Abstract: A system provides for generation and implementation of resiliency controls for securing technology resources. In particular, the system may generate a model for securing technology resources based on compromise vectors that may affect the integrity or security of the resources, along with resiliency controls which may be used by the system to protect the resources. Based on the above information, the system may determine the impact that certain vectors may have on certain resources and assess the resistance of the resources to the impacts. In this way, the system may provide an efficient way to assess resiliency of resources and implement resiliency controls to protect such resources.

Abstract: Dynamic segmentation of network traffic through the use of Pre-Shared Keys (PSKs). Each defined network segment uses a different pre-shared key and a message authentication code (MAC)-signing algorithm to sign data packets with segment-specific MACs. As such, only those computer hosts/nodes that are in the network segment (i.e., have been assigned the same pre-shared key for generating and decoding the MAC signed data packets) are capable or reading the segment's network traffic. By implementing segment-specific MAC signed data packets, the present invention allows for confidential data transmission absent the need to encrypt the actual contents/data being transmitted.

Abstract: A system provides for technology resource centric rapid resiliency modeling. In particular, the system may generate a model for securing technology resources based on compromise vectors that may affect the integrity or security of the resources, along with resiliency controls which may be used by the system to protect the resources. Based on the above information, the system may determine the impact that certain vectors may have on certain resources and assess the resistance of the resources to the impacts. In this way, the system may provide an efficient way to assess resiliency of resources and implement resiliency controls to protect such resources.

Abstract: A security system that provides for secure communication between systems on a network without the need for encrypting the packets related to the communication, and thus, provides secure communications over the network without the processing capacity, memory, and/or processing delays caused by encryption of the packets. The disclosure aids in preventing rogue systems from being able to read communications over the network without the need for encryption. The packets for the communications are sent over the network in clear text, which are readable by any systems on the network, however, only the systems that are authorized are able to determine what packets are the correct packets and what packets are the imitation packets.

Abstract: A security system that provides for obfuscating the sending entities, receiving entities, and/or routings (e.g., host entities that are routing the communication and the path through which the communication is sent) without the need to encrypt the foregoing. The packets for a communication may include a datagram packet portion, an IP packet portion, and a routing packet portion and may be signed with a signature using a pre-shared key (e.g., a wheat signature or a chaff signature). Therefore, the actual datagram packet, IP packet, and/or routing packet may have the actual information or may have imitation information. Only the systems that have the pre-shared key are able to determine what are the wheat packets and what are the chaff packets such that the correct sending entity, receiving entity, and/or hosts routing the communication are able to determine the correct entities and/or the routing.

Abstract: A security system that provides for obfuscating the sending entities, receiving entities, and/or routings (e.g., host entities that are routing the communication and the path through which the communication is sent) without the need to encrypt the foregoing. The packets for a communication may include a datagram packet portion, an IP packet portion, and a routing packet portion and may be signed with a signature using a pre-shared key (e.g., a wheat signature or a chaff signature). Therefore, the actual datagram packet, IP packet, and/or routing packet may have the actual information or may have imitation information. Only the systems that have the pre-shared key are able to determine what are the wheat packets and what are the chaff packets such that the correct sending entity, receiving entity, and/or hosts routing the communication are able to determine the correct entities and/or the routing.

Abstract: A security system that provides for secure communication between systems on a network without the need for encrypting the packets related to the communication, and thus, provides secure communications over the network without the processing capacity, memory, and/or processing delays caused by encryption of the packets. The disclosure aids in preventing rogue systems from being able to read communications over the network without the need for encryption. The packets for the communications are sent over the network in clear text, which are readable by any systems on the network, however, only the systems that are authorized are able to determine what packets are the correct packets and what packets are the imitation packets.

Abstract: A security system that provides for secure communication from a remote system operating on an unsecure network without the need for encrypting the packets related to the communication. The packets for the communications are sent over the network in clear text, which are readable by any systems on the network, however, only the systems that are authorized are able to determine what packets are the correct packets and what packets are the imitation packets. Moreover, a remote secure network may be utilized such that any system operating on an unsecure network may send packets through the remote secure network in a randomized routing in order to aid in hiding the systems sending and receiving the packets and the relays through which the packets are being sent.

Abstract: Dynamic segmentation of network traffic through the use of Pre-Shared Keys (PSKs). Each defined network segment uses a different pre-shared key and a message authentication code (MAC)-signing algorithm to sign data packets with segment-specific MACs. As such, only those computer hosts/nodes that are in the network segment (i.e., have been assigned the same pre-shared key for generating and decoding the MAC signed data packets) are capable or reading the segment's network traffic. By implementing segment-specific MAC signed data packets, the present invention allows for confidential data transmission absent the need to encrypt the actual contents/data being transmitted.

Abstract: The invention relates to a resource landscape system that allows users to identify issues with elements within the organization and implement changes to the elements utilizing a relational database that utilizes nodes for defining the elements and relationships between the elements. The resource landscape system and applications therein provide a holistic inventory of resources, threat vectors, controls, metrics, policies, rules, and/or the like. The resource landscape system may be implemented through one or more interfaces that allows users to view cross-references of the elements, identify the priority of the elements using the crossed-references, and/or identify element issues in the elements of the organization that could results in threats to the organization. Moreover, the invention allows for receiving changes to one or more of the elements and automatically updating the cross-references of the elements, the priority of the elements, and/or the element issues.

Abstract: A system provides for generation and implementation of resiliency controls for securing technology resources. In particular, the system may generate a model for securing technology resources or assets based on compromise vectors that may affect the integrity or security of the resources, along with resiliency controls which may be used by the system to protect the resources. Based on the above information, the system may determine the impact that certain vectors may have on certain resources and assess the resistance of the resources to the impacts. In this way, the system may provide an efficient way to assess resiliency of resources and implement resiliency controls to protect such resources.

