108 results about "Cybersafety" patented technology

The present disclosure provides a method, system, and device for inquiry response mapping for determining a cybersecurity risk level of an entity. To manage and/or evaluate a cybersecurity risk level based on a relationship between a first entity and a second entity, questionnaires (e.g., requests or inquires) are often exchanged between two entities. One or more aspects of the present disclosure provide populating data sets (e.g., questionnaires) indicative of risk level for the first entity or the second entity. One or more other aspects of the present disclosure further provide determining a cybersecurity risk level of an entity by mapping responses to a plurality of inquiry sets directed to the first entity or the second entity.

A system for deriving a rating representative of a level of cybersecurity of a user is configured to execute steps of a method comprising (i) requesting, from the user, identifying information about the user; (ii) requesting, from the user, input in response to a set of predetermined questions provided to the user based on the identifying information about the user; (iii) collecting, based on at least the identifying information, public domain data about the user and data from the user's digital assets; and (iv) computing, based on the collected data and the input to the set of predetermined questions provided by the user, a numerical value defining the cybersecurity rating.

A system for detecting artifacts associated with a cyber-attack features a cybersecurity intelligence hub that includes a data store with stored meta-information associated with each artifact of a plurality of artifacts and each stored meta-information includes a verdict classifying an artifact corresponding to the stored meta-information as a malicious classification or a benign classification. The hub is configured to (i) receive meta-information associated with a first artifact from a cybersecurity sensor, and (ii) determine a verdict for the first artifact based on an analysis of meta-information associated with the first artifact stored meta-information associated with each of the plurality of artifacts. A verdict for the first artifact is returned to the cybersecurity sensor in response to a detected match between a portion of stored meta-information and a portion of the meta-information associated with the first artifact.

A system is provided for modeling and analysis of cybersecurity threats may include a data flow diagram (DFD) creator, threat indicator and threat analyzer. The DFD creator may identify elements of an information system, and compose a DFD including nodes and edges representing components and data flows of the information system. The threat indicator may identify a cybersecurity threat to a particular element of the information system, and add a secondary node representing the cybersecurity threat to the DFD to thereby produce a threat-model DFD for the information system. In metadata associated with the nodes, edges and secondary node, the DFD creator and threat indicator may provide structured information including attributes of the components, data flows and cybersecurity threat. And the threat analyzer may perform an analysis of the cybersecurity threat based on the threat-model DFD and metadata associated with the nodes, edges and secondary node thereof.

This invention discloses a method and a system for risk evaluation of an information system, in which, the method includes: computing the risk value of each asset in the information system and computing the risk value of the information system according to the risk values of the assets, and the computation is based on a probability model. A risk evaluation system is installed on the UE of the internet containing a vulnerability scan unit, an asset value defining unit, an asset safeguard defining unit and a risk evaluation unit of the information system, which can quantize the risk values of assests and the information system together in an appointed fixed space and the quantized result shows the degree of vulnerability of assests or the information system.

A method for generating rule recommendation utilized in a creation of malware detection rules is described. Meta-information associated with a plurality of events collected during a malware detection analysis of an object by a cybersecurity system is received and a first plurality of features is selected from the received meta-information. Machine learning (ML) models are applied to each of the first plurality of features to generate a score that represents a level of maliciousness for the feature and thereby a degree of usefulness of the feature in classifying the object as malicious or benign. Thereafter, a second plurality of features is selected as the salient features, which are used in creation of the malware detection rules in controlling subsequent operations of the cybersecurity system. The second plurality of features being lesser in number that the first plurality of features.

A comprehensive cybersecurity platform includes a cybersecurity intelligence hub, a cybersecurity sensor and one or more endpoints communicatively coupled to the cybersecurity sensor, where the platform allows for efficient scaling, analysis, and detection of malware and/or malicious activity. An endpoint includes a local data store and an agent that monitors for one or more types of events being performed on the endpoint, and performs deduplication within the local data store to identify “distinct” events. The agent provides the collected metadata of distinct events to the cybersecurity sensor which also performs deduplication within a local data store. The cybersecurity sensor sends all distinct events and/or file objects to a cybersecurity intelligence hub for analysis. The cybersecurity intelligence hub is coupled to a data management and analytics engine (DMAE) that analyzes the event and/or object using multiple services to render a verdict (e.g., benign or malicious) and issues an alert.

We are in a digital revolution. Over 85% of an organization's value is in digital form. Digital assets are systems, processes, data and technologies. Cyber exposures are quantified and cyber risks are scored. A graphical user interface visualizes a cyber-risk engine that quantifies cyber risk in alignment to how insurance companies pay claims, using flexible and multiple cyber risk algorithms that are prescribed in relationship to a customer's risk requirements. Digital asset cyber risk ratings are measured to increase cyber resiliency. A cyber risk management platform automates business processes across each cybersecurity function that provides data from near-real time cybersecurity tools for participants to reduce cyber risk back to acceptable risk tolerances and improve cyber resiliency.

A computerized method for reconfiguring one or more malware detection systems each performing cybersecurity analyses on incoming data is described. The method involves receiving meta-information including metrics associated with a malware detection system. Based on the meta-information, a determination is made whether the malware detection system is operating at an optimal performance level. If not, results produced by conducting behavior analyses predicting operability of the malware detection system are determined and the results are provided as feedback to the malware detection system to update one or more configuration parameter values thereof.

