-
1.
公开(公告)号:US20240022547A1
公开(公告)日:2024-01-18
申请号:US18361831
申请日:2023-07-29
申请人: QOMPLX, Inc.
发明人: Jason Crabtree , Richard Kelley
CPC分类号: H04L63/0428 , H04L9/3236 , H04L9/3239 , H04L63/1433 , H04L63/1425 , H04L63/0807 , H04L63/0815 , H04L63/145
摘要: A system and method that uses midservers located between an enterprise network and an external network to provide mass scanning network traffic detection and analysis capabilities for the enterprise network. The midserver may be loaded with configurations that allow it to operate as a mass scan event detector capable of detecting network sniffers, botnets, and malicious peer-to-peer connections which can lead to security vulnerabilities. In such configurations, midserver may receive and analyze network traffic to determine if the network traffic is suspicious based on heuristic and signature-based techniques, and then generate an appropriate response action which can be implemented to mitigate the risk.
-
公开(公告)号:US20230362200A1
公开(公告)日:2023-11-09
申请号:US18339214
申请日:2023-06-21
申请人: QOMPLX, Inc.
发明人: Jason Crabtree , Richard Kelley
IPC分类号: H04L9/40 , G06F16/951 , G06F16/2458
CPC分类号: H04L63/20 , H04L63/1425 , G06F16/951 , G06F16/2477 , H04L63/1441
摘要: A system and method for operational and cyber risk assessment that utilizes a data-driven approach to evaluate the current security posture and identify areas for improvement based on the user's desired target profile. This process involves estimating the costs and benefits associated with various security program enhancements, increased, hiring, and control uplifts. The system and method then quantify these benefits in terms of reduction in tail value at risk, expected losses, cyber insurance premiums, and the amount of risk capital set aside. The system simulates attack paths associated with various risk scenarios and uses a risk scenario model to compute losses associated with each attack path for each risk scenario. The results of the simulation may be used to determine one or more business outcomes associated with the costs and benefits of implementing security enhancements.
-
公开(公告)号:US20230362141A1
公开(公告)日:2023-11-09
申请号:US18333414
申请日:2023-06-12
申请人: QOMPLX, Inc.
发明人: Jason Crabtree , Richard Kelley
CPC分类号: H04L63/0428 , H04L9/3236 , H04L9/3239 , H04L63/0807 , H04L63/0815 , H04L63/1425 , H04L63/1433 , H04L63/145
摘要: A system and method for scoring and enforcing authentication standards that actually enable zero trust network security principles when combined with stateful authentication object tracking, authentication object manipulation and forgery detection, and assessment of authentication and identity attack surface. The methodology involves gathering all authentication objects issued by a network, storing the authentication objects in a centralized location for use in stateful deterministic authentication object tracking, scoring the completeness of the authentication observations, assessing the quality of the authentication observations, and assigning organization-specific penalty functions.
-
公开(公告)号:US11792229B2
公开(公告)日:2023-10-17
申请号:US17389863
申请日:2021-07-30
申请人: QOMPLX, Inc.
发明人: Jason Crabtree , Andrew Sellers
IPC分类号: H04L9/40 , G06F16/2458 , G06F16/951
CPC分类号: H04L63/20 , G06F16/2477 , G06F16/951 , H04L63/1425 , H04L63/1441
摘要: A system and method for automated cybersecurity defensive strategy analysis that predicts the evolution of new cybersecurity attack strategies and makes recommendations for cybersecurity improvements to networked systems based on a cost/benefit analysis. The system and method use machine learning algorithms to run simulated attack and defense strategies against a model of the networked system created using a directed graph. Recommendations are generated based on an analysis of the simulation results against a variety of cost/benefit indicators.
-
5.
公开(公告)号:US20230328132A1
公开(公告)日:2023-10-12
申请号:US18186605
申请日:2023-03-20
申请人: QOMPLX, Inc.
发明人: Jason Crabtree , Richard Kelley
IPC分类号: H04L67/10
CPC分类号: H04L67/10
摘要: A system and method that uses midservers located between the business enterprise computer infrastructure and the cloud-based infrastructure to collect, aggregate, analyze, transform, and securely transmit data from a multitude of computing devices and peripherals at an external network to a cloud-based service. The system and method make use of a plurality of virtual and physical worker agents which can be dynamically instantiated by a transformation engine to carry out one or more transformation sequences, based on pipeline instructions, to a received data stream to prepare the data for transmission as a target data stream format.
-
公开(公告)号:US20230308487A1
公开(公告)日:2023-09-28
申请号:US18189967
申请日:2023-03-24
申请人: QOMPLX, Inc.
