the network and networked devices including real-time log monitoring and for providing metrics for long term system planning. One such method can include the acts of automatically discovering a device deployed on a network, receiving device and network related data in real-time, determining whether a device is authorized, terminating device network access, filtering device data, validating device configuration, configuring a device and providing an output for use by a user. The disclosed system and method can be utilized, for example, to reduce the time involved in troubleshooting and resolving network issues, for establishing a baseline for network performance and for network capacity planning.

Abstract: The innovation disclosed and claimed herein, in one aspect thereof, comprises systems and methods of determining network segmentation. The innovation can search a network to determine a set of network entities, the network entities belonging to the network, and determine network factors of each network entity in the set of network entities. The innovation can evaluate each network factor and determine segmentation candidates based on the evaluation of each network factor. The innovation can determine a risk ranking for each network factor for each network entity and aggregate each risk ranking into a segmentation score for each network entity. The innovation can determine a segmentation candidate when a network entity segmentation score satisfies a threshold score. The innovation can generate a sub-network that is part of the network for the segmentation candidate, and transfer the segmentation candidate to the sub-network.

Abstract: Network entities of a network system are managed in an end-of-life context. A network system is scanned to determine network entities such as hardware devices and/or software applications. A network entity can be identified as vulnerable based on end-of-life data. A risk score for the vulnerable network entity is computed based on the end-of-life data and optionally other factors, and a potentially mitigating action is determined based on the risk score.

Abstract: Provided are a universal software installer and/or uninstaller. The universal software installer determines a structure of the software to be installed and verifies all necessary software elements are applied or installed on the endpoint during the install. The universal software uninstaller determines a structure of the software to be uninstalled and verifies all related software elements are removed from the endpoint. The universal software installer and/or uninstaller is independent of an operating system platform executing on the endpoint.

Abstract: The innovation disclosed and claimed herein, in one aspect thereof, comprises systems and methods of determining network segmentation. The innovation can search a network to determine a set of network entities, the network entities belonging to the network, and determine network factors of each network entity in the set of network entities. The innovation can evaluate each network factor and determine segmentation candidates based on the evaluation of each network factor. The innovation can determine a risk ranking for each network factor for each network entity and aggregate each risk ranking into a segmentation score for each network entity. The innovation can determine a segmentation candidate when a network entity segmentation score satisfies a threshold score. The innovation can generate a sub-network that is part of the network for the segmentation candidate, and transfer the segmentation candidate to the sub-network.

Abstract: Provided are a universal software installer and/or uninstaller. The universal software installer determines a structure of the software to be installed and verifies all necessary software elements are applied or installed on the endpoint during the install. The universal software uninstaller determines a structure of the software to be uninstalled and verifies all related software elements are removed from the endpoint. The universal software installer and/or uninstaller is independent of an operating system platform executing on the endpoint.

Abstract: Blind spots in a network system are identified and eliminated. Synthetic transactions are generated and transmitted across a network system, and at least a portion of the synthetic transactions is captured. Parts of the synthetic transactions that were not captured can be determined and employed to generate a logical security map of the network system based on the captured synthetic transactions. At least one blind spot can be identified from in the logical security map of the network system, and a solution determined to eliminate the at least one blind spot. Subsequently, the solution is implemented for the network system to eliminate the blind spot.

Abstract: Network entities of a network system are managed in an end-of-life context. A network system is scanned to determine network entities such as hardware devices and/or software applications. A network entity can be identified as vulnerable based on end-of-life data. A risk score for the vulnerable network entity is computed based on the end-of-life data and optionally other factors, and a potentially mitigating action is determined based on the risk score.

Abstract: Systems, methods, and computer-readable storage media are utilized to analyze multi-channel data based on a security model in a computer network environment. One system includes a plurality of data channels configured to access entity data and a processing circuit communicatively coupled to a data channel of the plurality of data channels, the processing circuit configured to identify at least one vulnerability, determine an impact of the at least one vulnerability, assign the first property to a first cybersecurity dimension, generate a cybersecurity risk score based at least on the impact of the at least one vulnerability, and generate a multi-dimensional score for a target computer network environment based on the cybersecurity risk score.

Abstract: A computing system comprising a processing circuit is configured to receive, via a data channel from an agentless monitoring data source, user activity data associated with a first computing device of a first user, determine a policy violation based on the user activity data, compare employee-related information associated with the first user to a threshold, determine a baseline level of risk based on the employee-related information exceeding the threshold, determine a user score based on at least one of a threat dimension or an exposure dimension or an impact dimension, determine a probability of an adverse event based on the determined baseline level of risk and the user score, generate a user-interactive electronic notification comprising an indication of the probability of the adverse event, and transmit the user-interactive electronic notification to a second computing device of a second user.

