Abstract: The cyber security appliance can include many AI models and modules working together including self-learning models that use unsupervised machine learning algorithms to model different entities in the telecommunications network via modelling their normal behavior and an assessment module. The assessment module can cooperate with the self-learning models that model the normal behavior of the communications and activities in the control plane and/or management plane in the telecommunications network in order to assess deviations in the control plane's/management plane's normal behavior to protect the telecommunications network from a cyber threat.

Abstract: An automated sandbox generator for a cyber-attack exercise on a mimic network in a cloud environment can include various components. The cloud deployment component deploys the mimic network in a sandbox environment in the cloud environment. The mimic network can be a clone of components from a network that exists in an organization's environment and/or, predefined example components. The attack engine deploys a cyber threat to use an exploit for the wargaming cyber-attack exercise in the mimic network. The user interface displays, in real time, results of the wargaming cyber-attack exercise being conducted in the sandbox environment, to create a behavioral profile of how the cyber threat using the exploit would actually perform in that particular organization's environment as well as have human users interact with the cyber threat deployed by the attack engine during the cyber-attack on the mimic network, as it happens in real time, during the wargaming cyber-attack exercise.

Abstract: A computer-implemented method of investigating a potential cyber incident detected by a cyber security system is described. The method comprises using artificial intelligence (AI) based analysis to perform an investigation into the potential cyber incident based on one or more user-selected hypotheses selected by a user responsive to one or more alerts generated by the cyber security system. The method further comprises causing one or more actions to be performed based on an outcome of the investigation.

Abstract: A cyber security appliance has one or more modules to interact with entities in an operational technology network and potentially in an informational technology network. The operational technology module can reference various machine-learning models trained on a normal pattern of life of users, devices, and/or controllers of the operational technology network. A comparator module cooperates with the operational technology module to compare the received data on the operational technology network to the normal pattern of life of any of the users, devices, and controllers to detect anomalies in the normal pattern of life for these entities in order to detect a cyber threat. An autonomous response module can be programmed to respond to counter the detected cyber threat.

Abstract: An intelligent orchestration component can facilitate an AI augmented and adaptive interactive response loop between multiple AI-based engines. A cyber threat detection uses AI to detect a cyber threat. An autonomous response engine uses AI to mitigate the detected cyber threat. A cyber-security restoration engine uses AI to remediate nodes in the system to a trusted operational state. The prediction engine uses AI to conduct simulations of cyberattacks to assist in determining how a simulated cyberattack might occur in the system, and how to use the simulated cyberattack information to preempt possible escalations of an ongoing actual cyberattack.

Abstract: A cyber security appliance has one or more modules to interact with entities in an operational technology network and potentially in an informational technology network. The operational technology module can reference various machine-learning models trained on a normal pattern of life of users, devices, and/or controllers of the operational technology network. A comparator module cooperates with the operational technology module to compare the received data on the operational technology network to the normal pattern of life of any of the users, devices, and controllers to detect anomalies in the normal pattern of life for these entities in order to detect a cyber threat. An autonomous response module can be programmed to respond to counter the detected cyber threat.

Abstract: An intelligent orchestration module can facilitate an AI augmented and adaptive interactive response loop between multiple AI-based engines. A cyber threat detection uses AI to detect a cyber threat. An autonomous response engine uses AI to mitigate the detected cyber threat. A cyber-security restoration engine uses AI to remediate nodes in the system to a trusted operational state. The prediction engine uses AI to conduct simulations of cyberattacks to assist in determining how a simulated cyberattack might occur in the system, and how to use the simulated cyberattack information to preempt possible escalations of an ongoing actual cyberattack.

Abstract: A cyber threat defense system is provided comprising: a processing component; and a non-transitory computer readable medium including one or more software modules accessible by the processing component, the one or more software modules comprising: a vehicle module configured to receive data from a first vehicle and a second vehicle and reference one or more machine-learning models using machine-learning and artificial intelligence (AI) algorithms, the one or more machine-learning models including a first machine-learning model trained on a normal pattern of life associated with the first vehicle and the second vehicle, and a comparator module configured to cooperate with the vehicle module to compare data received from the first vehicle and the second vehicle to the normal pattern of life associated with the first vehicle and the second vehicle to detect anomalies representing a cyber threat within the first vehicle or the second vehicle.