Abstract: A system provides for technology resource centric rapid resiliency modeling. In particular, the system may generate a model for securing technology resources or assets based on compromise vectors that may affect the integrity or security of the resources, along with resiliency controls which may be used by the system to protect the resources. Based on the above information, the system may determine the impact that certain vectors may have on certain resources and assess the resistance of the resources to the impacts. In this way, the system may provide an efficient way to assess resiliency of resources and implement resiliency controls to protect such resources.

Abstract: A vertically integrated access control system may store in a database data records corresponding to the interfaces, access control rules, and computing resources of an information system, as well as data records for entity capabilities. Data records for related interfaces, access control rules, computing resources, and entity capabilities may be linked. Using the database, the system may determine the entity capabilities that can be performed based on an existing user entitlement. If the entity capabilities include a flagged combination of entity capabilities, the system may perform an information security action to remediate the flagged combination. The system may use the database to form vertically integrated access units. The vertically integrated access units may be used to form user entitlements. The system may continuously monitor whether any proposed configurations would create a flagged combination of entity capabilities, and if so take an action to prevent such flagged combination.

Abstract: A vertically integrated access control system may store in a database data records corresponding to the interfaces, access control rules, and computing resources of an information system, as well as data records for entity capabilities. Data records for related interfaces, access control rules, computing resources, and entity capabilities may be linked. Using the database, the system may determine the entity capabilities that can be performed based on an existing user entitlement. If the entity capabilities include a flagged combination of entity capabilities, the system may perform an information security action to remediate the flagged combination. The system may use the database to form vertically integrated access units. The vertically integrated access units may be used to form user entitlements. The system may continuously monitor whether any proposed configurations would create a flagged combination of entity capabilities, and if so take an action to prevent such flagged combination.

Abstract: The invention provides an interconnected graph database system, method and computer program product structured for identifying and remediating conflicts in resource deployment. In some embodiments, the present invention is configured to identify a source node of a plurality of first nodes of a first graph database system. The source node is typically associated with a first information technology operational activity. In addition, the present invention is configured for determining a lateral relationship between the source node of the first graph database system and a target node of a plurality of second nodes of a second graph database system. Moreover, the present invention is configured for determining that the lateral relationship between the source node and the target node comprises a conflict, and in response, blocking initiation of the first information technology operational activity.

Abstract: A vertically integrated access control system may store in a database data records corresponding to the interfaces, access control rules, and computing resources of an information system, as well as data records for entity capabilities. Data records for related interfaces, access control rules, computing resources, and entity capabilities may be linked. Using the database, the system may determine the entity capabilities that can be performed based on an existing user entitlement. If the entity capabilities include a flagged combination of entity capabilities, the system may perform an information security action to remediate the flagged combination. The system may use the database to form vertically integrated access units. The vertically integrated access units may be used to form user entitlements. The system may continuously monitor whether any proposed configurations would create a flagged combination of entity capabilities, and if so take an action to prevent such flagged combination.

Abstract: A vertically integrated access control system may store in a database data records corresponding to the interfaces, access control rules, and computing resources of an information system, as well as data records for entity capabilities. Data records for related interfaces, access control rules, computing resources, and entity capabilities may be linked. Using the database, the system may determine the entity capabilities that can be performed based on an existing user entitlement. If the entity capabilities include a flagged combination of entity capabilities, the system may perform an information security action to remediate the flagged combination. The system may use the database to form vertically integrated access units. The vertically integrated access units may be used to form user entitlements. The system may continuously monitor whether any proposed configurations would create a flagged combination of entity capabilities, and if so take an action to prevent such flagged combination.

Abstract: The invention relates to a resource landscape system that allows users to identify issues with elements within the organization and implement changes to the elements utilizing a relational database that utilizes nodes for defining the elements and relationships between the elements. The resource landscape system and applications therein provide a holistic inventory of resources, threat vectors, controls, metrics, policies, rules, and/or the like. The resource landscape system may be implemented through one or more interfaces that allows users to view cross-references of the elements, identify the priority of the elements using the crossed-references, and/or identify element issues in the elements of the organization that could results in threats to the organization. Moreover, the invention allows for receiving changes to one or more of the elements and automatically updating the cross-references of the elements, the priority of the elements, and/or the element issues.

Abstract: Threats may be determined for events in isolation, however, many threats are not identified and/or realized without the occurrence of two or more events. The invention allows for identifying, prioritizing, and remitting the threats that may occur as a result of the combination of events. The invention utilizes the creation of a threat framework, which is populated with events that are defined by event characteristics using an N-tuple. Each event may have an event threat magnitude, as well as an event threat vector that illustrates the severity and likelihood of the event threat and the alignment of the threat event with related threats, and which can be used to determine an event threat assessment for the combination of events. The one or more threat frameworks may be represented by plotting the events in a dimensional Cartesian space illustrating the event threat magnitude and event threat vector.

Abstract: The invention provides an interconnected graph database system, method and computer program product structured for identifying and remediating conflicts in resource deployment. In some embodiments, the present invention is configured to identify a source node of a plurality of first nodes of a first graph database system. The source node is typically associated with a first information technology operational activity. In addition, the present invention is configured for determining a lateral relationship between the source node of the first graph database system and a target node of a plurality of second nodes of a second graph database system. Moreover, the present invention is configured for determining that the lateral relationship between the source node and the target node comprises a conflict, and in response, blocking initiation of the first information technology operational activity.