104 results about "Threat mitigation" patented technology

A system for mitigation of cyberattacks employing an advanced cyber decision platform comprising a time series data store, a directed computational graph module, an action outcome simulation module, and observation and state estimation module, wherein the state of a network is monitored and used to produce a cyber-physical graph representing network resources, simulated network events are produced and monitored, and the network events and their effects are analyzed to produce security recommendations.

An intrusion detection and prevention system and method for dealing with threats to computers and computer networks, and in particular to computers and networks connected to the Internet, is disclosed. A sensor receives network traffic. The sensor includes a first processor for managing the network traffic that is received, a first path for the traffic that is received for storing the traffic in a memory for subsequent use, a second path for analyzing the traffic that is received, and for processing the traffic at a speed that is at least as fast as speed of the first path. The second processor is associated with the second path so that some of the traffic is allowed along the first path and other of the traffic is rate limited or not allowed along the first path. The system and method use four tiers of threat detection to successively mitigate a large variety of threats.

A system for mitigation of cyberattacks employing an advanced cyber decision platform comprising a time series data store, a directed computational graph module, an action outcome simulation module, and observation and state estimation module, wherein the state of a network is monitored and used to produce a cyber-physical graph representing network resources, simulated network events are produced and monitored, and the network events and their effects are analyzed to produce security recommendations.

A method is provided for obtaining a certificate revocation list (CRL) for a vehicle in a vehicle-to-vehicle communication system. A portable security unit is provided to access secured operations for the vehicle. The portable security unit is linked to a device having access to a communication network. The communication network is in communication with a certificate authority for issuing an updated CRL. The updated CRL is downloaded from the certificate authority to the portable security unit. At a later time, when a user enters the vehicle, a communication link is established between the portable security unit and a vehicle processor unit. Mutual authentication is exchanged between the portable security unit and the vehicle processing unit. The updated CRL stored in the portable security unit is downloaded to a memory of the vehicle communication system in response to a successful mutual authentication.

According to various illustrative embodiments of the present invention, a method for a content-driven threat management system includes creating a threat detection primary object with threat mitigation data using at least one researcher of at least one of software and malicious code, encoding the threat detection primary object with threat mitigation data within an object capable of being transmitted to a personal computer system using a transmission vector update function, and transmitting the threat detection primary object with threat mitigation data to a threat agent using the transmission vector update function. The method also includes updating at least one threat function using the threat agent to update at least one threat functional description of the at least one threat function to include the threat detection primary object with threat mitigation data, and using the threat detection primary object with threat mitigation data to be capable of recognizing at least one threat event based upon the threat detection primary object with threat mitigation data.

A method and system to mitigate at least one threat associated with a building includes receiving at least one threat parameter of the at least one threat via at least one threat sensor, and actively controlling at least one threat mitigator in response to the at least one threat parameter via a threat controller.

An adaptive cascaded electronic protection processing system for global navigation satellite system (GNSS) threat mitigation is provided. The system includes a precorrelation characterization component configured to provide at least one parameter characterizing a plurality of received signals. A correlator is configured to provide a plurality of correlation results, each representing one of the plurality of received signals. A spatial weight contribution component is configured to determine an optimal set of digital beam-forming weights via an optimization process according to the at least one parameter. A postcorrelation characterization component is configured to determine at least one constraint on the optimization process according to the plurality of correlation results.

A system for mitigation of cyberattacks employing an advanced cyber decision platform comprising a time series data store, a directed computational graph module, an action outcome simulation module, and observation and state estimation module, wherein the state of a network is monitored and used to produce a cyber-physical graph representing network resources, simulated network events are produced and monitored, and the network events and their effects are analyzed to produce security recommendations.

A method includes, responsive to detecting network activity indicative of a threat, selecting a threat mitigation scheme corresponding to a set of response actions. The method also include filtering the set of response actions based on a policy to generate a set of allowed response actions and executing one or more response actions of the set of allowed response actions.

One embodiment of the present invention provides a system to facilitate collaboration for mitigating network threats. During operation, the system receives encrypted data sets from a plurality of entities. The data sets including data describing threats to network security. The system performs privacy-preserving operations on the encrypted data sets, such as private set intersection. The system then computes one or more metrics based on results of the private set intersection computations. The system may generate a similarity matrix based on the one or more metrics, and returns one or more similarity values from the similarity matrix to one or more entities of the plurality of entities.

