Abstract: A cyber event response playbook generation system including a data interface arranged to: i) receive, from a cyber security event and response database, a plurality of types of cyber security events and corresponding cyber security event response actions associated with each of the types of cyber security events and ii) receive, from at least one cyber security event monitor, first cyber security event data. A cyber event response playbook generator is arranged to: i) receive the plurality of types of cyber security events and corresponding cyber security event response actions from the data interface ii) receive the first cyber security event data from the data interface, iii) and automatically generate a first cyber event response playbook including one or more response actions based on the received plurality of types of cyber security events and corresponding response actions and the first cyber security event data.

Abstract: A method, comprising: detecting a first cyber event; instantiating a report, the report including an identifier corresponding to the first cyber event; generating a signature for a system log and classifying the signature for the system log with a first neural network; and adding the system log to the report based on an outcome of the classification of the signature for the system log, wherein the system log is added to the report only when the signature for the system log is classified into a predetermined category.

Abstract: A system for data protection includes a first computing device comprising a security module; and a storage device coupled to the first computing device via a network interface. The security module comprises at least one of Software Root of Trust (SRoT) and Hardware Root of Trust (HRoT). The security module is further configured to: establish a trust channel between the first computing device and the storage device or storage service; monitor the first computing device and the storage device; create and enforce multi-dimensional data access control by tightly binding data access and permissions to authorized computing devices, users, applications, system services, networks, locations, and access time windows; and take over control of the storage device or storage service in response to a security risk to the system.

Abstract: In some embodiments, a method for determining a location of an unmanned system (UMS) can include: receiving data from a plurality of data sources, wherein the data sources include a geolocation sensor and at least one of an RF receiver, a RADAR system, a LIDAR system, a SONAR system, an infrared camera, a Simultaneous Location and Mapping Algorithm (SLAM) system, an inertial sensor, or an acoustic sensor; determining a reliability of one or more of the data sources based on the received data; assigning weights to the data sources based at least in part on the determination of the reliability of the one or more data sources; and determining the location of the UMS using the received data and the assigned weights.

Abstract: A system for data protection includes a computing device comprising a processor, a Hardware Root of Trust (HRoT) module and a storage device. The HRoT device is configured to: validate integrity of the computing device; authenticate the computing device to communicate with the storage device; and take over control of storage device access and behaviour whenever suspicious or unauthorized data access from local or remote computing devices is detected. The HRoT device is further configured to, in response to detecting a security risk to at least one of the computing device and the storage device, block communication of the storage device.

Abstract: Evasive resiliency countermeasures techniques that include: implementing a cyber asset in a network element of a plurality of network elements, monitoring operations of the network; detecting an adverse event within the network; in response to detecting the adverse event, removing an availability of the cyber asset at the network element; determining when the adverse event has ended; and, in response to determining that the adverse event has ended, restoring the availability of the cyber asset at the network element.

Abstract: A system for data protection includes a first computing device comprising a security module; and a storage device coupled to the first computing device via a network interface. The security module comprises at least one of Software Root of Trust (SRoT) and Hardware Root of Trust (HRoT). The security module is further configured to: establish a trust channel between the first computing device and the storage device or storage service; monitor the first computing device and the storage device; create and enforce multi-dimensional data access control by tightly binding data access and permissions to authorized computing devices, users, applications, system services, networks, locations, and access time windows; and take over control of the storage device or storage service in response to a security risk to the system.

Abstract: In some embodiments, a method for determining a location of an unmanned system (UMS) can include: receiving data from a plurality of data sources, wherein the data sources include a geolocation sensor and at least one of an RF receiver, a RADAR system, a LIDAR system, a SONAR system, an infrared camera, a Simultaneous Location and Mapping Algorithm (SLAM) system, an inertial sensor, or an acoustic sensor; determining a reliability of one or more of the data sources based on the received data; assigning weights to the data sources based at least in part on the determination of the reliability of the one or more data sources; and determining the location of the UMS using the received data and the assigned weights.

Abstract: A system for data protection includes a computing device comprising a processor, a Hardware Root of Trust (HRoT) module and a storage device. The HRoT device is configured to: validate integrity of the computing device; authenticate the computing device to communicate with the storage device; and take over control of storage device access and behaviour whenever suspicious or unauthorized data access from local or remote computing devices is detected. The HRoT device is further configured to, in response to detecting a security risk to at least one of the computing device and the storage device, block communication of the storage device.

Abstract: The present invention includes an apparatus, and corresponding method, for taking a sample. The apparatus is built around a frame designed to be held in at least one hand. A sample media is used to secure the sample. A sample media adapter for securing the sample media is operated by a trigger mechanism connectively attached within the frame to the sample media adapter.