Abstract: Techniques, systems, and computer-readable media for dynamic behavior-based asset classification are described herein. An asset classification system can detect and receive data associated with a host computer, determine, based on the data, a behavior associated with the host computer, assign the host computer a server classification based on the determination that the behavior represents a behavior of focus, and record the assigned server classification associated with the host computer. In various examples, the asset classification system can determine the behavior is a behavior of focus based on one or more of: a number of connections to other computers associated with a shared customer identifier, a number of unique other host computers connecting to the host computer, and/or a number of unique non-local accounts that have logged in to the host computer, and that the host computer has had an inbound connection on a common port.

Abstract: Prediction of CPEs using banners greatly improves computer functioning. Many web services have an unknown common platform enumeration (CPE). When the CPE is unknown, a computer system is unable to obtain cybersecurity flaws and software fixes for a software product or web service. A CPE, though, is predicted by banner-prompting a large language model using a web service banner. Once the CPE is predicted, vulnerabilities may be identified.

Abstract: Prediction of matches between CPEs and banners greatly improves computer functioning. Many web services have an unknown common platform enumeration (CPE). When the CPE is unknown, a computer system is unable to obtain cybersecurity flaws and software fixes for a software product or web service. A similarity between the CPE and a service banner, though, accurately predicts a match the CPE and the web service. CPEs, for example, may thus be identified for old, obsolete, and uncomment software products and services.

Abstract: Prediction of CPEs using banners greatly improves computer functioning. Many web services have an unknown common platform enumeration (CPE). When the CPE is unknown, a computer system is unable to obtain cybersecurity flaws and software fixes for a software product or web service. A CPE, though, is predicted by banner-prompting an AI/ML model using a web service banner. Once the CPE is predicted, vulnerabilities may be identified.

Abstract: The present disclosure provides an approach of collecting vulnerability data corresponding to a vulnerability of a target product. The approach provides the vulnerability data to an artificial intelligence model that is trained to determine a complexity indicator from the vulnerability data. The complexity indicator corresponds to applying a vulnerability patch to remediate the vulnerability. The approach determines a patch complexity classification by providing the complexity indicator to the artificial intelligence model and, in turn, provides the patch complexity classification to a target system corresponding to the target product.

Abstract: A cybersecurity detection prediction service pre-screens database queries reported by endpoint client devices. The endpoint client devices may report the database queries to a cloud computing environment providing the cybersecurity detection prediction service. The endpoint client devices, however, may locally assess the database queries. The database queries are compared to a cybersecurity assessment profile generated by a machine learning model trained using endpoint cybersecurity detections. The cybersecurity detection prediction service thus provides a much faster cybersecurity prediction.

Abstract: Techniques, systems, and computer-readable media for dynamic behavior-based asset classification are described herein. An asset classification system can detect and receive data associated with a host computer, determine, based on the data, a behavior associated with the host computer, assign the host computer a server classification based on the determination that the behavior represents a behavior of focus, and record the assigned server classification associated with the host computer. In various examples, the asset classification system can determine the behavior is a behavior of focus based on one or more of: a number of connections to other computers associated with a shared customer identifier, a number of unique other host computers connecting to the host computer, and/or a number of unique non-local accounts that have logged in to the host computer, and that the host computer has had an inbound connection on a common port.