Abstract: An automated sandbox generator for a cyber-attack exercise on a mimic network in a cloud environment can include various components. The cloud deployment component deploys the mimic network in a sandbox environment in the cloud environment. The mimic network can be a clone of components from a network that exists in an organization's environment and/or, predefined example components. The attack engine deploys a cyber threat to use an exploit for the wargaming cyber-attack exercise in the mimic network. The user interface displays, in real time, results of the wargaming cyber-attack exercise being conducted in the sandbox environment, to create a behavioral profile of how the cyber threat using the exploit would actually perform in that particular organization's environment as well as have human users interact with the cyber threat deployed by the attack engine during the cyber-attack on the mimic network, as it happens in real time, during the wargaming cyber-attack exercise.

Abstract: A cyber security appliance has one or more modules to interact with entities in an operational technology network and potentially in an informational technology network. The operational technology module can reference various machine-learning models trained on a normal pattern of life of users, devices, and/or controllers of the operational technology network. A comparator module cooperates with the operational technology module to compare the received data on the operational technology network to the normal pattern of life of any of the users, devices, and controllers to detect anomalies in the normal pattern of life for these entities in order to detect a cyber threat. An autonomous response module can be programmed to respond to counter the detected cyber threat.

Abstract: A cyber security appliance has one or more modules to interact with entities in an operational technology network and potentially in an informational technology network. The operational technology module can reference various machine-learning models trained on a normal pattern of life of users, devices, and/or controllers of the operational technology network. A comparator module cooperates with the operational technology module to compare the received data on the operational technology network to the normal pattern of life of any of the users, devices, and controllers to detect anomalies in the normal pattern of life for these entities in order to detect a cyber threat. An autonomous response module can be programmed to respond to counter the detected cyber threat.

Abstract: A cyber security restoration engine takes one or more autonomous remediation actions to remediate one or more nodes in a graph of a system being protected back to a trusted operational state in order to assist in a recovery from the cyber threat. The cyber security restoration engine has a tracking component the operational state of each node in the graph of the protected system. The communication module also cooperates with the cyber security restoration engine to communicate with at least one of an external backup system and a recovery service to invoke backup remediation actions and/or recovery remediation actions to remediate one or more nodes potentially compromised by the cyber threat back to a trusted operational state, for example the state before the detected compromise by the cyber threat occurred in the protected system.

Abstract: A cyber security appliance has one or more modules to interact with entities in an operational technology network and potentially in an informational technology network. The operational technology module can reference various machine-learning models trained on a normal pattern of life of users, devices, and/or controllers of the operational technology network. A comparator module cooperates with the operational technology module to compare the received data on the operational technology network to the normal pattern of life of any of the users, devices, and controllers to detect anomalies in the normal pattern of life for these entities in order to detect a cyber threat. An autonomous response module can be programmed to respond to counter the detected cyber threat.

Abstract: An inter-radio-access-technology device comprising: an interface for communicating over a wireless cellular network, and a processor arranged to execute code for performing operations handling communications via the interface according to a plurality of different radio access technologies. The processor is operable to execute code using any selected one of a plurality of different instruction sets, each set being configured for performing operations according to a respective one of the radio access technologies. The device is operable to dynamically switch between the radio access technologies, by selecting corresponding code for execution by the processor and selecting the corresponding instruction set for use in execution of the selected code.