Abstract: An apparatus comprises a cyber security restoration engine configured to simulate an asset of a computing network that is involved in a simulated cyberattack. The cyber security restoration engine is configured to generate data representative of a simulated cyber security scenario involving the asset of the computing network. The simulated cyber security scenario is derived from a real world cyber security scenario mapped to the asset.

Abstract: An apparatus comprises a cyber security restoration engine configured to restore an asset in a computing network that is involved in a cyberattack to a trusted operational state and prioritize remediation actions for the asset in the computing network. The cyber security restoration engine is configured to receive an indication that the asset in the computing network is involved in a cyber security scenario. The cyber security restoration engine is further configured to identify, based on a property of the asset, an ordered set of instructions forming a playbook that applies to the asset to at least partially address the cyber security scenario.

Abstract: An automated sandbox generator for a cyber-attack exercise on a mimic network in a cloud environment can include various components. The cloud deployment component deploys the mimic network in a sandbox environment in the cloud environment. The mimic network can be a clone of components from a network that exists in an organization's environment and/or, predefined example components. The attack engine deploys a cyber threat to use an exploit for the wargaming cyber-attack exercise in the mimic network. The user interface displays, in real time, results of the wargaming cyber-attack exercise being conducted in the sandbox environment, to create a behavioral profile of how the cyber threat using the exploit would actually perform in that particular organization's environment as well as have human users interact with the cyber threat deployed by the attack engine during the cyber-attack on the mimic network, as it happens in real time, during the wargaming cyber-attack exercise.

Abstract: A cyber security appliance has one or more modules to interact with entities in an operational technology network and potentially in an informational technology network. The operational technology module can reference various machine-learning models trained on a normal pattern of life of users, devices, and/or controllers of the operational technology network. A comparator module cooperates with the operational technology module to compare the received data on the operational technology network to the normal pattern of life of any of the users, devices, and controllers to detect anomalies in the normal pattern of life for these entities in order to detect a cyber threat. An autonomous response module can be programmed to respond to counter the detected cyber threat.

Abstract: A cyber security appliance has one or more modules to interact with entities in an operational technology network and potentially in an informational technology network. The operational technology module can reference various machine-learning models trained on a normal pattern of life of users, devices, and/or controllers of the operational technology network. A comparator module cooperates with the operational technology module to compare the received data on the operational technology network to the normal pattern of life of any of the users, devices, and controllers to detect anomalies in the normal pattern of life for these entities in order to detect a cyber threat. An autonomous response module can be programmed to respond to counter the detected cyber threat.

Abstract: A cyber security restoration engine takes one or more autonomous remediation actions to remediate one or more nodes in a graph of a system being protected back to a trusted operational state in order to assist in a recovery from the cyber threat. The cyber security restoration engine has a tracking component the operational state of each node in the graph of the protected system. The communication module also cooperates with the cyber security restoration engine to communicate with at least one of an external backup system and a recovery service to invoke backup remediation actions and/or recovery remediation actions to remediate one or more nodes potentially compromised by the cyber threat back to a trusted operational state, for example the state before the detected compromise by the cyber threat occurred in the protected system.

Abstract: A cyber security appliance has one or more modules to interact with entities in an operational technology network and potentially in an informational technology network. The operational technology module can reference various machine-learning models trained on a normal pattern of life of users, devices, and/or controllers of the operational technology network. A comparator module cooperates with the operational technology module to compare the received data on the operational technology network to the normal pattern of life of any of the users, devices, and controllers to detect anomalies in the normal pattern of life for these entities in order to detect a cyber threat. An autonomous response module can be programmed to respond to counter the detected cyber threat.

Abstract: An inter-radio-access-technology device comprising: an interface for communicating over a wireless cellular network, and a processor arranged to execute code for performing operations handling communications via the interface according to a plurality of different radio access technologies. The processor is operable to execute code using any selected one of a plurality of different instruction sets, each set being configured for performing operations according to a respective one of the radio access technologies. The device is operable to dynamically switch between the radio access technologies, by selecting corresponding code for execution by the processor and selecting the corresponding instruction set for use in execution of the selected code.