Abstract: A computer-implemented method for computing or modeling the risk of a cyber security breach to an asset begins by gathering coverage information from network sensors, endpoint agents, and decoys related to the asset, as well as gathering importance information related to the asset, alerts and anomalies from an enterprise and vulnerability information related to the asset. From this, a threat-score is computed for the asset. Connections or coupling information is gathered between users and assets, users and data, and assets and data, which is fused to generate a 3-dimensional vector representation of coverage, importance, and threat-score of the assets, users and data. From this 3-dimensional vector, an asset risk score is computed to provide the asset risk score.

Abstract: A method and system for generating and maintaining an immutable electronic ledger. The method comprises receiving, accessing, and/or modifying one or more decision-influencing factors relating to a commodity and/or a product. The method comprises autonomously storing the one or more decision-influencing factors as a part of the immutable electronic ledger in response to said receiving, accessing, and/or modifying. The immutable electronic ledger serves as a record of decision-influencing factors, that is free of hindsight, for a business entity in an evaluation of a decision associated with the commodity and/or product and influenced by the one or more decision-influencing factors.

Abstract: A system and method for rapid evaluation of raw material price risk mitigation contracts aided by simulations driven by an end-user's selection of a settlement parameter, which enable transparent and quick evaluations of one or more contracts. The simulations are presented on a user interface that provides for a unique communication of information relevant to the one or more contracts. An end-user's selection of a settlement parameter is enabled by a digital slider, the actuation of which presents updated simulations in substantially real-time.

Abstract: A computer-implemented method for computing or modeling the risk of a cyber security breach to an asset begins by gathering coverage information from network sensors, endpoint agents, and decoys related to the asset, as well as gathering importance information related to the asset, alerts and anomalies from an enterprise and vulnerability information related to the asset. From this, a threat-score is computed for the asset. Connections or coupling information is gathered between users and assets, users and data, and assets and data, which is fused to generate a 3-dimensional vector representation of coverage, importance, and threat-score of the assets, users and data. From this 3-dimensional vector, an asset risk score is computed to provide the asset risk score.

Abstract: A device and a method for identifying whether a network node is infected by malware, including identifying indicator events for each of a plurality of anomaly indicators, by counting the number of occurrences of an anomaly indicator in at least one of a network node and an entire network during a predetermined time duration and if the number of occurrences of the anomaly indicator during the predetermined time duration is greater than a predetermined event threshold, identifying an indicator event associated with the anomaly indicator during the predetermined time duration and assigning an expiration duration for the indicator event, determining whether the identified indicator events fulfill at least one predetermined infection rule, and if the indicator events fulfill the at least one predetermined infection rule, identifying the network node as infected by malware.

Abstract: A system for gathering information about malware and a method of use therefor, the system comprising a working environment including physical working environment servers, physical working environment endpoints, a working environment network, a switch, and a router directing traffic between said working environment network and an external network, a decoy environment including at least one physical machine, a decoy environment server, a decoy environment endpoint, a decoy environment network and a decoy environment router, a file directing mechanism directing at least some files to the decoy environment, and a threat tracking mechanism tracking and observing actions triggered by the files in the decoy environment.

Abstract: A system and a method for identifying the presence of ransomware on a network including a plurality of resources, and for trapping the ransomware therein.

Abstract: A system for identifying the presence of advanced persistent threats on a network including a plurality of resources, interconnected to form a network, at least one decoy resource, at least one mini-trap installed on at least one of the plurality of resources and functionally associated with at one of the at least one decoy resource, the at least one mini-trap comprising deceptive information directing malware accessing the at least one mini-trap to the decoy resource associated therewith, and a manager node forming part of the network, locally or remotely, and configured to manage placement of the at least one mini-trap on the at least one of the plurality of resources and association between the at least one mini-trap and the decoy resource associated therewith.

Abstract: A system and a method for identifying the presence of ransomware on a network including a plurality of resources, and for trapping the ransomware therein.

Abstract: A device and a method for identifying whether a network node is infected by malware, including identifying indicator events for each of a plurality of anomaly indicators, by counting the number of occurrences of an anomaly indicator in at least one of a network node and an entire network during a predetermined time duration and if the number of occurrences of the anomaly indicator during the predetermined time duration is greater than a predetermined event threshold, identifying an indicator event associated with the anomaly indicator during the predetermined time duration and assigning an expiration duration for the indicator event, determining whether the identified indicator events fulfill at least one predetermined infection rule, and if the indicator events fulfill the at least one predetermined infection rule, identifying the network node as infected by malware.