发明人: Jason Crabtree , Andrew Sellers , Richard Kelley
IPC分类号: H04L9/40 , G06F16/2458 , G06F16/951
CPC分类号: H04L63/20 , H04L63/1425 , H04L63/1441 , G06F16/2477 , G06F16/951
摘要: A system and method for the secure and private demonstration of cloud-based cyber-security tools. Using an advanced sandboxing design patterns, isolated instances of virtual networks allow a potential client to compare their existing cyber defense tools against a set of cloud-based tools. Capitalizing on non-persistent and secure sandboxes allow the invention to demonstrate fully functional and devastating cyber-attacks while guaranteeing strict privacy and security to both existing customers and potential ones. Additionally, instantiating separate sandboxed observed systems in a single multi-tenant infrastructure provide each customer with the ability to rapidly create actual representations of their enterprise environment offering the most realistic and accurate demonstration and comparison between products.
-
公开(公告)号:US11757945B2
公开(公告)日:2023-09-12
申请号:US17829211
申请日:2022-05-31
申请人: QOMPLX, Inc.
发明人: Jason Crabtree , Andrew Sellers , Richard Kelley
IPC分类号: H04L9/40 , G06F16/2458 , G06F16/951 , G06F21/62 , H04L67/1097
CPC分类号: H04L63/20 , G06F16/2477 , G06F16/951 , G06F21/6218 , H04L63/1425 , H04L63/1433 , H04L63/1441 , H04L67/1097
摘要: A system and method for the contextualization and management of collaborative databases in an adversarial information environment. The system and method feature the ability to scan for, ingest and process, and then use relational, wide column, and graph stores for capturing entity data, their relationships, and actions associated with them. Furthermore, meta-data is gathered and linked to the ingested data, which provides a broader contextual view of the environment leading up to and during an event of interest. The gathered data and meta-data is used to manage the reputation of the contributing data sources. The system links each successive data set, algorithm, or meta-data which might pertain to its unique identification and to its ultimate reputation, utility, or fitness for purpose.
-
公开(公告)号:US11757920B2
公开(公告)日:2023-09-12
申请号:US17390889
申请日:2021-07-31
申请人: QOMPLX, Inc.
发明人: Jason Crabtree , Andrew Sellers
CPC分类号: H04L63/1433 , G06N20/00 , H04L41/12 , H04L41/22 , H04L63/1416 , H04L63/1466
摘要: A system and method for network cybersecurity analysis that uses user and entity behavioral analysis combined with network topology information to provide improved cybersecurity. The system and method involve gathering network entity information, establishing baseline behaviors for each entity, and monitoring each entity for behavioral anomalies that might indicate cybersecurity concerns. Further, the system and method involve incorporating network topology information into the analysis by generating a model of the network, annotating the model with risk and criticality information for each entity in the model and with a vulnerability level between entities, and using the model to evaluate cybersecurity risks to the network. Risks and vulnerabilities associated with user entities may be represented, in part or in whole, by the behavioral analyses and monitoring of those user entities.
-
公开(公告)号:US11750659B2
公开(公告)日:2023-09-05
申请号:US17216939
申请日:2021-03-30
申请人: QOMPLX, Inc.
发明人: Jason Crabtree , Andrew Sellers , Richard Kelley
IPC分类号: H04L9/40 , G06F16/2458 , G06F16/951
CPC分类号: H04L63/20 , G06F16/2477 , G06F16/951 , H04L63/1425 , H04L63/1441
摘要: A system and method for generating comprehensive security profiles and ratings for organizations that takes into account the organization's infrastructure and operations in generating the profile, and the context and purpose of the rating to be generated related to the profile. The system and method may further comprise gathering data about the totality of the organization's infrastructure and operations, generating a cybersecurity profile using active and passive internal and external reconnaissance of the organization to determine cybersecurity vulnerabilities and potential impacts to the business in light of the information gathered about the organization's infrastructure and operations, and generating cybersecurity scores and ratings that take into account all of the above information, plus the context and purpose of the score or rating to be generated based on the cybersecurity profile.
-
公开(公告)号:US11714991B2
公开(公告)日:2023-08-01
申请号:US17333259
申请日:2021-05-28
申请人: QOMPLX, Inc.
发明人: Jason Crabtree , Andrew Sellers
CPC分类号: G06N3/006 , G06N5/043 , G06N20/00 , G06Q10/0637 , H04L67/10
摘要: A system and methods for generating and applying learning agents in simulated environments, in which an agent simulation is selected, one or more agent goals are received, and agents are created which are individual instances of the agent simulation with each agent having at least one of the agent goals, wherein the agents are used in the execution of an environment simulation which dynamically changes based on the collective behavior of the agents.
-
-
-
-
-
-
-
-
-