Provided is a process that includes: obtaining, with one or more processors, a set of user-authentication credentials of a plurality of users; accessing, with one or more processors, a repository of breached credentials and determining, with one or more processors, an amount of the obtained set of user-authentication credentials in the repository of breached credentials, wherein the repository includes credentials from a plurality of entities obtained after the entities suffered a breach; and determining, with one or more processors, a score based on the amount of the set of user-authentication credentials in the repository of breached credentials, wherein the score is indicative of effectiveness of cybersecurity practices of the entity and the users associated with the entity.

A method, system and computer usable program product for assessing a cybersecurity skill of a participant, can involve generating and outputting to an I/O device, a user interface that includes user input fields for receiving data related to a cybersecurity task from a participant of a cybersecurity assessment facilitated by the user interface, the user interface operable to assess a cybersecurity skill of the participant as a part of the cybersecurity assessment. The cybersecurity skill of the participant via can be assessed via the user interface, based on metrics that indicate how the participant achieved the cybersecurity task as compared to at least one other participant of the cybersecurity assessment, and after the cybersecurity task has been completed by the participant via the user interface.

The systems and methods described herein generally relate to techniques for automated detection, aggregation, and integration of cybersecurity threats. The system ingests multiple data feeds which can be in one or numerous different formats. The system evaluates information based on defined scores to display to users threats and risks associated with them. The system also calculates decay rates for expiration of threats and indicators through various methods.

A cognitive security analytics platform is enhanced by providing a technique for automatically inferring temporal relationship data for cybersecurity events. In operation, a description of a security event is received, typically as unstructured security content or data. Information such as temporal data or cues, are extracted from the description, along with security entity and relationship data. Extracted temporal information is processing according to a set of temporal markers (heuristics) to determine a time value marker (i.e., an established time) of the security event. This processing typically involves retrieval of information from one or more structured data sources. The established time is linked to the security entities and relationships. The resulting security event, as augmented with the identified temporal data, is then subjected to a management operation.

A system, a method, and a computer program for remediating a cyberattack risk for a computing resource located at a node in a computer network having a plurality of nodes. The solution includes receiving vulnerability score data that has a severity level for a vulnerability in the computing resource at the node, receiving a number of installations value (N_CRi) that indicates a number of instances the computing resource is included in the plurality of nodes, determining a percentile of occurrence value (PO_CRi) for the computing resource based on the number of installations value (N_CRi), applying a severity adjustment matrix to the severity level to determine a true severity level for the vulnerability in the computing resource, reprioritized the vulnerability in the computing resource based on the true severity level, and mitigating the cyberattack risk for the computing resource based on the true severity level.

A system and method for automatically assessing and improving a cybersecurity risk score, wherein a cybersecurity risk score and cyber-physical graph for a network are retrieved and analyzed to identify potential improvements that can be made to network topography and device configurations, changes are applied automatically and an updated cyber-physical graph reflecting the applied changes is produced, and the updated cyber-physical graph is reassessed to determine the effect of the changes that were applied.

A system and method for automated cybersecurity defensive strategy analysis that predicts the evolution of new cybersecurity attack strategies and makes recommendations for cybersecurity improvements to networked systems based on a cost/benefit analysis. The system and method use machine learning algorithms to run simulated attack and defense strategies against a model of the networked system created using a directed graph. Recommendations are generated based on an analysis of the simulation results against a variety of cost/benefit indicators. The recommendation engine runs continuously, makes suggestions, and takes adjustably autonomous actions to go further and actuate parts of the system using an orchestration service employing a distributed computational graph and actuation plugins based on generated plans. Actions are validated as required or as prudent from appropriate simulation modeling services.

An indication of a message that was identified by a recipient user of the message as being associated with a cybersecurity attack is received. Properties of the message are extracted. The extracted properties of the message are provided as inputs to a machine learning model to determine a likelihood the message is associated with a true cybersecurity attack. The determined likelihood is utilized to handle a security response associated with the message.

An anomaly detection system configured to generate a plurality of tensors based on spatial attributes of a set of cybersecurity data and temporal attributes of the set of cybersecurity data. The set of cybersecurity data comprising numeric data and textual data collected from a plurality of computational sources. The anomaly detection system can provide the plurality of tensors to a Hierarchical Temporal Memory (HTM) network. The HTM network can be configured to generate respective HTM outputs for respective regions of the HTM network. The anomaly detection system can determine that at least one HTM output indicates an anomaly, convert the at least one HTM output to a notification, and provide the notification to a user interface.

A system and method for comprehensive cybersecurity threat assessment of software applications based on the totality of vulnerabilities from all levels of the software supply chain. The system and method comprising analyzing the code and/or operation of a software application to determine components comprising the software, identifying the source of such components, determining vulnerabilities associated with those components, compiling a list of such components, creating a directed graph of relationships between the components and their sources, and evaluating the overall threat associated with the software application based its software supply chain vulnerabilities.

The invention discloses a PXE trusted boot method for a pre-boot execution environment of a Shenwei server, and belongs to the field of safe and trusted boot of a server access network. The method ischaracterized in that in a system composed of a PXE server and a PXE client (Shenwei server), hash value of a PXE startup file is calculated as a reference value during publishing of a reference valuestorage module of a client. Then, the value is stored in the reference value storage module of the client. When the PXE client carries out PXE starting, the PXE client carries out PXE starting. The PXE startup file is downloaded from the PXE server. A trusted measurement module calculates a hash value of the PXE startup file by using a same hash algorithm. The hash value is used as a measurementvalue and is compared with a reference value. If the hash value is the same as the reference value, the PXE startup file is trusted, and if the hash value is not the same as the reference value, the PXE startup file is not trusted, and sends a warning signal. The PXE starting file is subjected to credible measurement, whether the PXE starting file is credible or not is judged, and the PXE startingsafety of the Shenwei server is improved.