Abstract: Provided is predictive modeling for anti-malware solutions. A profile for a device is determined based on at least one characteristic identified from a successful attempt by the device to access a network. An expected characteristic for a next access attempt by the device to access the network is determined based on the profile. The characteristic of the next access attempt is matched to the expected characteristic. In response to determining that at least one characteristic of the next access attempt matches the expected characteristic, the next access attempt by the device to the network is automatically granted.

Abstract: Systems, methods and computer-readable storage media are utilized to analyze multi-channel data based on a security model in a computer network environment. A computing system is communicatively coupled to a plurality of data channels configured to access entity data via at least one data channel communication network. A plurality of data sources configured to store entity data are associated with the respective data channels. A processing circuit is communicatively coupled to a particular data channel via a data channel communication network and is structured to receive, via the data channel, entity data comprising device connectivity data, parse properties from the device connectivity data where the properties correspond to particular security dimensions, identify vulnerabilities associated with the properties, determine vulnerability impact, and generate a multi-dimensional risk score for a target computer network environment associated with the entity.

Abstract: Situational awareness and perimeter protection orchestration determines when network attacks are occurring, or predicts their occurrence, and provides tools and services to mitigate the attacks. The attacks can be denial of service attacks or distributed denial of service attacks or other types of attacks designed to disable and degrade a network. The dashboard can collect intelligence on what is happening on the network, and also streams of information from third parties that can be used to predict imminent network attacks. The dashboard can also determine what tools and services are available to the network operator in order to counteract the attacks.

Abstract: Systems, methods, and apparatuses for anomalous user behavior detection and risk-scoring individuals are described. User activity data associated with a first computing device of a first user is received from an agentless monitoring data source different from the first computing device. The user activity data includes a user identifier. An active directory (AD) identifier and employee-related information from a human resources database are determined based on the user identifier. Based on the employee-related information and/or AD identifier, a probability of an adverse event is determined. When the probability of the adverse event exceeds a predetermined threshold, a logging agent is activated on the first computing device and additional user activity data is received from the logging agent.

Abstract: Provided is predictive modeling for anti-malware solutions. The predictive modeling includes an identification manager component that generates profile data for a hostile source. The hostile source is identified based on a previous threat attributed to the hostile source. The predictive modeling also includes an evaluation component that determines a characteristic of an interaction between a source and an endpoint. Further, the predictive modeling includes a validation component that compares the characteristic of the interaction with the profile data and controls access to the source by the endpoint based on the comparison. In addition, anti-malware software is not deployed on the endpoint.

Abstract: In one or more embodiments, a first entity may create a profile by providing content via an interface or a first interface. A second entity may manage one or more aspects of the profile via a second interface. The amount of control the second entity has over one or more portions of the profile may be related to or based on content of the profile or a relationship between the first entity and the second entity. For example, the second entity may screen content of the profile from public view. Additionally, profiles may be searched internally within an organization or externally, such as for outsourcing or to provide vendors or clients with more customized solutions. In this manner, profile management is provided.

Abstract: The innovation disclosed and claimed herein, in one aspect thereof, comprises systems and methods of determining network segmentation. The innovation can search a network to determine a set of network entities, the network entities belonging to the network, and determine network factors of each network entity in the set of network entities. The innovation can evaluate each network factor and determine segmentation candidates based on the evaluation of each network factor. The innovation can determine a risk ranking for each network factor for each network entity and aggregate each risk ranking into a segmentation score for each network entity. The innovation can determine a segmentation candidate when a network entity segmentation score satisfies a threshold score. The innovation can generate a sub-network that is part of the network for the segmentation candidate, and transfer the segmentation candidate to the sub-network.

Abstract: The innovation disclosed and claimed herein, in one aspect thereof, comprises systems and methods of eliminating blind spots in a network system. The systems and methods generate synthetic transactions across a network system and capture at least part of the generated synthetic transactions. The systems and methods determine parts of the synthetic transactions that were not captured and generate a logical security map of the network system based on the captured synthetic transactions. The systems and methods determine at least one blind spot in the logical security map of the network system and determine a solution to eliminate the at least one blind spot. The systems and methods implement the solution for the network system to eliminate the blind spot.

Abstract: The innovation disclosed and claimed herein, in one aspect thereof, comprises systems and methods of managing network entities. The innovation scans a network system to determine network entities, e.g. hardware devices and/or software applications. The innovation receives version information about hardware and software. The innovation compares version information to end-of-life information regarding the network entities. The innovation determines potential mitigating actions based on the comparison and creates an end-of-schedule for managing vendor contracts with regards to end-of-life network entities.

Abstract: Provided is predictive modeling for anti-malware solutions. The predictive modeling includes an identification manager component that generates profile data for a hostile source. The hostile source is identified based on a previous threat attributed to the hostile source. The predictive modeling also includes an evaluation component that determines a characteristic of an interaction between a source and an endpoint. Further, the predictive modeling includes a validation component that compares the characteristic of the interaction with the profile data and controls access to the source by the endpoint based on the comparison. In addition, anti-malware software is not deployed on the endpoint.