Abstract: A system and methods for detecting and mitigating SAML forgery and manipulation attacks against services is provided, comprising a policy manager configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to create a unique identifier for each valid authentication session; wherein subsequent access requests accompanied by authentication objects are validated by checking for a valid unique identifier.

Abstract: A system and methods for detecting and mitigating golden SAML attacks against federated services is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to create a security cookie for each valid authentication session; wherein subsequent access requests accompanied by authentication objects are validated by checking for a valid security cookie.

Abstract: A system and methods for detecting and mitigating golden SAML attacks against federated services is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to create a security cookie for each valid authentication session; wherein subsequent access requests accompanied by authentication objects are validated by checking for a valid security cookie.

Abstract: A system and methods for detecting and mitigating golden SAML attacks against federated services is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to create a security cookie for each valid authentication session; wherein subsequent access requests accompanied by authentication objects are validated by checking for a valid security cookie.

Abstract: A system and methods for detecting and mitigating golden SAML attacks against federated services is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to create a security cookie for each valid authentication session; wherein subsequent access requests accompanied by authentication objects are validated by checking for a valid security cookie.

Abstract: A system and method for privilege assurance protection of computer networks that remedies the deficiencies of the current directory service structure. The system uses a software agent to collect and store snapshots of all network resources on a computer network by identifying network domains, searching the directory service of each domain for network resources, and periodically querying the network resources for changes. The software agent communicates with a backend server which provides searching, querying, storage, administrative and other functionality to the agent via remote procedure calls.

Abstract: A system and method for a high-performance, scalable, multi-tenant, dynamically specifiable, knowledge graph information storage and utilization. The system uses an in-memory associative array for high-performance graph storage and access, with a non-volatile distributed database for scalable backup storage, a scalable, distributed graph service for graph creation, an indexing search engine to increase searching performance, and a graph crawler for graph traversal. One or more of these components may be in the form of a cloud-based service, and in some embodiments the cloud-based services may be containerized to allow for multi-tenant co-existence with no possibility of data leakage or cross-over.

Abstract: A system and method for a flexible, high-speed Managed Detection and Response platform that ingests, parses, normalizes, monitors, and correlates nearly any log source or security tool output. The MDR comprising of a declarative connector service that tags events with appropriate data source labels to facilitating data isolation, proper handling, and provenance across multiple customers and security products but otherwise aggregate alerts into a single data stream for consumption by the MDR SOC operators. A connector service further provides a programmatic (API-based) means to interchange data securely across environments. Event data is aggregated by the Managed Detection and Response platform that then utilizes enhanced log ingest capabilities to process the data allowing SOC operators to be able to write rules against the alerts.

Abstract: A system and methods for detecting and mitigating golden SAML attacks against federated services is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to create a security cookie for each valid authentication session; wherein subsequent access requests accompanied by authentication objects are validated by checking for a valid security cookie.

Abstract: A system and method for universalization and contextualization of computing assets that utilizes structure, organization, and ontologically-related metadata to unify computing assets into a common data model combined with provenance-related metadata to contextualize the assets for suitability in a given situation. The system and method include an asset registry that contains provenance information and ontological information about available computing assets, a provenance manager which tracks the provenance of each asset for data validation and contextual analysis purposes, an ontology manager that uses ontological relationships among assets to determine other domains in which an asset may be useful, and an interoperability manager which combines the provenance and ontology outputs to suggest computing assets that may be useful in a given context.

Abstract: A system and method for a high-performance, scalable, multi-tenant, dynamically specifiable, knowledge graph information storage and utilization. The system uses an in-memory associative array for high-performance graph storage and access, with a non-volatile distributed database for scalable backup storage, a scalable, distributed graph service for graph creation, an indexing search engine to increase searching performance, and a graph crawler for graph traversal. One or more of these components may be in the form of a cloud-based service, and in some embodiments the cloud-based services may be containerized to allow for multi-tenant co-existence with no possibility of data leakage or cross-over.

Abstract: A building control and management system including an automation controller and a plurality of peripheral devices configured to perform building control-management system functions. The automation controller and peripheral devices communicate wirelessly and the peripheral devices may be enabled and disabled as wireless repeaters in a network formed by the automation controller and the peripheral devices. The automation controller may monitor the communication traffic levels in the wireless network and enable or disable peripheral devices as wireless repeaters to increase or decrease the communication traffic in the network.

Abstract: An automation system including a plurality of peripheral devices, each configured to perform at least one function relating to energy consumption in a facility and an automation controller in communication with the plurality of peripheral devices and providing for the control of the performance of the function by each device. An external network resource such as at least a virtual private network server is configured to enable communication with the automation controller. The automation controller is configured, such as by executing virtual private network software, to establish and maintain a secure data link with the virtual private network server and to enable oversight and/or control of the automation controller via the virtual private network server.

Abstract: A building control and management system including an automation controller and a plurality of peripheral devices configured to perform building control-management system functions. The automation controller and peripheral devices communicate wirelessly and the peripheral devices may be enabled and disabled as wireless repeaters in a network formed by the automation controller and the peripheral devices. The automation controller may monitor the communication traffic levels in the wireless network and enable or disable peripheral devices as wireless repeaters to increase or decrease the communication traffic in the network.

Abstract: A building control and management system including an automation controller and a plurality of peripheral devices configured to perform building control-management system functions. The automation controller and peripheral devices communicate wirelessly and the peripheral devices can be enabled and disabled as wireless repeaters in a network formed by the automation controller and the peripheral devices. The automation controller can monitor the communication traffic levels in the wireless network and enable or disable peripheral devices as wireless repeaters to increase or decrease the communication traffic in the network.

Abstract: An automation system including a plurality of peripheral devices, each configured to perform at least one function relating to energy consumption in a facility and an automation controller in communication with the plurality of peripheral devices and providing for the control of the performance of the function by each device, wherein the automation controller includes a compiler configured to take high level rules and information about the peripheral devices and produce at least one program that will respond to data from the peripheral devices and to timer, calendar, clock, and preprogrammed events and a server component that provides the data as input to the at least one program and takes actions based on the output of the program.

Abstract: The present invention provides, among other things, a reconfigurable, lighting and building control system. The system includes an area controller designed as a removable panel ceiling panel replacement positioned in or proximate an area being controlled. The area controller controls the operation of the lighting fixtures wirelessly or via the low voltage/control wiring based on at least one of day and time, occupancy, and light intensity in the area.

Abstract: A multi-level automation control architecture, methods, and systems are disclosed, which provide enhanced scalability, functionality, and cost effectiveness for energy, access, and control. The systems include various combinations of automation controllers, remote controllers and peripheral devices that are used to provide monitoring and control functionality over the various systems in a structure, such as HVAC, water, lighting, etc. In various embodiments, the automation controller and various peripheral devices are implemented to provide an integrated energy management system for the structure. The system allows the user to manage energy based on the day, time, the presence of people, and the availability of natural lighting and heating, as well as prioritize and participate in demand-response program.

Abstract: An automation system including a plurality of peripheral devices, each configured to perform at least one function relating to energy consumption in a facility and an automation controller in communication with the plurality of peripheral devices and providing for the control of the performance of the function by each device, wherein the system includes a configurable transfer switch that enables the system to control the flow and/or source of electricity provided to circuits in a facility.