Abstract: A system for gathering information about malware and a method of use therefor, the system comprising a working environment including physical working environment servers, physical working environment endpoints, a working environment network, a switch, and a router directing traffic between said working environment network and an external network, a decoy environment including at least one physical machine, a decoy environment server, a decoy environment endpoint, a decoy environment network and a decoy environment router, a file directing mechanism directing at least some files to the decoy environment, and a threat tracking mechanism tracking and observing actions triggered by the files in the decoy environment.

Abstract: A system for identifying the presence of advanced persistent threats on a network including a plurality of resources, interconnected to form a network, at least one decoy resource, at least one mini-trap installed on at least one of the plurality of resources and functionally associated with at one of the at least one decoy resource, the at least one mini-trap comprising deceptive information directing malware accessing the at least one mini-trap to the decoy resource associated therewith, and a manager node forming part of the network, locally or remotely, and configured to manage placement of the at least one mini-trap on the at least one of the plurality of resources and association between the at least one mini-trap and the decoy resource associated therewith.

Abstract: A system and method for protection of Web based applications are described. Anomalous traffic can be identified by comparing the traffic to a profile of acceptable user traffic when interacting with the application. Phishing and leeching are one type of anomalous traffic that is detected. The anomalous traffic, or security events, identified at the individual computer networks are communicated to a central security manager. Various responsive actions may be taken in response to detection of phishing or leeching.

Abstract: In one embodiment, a method for securing a network application is described. The method for securing a network application includes receiving network information within a network application and assigning a probability value to an independent aspect of the network information. The probability value is based on a verification of the independent aspect of the information against a profile of acceptable behavior. The method for securing a network application also includes aggregating the probability values of the independent aspects of the network information to determine the probability of the entire network traffic. In addition, the method for securing a network application includes determining whether the probability value of the entire network information is above or below a threshold probability value. The entire network information is screened out based on the probability value of the entire message with respect to the threshold probability value.

Abstract: A system and method for protection of Web based applications are described. The techniques described provide an enterprise wide approach to preventing attacks of Web based applications. Individual computer networks within the enterprise monitor network traffic to identify anomalous traffic. The anomalous traffic can be identified by comparing the traffic to a profile of acceptable user traffic when interacting with the application. The anomalous traffic, or security events, identified at the individual computer networks are communicated to a central security manager. The central security manager correlates the security events at the individual computer networks to determine if there is an enterprise wide security threat. The central security manager can then communicate instructions to the individual computer networks so as to provide an enterprise wide solution to the threat.

Abstract: A system and method for protection of Web based applications are described. Anomalous traffic can be identified by comparing the traffic to a profile of acceptable user traffic when interacting with the application. Phishing and leeching are one type of anomalous traffic that is detected. The anomalous traffic, or security events, identified at the individual computer networks are communicated to a central security manager. Various responsive actions may be taken in response to detection of phishing or leeching.

Abstract: A system and method for protection of Web based applications are described. Anomalous traffic can be identified by comparing the traffic to a profile of acceptable user traffic when interacting with the application. Excessive access rates are one type of anomalous traffic that is detected by monitoring a source and determining whether the number of requests that the source generates within a specific time frame is above a threshold. The anomalous traffic, or security events, identified at the individual computer networks are communicated to a central security manager. The central security manager correlates the security events at the individual computer networks to determine if there is an enterprise wide security threat. The central security manager can then communicate instructions to the individual computer networks so as to provide an enterprise wide solution to the threat. Various responsive actions may be taken in response to detection of an excessive access rate.

Abstract: In one embodiment, a method for securing a network application is described. The method for securing a network application includes receiving network information within a network application and assigning a probability value to an independent aspect of the network information. The probability value is based on a verification of the independent aspect of the information against a profile of acceptable behavior. The method for securing a network application also includes aggregating the probability values of the independent aspects of the network information to determine the probability of the entire network traffic. In addition, the method for securing a network application includes determining whether the probability value of the entire network information is above or below a threshold probability value. The entire network information is screened out based on the probability value of the entire message with respect to the threshold probability value.

Abstract: A system and method for protection of Web based applications are described. A Web application security system is included within a computer network to monitor traffic received from a wide area network, such as the Internet, and determine if there is a threat to the Web application. The Web application security system monitors web traffic in a non-inline configuration and identifies any anomalous traffic against a profile that identifies acceptable behavior of a user of the application. Any anomalous traffic is analyzed and appropriate protective action is taken to secure the Web application against an attack.

Abstract: A system and method for protection of Web based applications are described. The techniques described provide an enterprise wide approach to preventing attacks of Web based applications. Individual computer networks within the enterprise monitor network traffic to identify anomalous traffic. The anomalous traffic can be identified by comparing the traffic to a profile of acceptable user traffic when interacting with the application. The anomalous traffic, or security events, identified at the individual computer networks are communicated to a central security manager. The central security manager correlates the security events at the individual computer networks to determine if there is an enterprise wide security threat.