A computer-implemented method, computer program product and computing system for: allowing a third-party to select a training routine for a specific attack of a computing platform, thus defining a selected training routine; analyzing the requirements of the selected training routine to determine a quantity of entities required to effectuate the selected training routine, thus defining one or more required entities; generating one or more virtual machines to emulate the one or more required entities; and generating a simulation of the specific attack by executing the selected training routine.

One embodiment of the present invention provides a system for stable selection of collaborating partners for exchanging security data. During operation, the system receives vectors of collaboration values from a plurality of entities. A collaboration value is a measure of an expected benefit of collaborating with a respective entity. The system sorts each of the vectors by the collaboration values of the respective vector. The system then determines matching entities given a number of partners wanted by each organization in N. The system may add matching entities to lists of collaborating partners given the number of partners wanted by each organization in N. Subsequently, the system sends the lists of collaborating partners to facilitate exchanging security data with partners in the list of collaborating partners.

The invention utilizes a two-component system to detect third party security threats and drive improved security threat mitigation based on the detection. The first component of the system is a security threat assessment engine, which receives and/or identifies external data and internal data regarding third parties in order to determine information security threats posed by third-parties. The second component of the system is an analytics engine, which may comprise a machine learning component which is configured to detect threat patterns and anomalies. In response to the detection of the threat patterns and anomalies the security threat assessment engine may be modified in order to more accurately determine security threats. The system after identifying a security threat, generates a notification associated with the security threat and transfers the notification to a first set of third parties that may be affected by the security threat.

A system and method for comprehensive cybersecurity threat assessment of software applications based on the totality of vulnerabilities from all levels of the software supply chain. The system and method comprising analyzing the code and/or operation of a software application to determine components comprising the software, identifying the source of such components, determining vulnerabilities associated with those components, compiling a list of such components, creating a directed graph of relationships between the components and their sources, and evaluating the overall threat associated with the software application based its software supply chain vulnerabilities.

A computer-implemented method, computer program product and computing system for: receiving platform information from a plurality of security-relevant subsystems; processing the platform information to generate processed platform information; identifying less threat-pertinent content included within the processed content; and routing the less threat-pertinent content to a long term storage system.

A machine learning-based system and method for identifying digital threats includes a threat service that: implements a unified threat model that produces a unified threat score that predicts both of: a level of threat of a piece of online content, and a level of threat that a target user will create a harmful piece of online content; wherein: implementing the unified threat model includes: receiving event data comprising historical content data for the target user and content data of the pending piece of online content and historical user digital activity data and real-time user activity data; and providing input of content feature data and user digital activity feature data to the unified threat model; and the unified threat model produces the unified threat score based on the content and the user digital activity data; and computes a threat mitigation action based on an evaluation of the threat score.

A method of monitoring tasks for reducing security risks in a computer system comprising a plurality of computers executing a plurality of applications is provided. The method based on a set of login information, displays a set of risks for a set of applications that execute on the plurality of computers and an identification of a person in a hierarchy supervised by the logged-in person assigned to mitigate each risk. The method also displays the current status of each assigned mitigation.

Systems and methods for detecting digital abuse or digital fraud that involves malicious account testing includes implementing a machine learning threat model that predicts malicious account testing using misappropriate accounts, wherein a subset of a plurality of learnable variables of an algorithmic structure of the machine learning threat model includes one or more learnable variables derived based on feature data indicative of malicious account testing; wherein implementing the machine learning threat model includes: (i) identifying event data from an online event that is suspected to involve digital fraud or digital abuse, (ii) extracting adverse feature data from the event data that map to the one or more learnable variables of the subset, and (iii) providing the adverse feature data as model input to the machine learning threat model; and computing, using the machine learning threat model, a threat prediction indicating a probability that the online event involves malicious account testing.

A system for mitigation of cyberattacks employing an advanced cyber decision platform comprising a time series data store, a directed computational graph module, an action outcome simulation module, and observation and state estimation module, wherein the state of a network is monitored and used to produce a cyber-physical graph representing network resources, simulated network events are producedand monitored, and the network events and their effects are analyzed to produce security recommendations.