DYNAMIC CYBERSECURITY SCORING AND OPERATIONAL RISK REDUCTION ASSESSMENT

    公开(公告)号:US20230362200A1

    公开(公告)日:2023-11-09

    申请号:US18339214

    申请日:2023-06-21

    申请人: QOMPLX, Inc.

    摘要: A system and method for operational and cyber risk assessment that utilizes a data-driven approach to evaluate the current security posture and identify areas for improvement based on the user's desired target profile. This process involves estimating the costs and benefits associated with various security program enhancements, increased, hiring, and control uplifts. The system and method then quantify these benefits in terms of reduction in tail value at risk, expected losses, cyber insurance premiums, and the amount of risk capital set aside. The system simulates attack paths associated with various risk scenarios and uses a risk scenario model to compute losses associated with each attack path for each risk scenario. The results of the simulation may be used to determine one or more business outcomes associated with the costs and benefits of implementing security enhancements.

    NETWORK AUTHENTICATION TOXICITY ASSESSMENT
    3.
    发明公开

    公开(公告)号:US20230362141A1

    公开(公告)日:2023-11-09

    申请号:US18333414

    申请日:2023-06-12

    申请人: QOMPLX, Inc.

    IPC分类号: H04L9/32 H04L9/40

    摘要: A system and method for scoring and enforcing authentication standards that actually enable zero trust network security principles when combined with stateful authentication object tracking, authentication object manipulation and forgery detection, and assessment of authentication and identity attack surface. The methodology involves gathering all authentication objects issued by a network, storing the authentication objects in a centralized location for use in stateful deterministic authentication object tracking, scoring the completeness of the authentication observations, assessing the quality of the authentication observations, and assigning organization-specific penalty functions.

    SYSTEM AND METHOD FOR MIDSERVER INTEGRATION AND TRANSFORMATION OF TELEMETRY FOR CLOUD - BASED SERVICES

    公开(公告)号:US20230328132A1

    公开(公告)日:2023-10-12

    申请号:US18186605

    申请日:2023-03-20

    申请人: QOMPLX, Inc.

    IPC分类号: H04L67/10

    CPC分类号: H04L67/10

    摘要: A system and method that uses midservers located between the business enterprise computer infrastructure and the cloud-based infrastructure to collect, aggregate, analyze, transform, and securely transmit data from a multitude of computing devices and peripherals at an external network to a cloud-based service. The system and method make use of a plurality of virtual and physical worker agents which can be dynamically instantiated by a transformation engine to carry out one or more transformation sequences, based on pipeline instructions, to a received data stream to prepare the data for transmission as a target data stream format.

    SYSTEM AND METHOD FOR SECURE EVALUATION OF CYBER DETECTION PRODUCTS

    公开(公告)号:US20230308487A1

    公开(公告)日:2023-09-28

    申请号:US18189967

    申请日:2023-03-24

    申请人: QOMPLX, Inc.

    摘要: A system and method for the secure and private demonstration of cloud-based cyber-security tools. Using an advanced sandboxing design patterns, isolated instances of virtual networks allow a potential client to compare their existing cyber defense tools against a set of cloud-based tools. Capitalizing on non-persistent and secure sandboxes allow the invention to demonstrate fully functional and devastating cyber-attacks while guaranteeing strict privacy and security to both existing customers and potential ones. Additionally, instantiating separate sandboxed observed systems in a single multi-tenant infrastructure provide each customer with the ability to rapidly create actual representations of their enterprise environment offering the most realistic and accurate demonstration and comparison between products.

    User and entity behavioral analysis with network topology enhancements

    公开(公告)号:US11757920B2

    公开(公告)日:2023-09-12

    申请号:US17390889

    申请日:2021-07-31

    申请人: QOMPLX, Inc.

    摘要: A system and method for network cybersecurity analysis that uses user and entity behavioral analysis combined with network topology information to provide improved cybersecurity. The system and method involve gathering network entity information, establishing baseline behaviors for each entity, and monitoring each entity for behavioral anomalies that might indicate cybersecurity concerns. Further, the system and method involve incorporating network topology information into the analysis by generating a model of the network, annotating the model with risk and criticality information for each entity in the model and with a vulnerability level between entities, and using the model to evaluate cybersecurity risks to the network. Risks and vulnerabilities associated with user entities may be represented, in part or in whole, by the behavioral analyses and monitoring of those user entities.

    Cybersecurity profiling and rating using active and passive external reconnaissance

    公开(公告)号:US11750659B2

    公开(公告)日:2023-09-05

    申请号:US17216939

    申请日:2021-03-30

    申请人: QOMPLX, Inc.

    摘要: A system and method for generating comprehensive security profiles and ratings for organizations that takes into account the organization's infrastructure and operations in generating the profile, and the context and purpose of the rating to be generated related to the profile. The system and method may further comprise gathering data about the totality of the organization's infrastructure and operations, generating a cybersecurity profile using active and passive internal and external reconnaissance of the organization to determine cybersecurity vulnerabilities and potential impacts to the business in light of the information gathered about the organization's infrastructure and operations, and generating cybersecurity scores and ratings that take into account all of the above information, plus the context and purpose of the score or rating to be generated based on the cybersecurity profile.