Abstract: A system and method for method for generating a security rule classification model comprises receiving at least one security rule from at least one attack database of a first security product of a plurality of different security products; normalizing each of the at least one security rule; generating a vector for each of the least one normalized security rule; classifying each generated vector to a security engine within a security service using a classification sub-model to generate a preliminary classification model, wherein the classification sub-model is provided from previous classification of security rules for a security product of the plurality of different security products that is different than the first security product; determining a score for the preliminary classification model; and validating the preliminary classification model as the security rule classification model, when the score is over a predefined threshold.

Abstract: A method and system for classification of cyber-threats is provided. The method includes receiving a request for classifying a cyber-threat detected by a cyber-security system, wherein the request includes initial information about the detected cyber-threat; enriching the initial information about the detected cyber-threat to provide textual information about at least one perceived threat related to the detected cyber-threat; and classifying each of the at least one perceived threat into a security service, wherein the classification is performed based on the respective textual information.

Abstract: A cyber-security system and method for proactively predicting cyber-security threats are provided. The method comprises receiving a plurality of security events classified to different groups of events; correlating the plurality of received security events to classify potential cyber-security threats to a set of correlation types; determining a correlation score for each classified potential cyber-security threat; and determining a prediction score for each classified potential cyber-security threat, wherein the prediction score is determined based in part on the correlation score.

Abstract: A system and method for classifying security rules of a plurality of different security products into a security decision engine in a service. The method comprises receiving at least one security rule from at least one attack database of a security product of the plurality of different security products; normalizing each of the at least one security rule; generating a vector for each of the least one normalized security rule, wherein each vector is generated based on a set of terms indicative of a cyber-solution; mapping each of the generated vector to a security service, wherein the security service represents a cyber-solution category, wherein the mapping is performed using a classification model; and associating each of the respective security rule with the security service, when an evaluation threshold is met.

Abstract: A system and method for classifying security rules of a plurality of different security products into a security decision engine in a service. The method comprises receiving at least one security rule from at least one attack database of a security product of the plurality of different security products; normalizing each of the at least one security rule; generating a vector for each of the least one normalized security rule, wherein each vector is generated based on a set of terms indicative of a cyber-solution; mapping each of the generated vector to a security service, wherein the security service represents a cyber-solution category, wherein the mapping is performed using a classification model; and associating each of the respective security rule with the security service, when an evaluation threshold is met.

Abstract: A cyber-security system and method for proactively predicting cyber-security threats are provided. The method comprises receiving a plurality of security events classified to different groups of events; correlating the plurality of received security events to classify potential cyber-security threats to a set of correlation types; determining a correlation score for each classified potential cyber-security threat; and determining a prediction score for each classified potential cyber-security threat, wherein the prediction score is determined based in part on the correlation score.

Abstract: A system and method for adaptively securing a protected entity against cyber-threats. The method comprises: determining, based on at least one input feature, at least one normalization function, wherein the at least one input feature defines an attribute of a data flow to be evaluated by the SDE; receiving at least one engine rule describing an anomaly to be evaluated; and creating an inference system including at least one inference unit, wherein each inference unit is determined based on one of the received at least one engine rule, wherein the inference system computes a score of anomaly (SoA) respective of the at least one input feature.

Abstract: A system and method for classifying security rules of a plurality of different security products into a security decision engine in a service. The method comprises receiving at least one security rule from at least one attack database of a security product of the plurality of different security products; normalizing each of the at least one security rule; generating a vector for each of the least one normalized security rule, wherein each vector is generated based on a set of terms indicative of a cyber-solution; mapping each of the generated vector to a security service, wherein the security service represents a cyber-solution category, wherein the mapping is performed using a classification model; and associating each of the respective security rule with the security service, when an evaluation threshold is met.

Abstract: A system and method for adaptively securing a protected entity against cyber-threats. The method comprises: determining, based on at least one input feature, at least one normalization function, wherein the at least one input feature defines an attribute of a data flow to be evaluated by the SDE; receiving at least one engine rule describing an anomaly to be evaluated; and creating an inference system including at least one inference unit, wherein each inference unit is determined based on one of the received at least one engine rule, wherein the inference system computes a score of anomaly (SoA) respective of the at least one input feature.