公开(公告)号：US10853883B2

公开(公告)日：2020-12-01

申请号：US15678089

申请日：2017-08-15

申请人： QOMPLX, Inc.

发明人： Jason Crabtree ,  Andrew Sellers ,  Raveem Ismail ,  Anant Borole ,  Bharat Amin

IPC分类号： G06Q10/10 ,  G06Q10/00 ,  G06Q40/08 ,  G06N5/02 ,  G06Q30/02

摘要： A system for generating a cybersecurity profile, wherein a time series data retrieval and storage server retrieves information from a prospective client, and information previously gathered, and stored, from a plurality of sources; a directed computational graph analysis module performs graph analysis on the data from the time series data retrieval and storage server; and an automated planning service module performs predictive simulation analysis on data received from the directed computational graph.

公开(公告)号：US10673887B2

公开(公告)日：2020-06-02

申请号：US15818733

申请日：2017-11-20

申请人： QOMPLX, Inc.

发明人： Jason Crabtree ,  Andrew Sellers

IPC分类号： H04L29/06 ,  G06F11/34 ,  G06Q40/08 ,  G06F11/30 ,  G06Q50/00

摘要： A system for comprehensive cybersecurity analysis and rating based on heterogeneous data and reconnaissance is which uses a high volume web crawler directed by an automated planning service module to establish a scope of cybersecurity analysis for a target network, perform reconnaissance of the target network, and assign scores for several types of reconnaissance, and uses a cybersecurity scoring engine to generate an aggregated cybersecurity rating from the assigned scores.

公开(公告)号：US20240119140A1

公开(公告)日：2024-04-11

申请号：US18299470

申请日：2023-04-12

申请人： QOMPLX, Inc.

发明人： Jason Crabtree ,  Richard Kelley

IPC分类号： G06F21/53 ,  G06F8/65 ,  G06F9/455 ,  G06F21/56 ,  G06F21/57 ,  G06Q40/08 ,  H04L9/40

CPC分类号： G06F21/53 ,  G06F8/65 ,  G06F9/455 ,  G06F21/566 ,  G06F21/577 ,  G06Q40/08 ,  H04L63/1425 ,  H04L63/1433 ,  G06F2221/033 ,  G06N20/00

摘要： A system and methods for sandboxed software analysis with automated vulnerability detection and patch development, deployment and validation, comprising a business operating system, vulnerability scoring engine, binary translation engine, sandbox simulation engine, at least one network endpoint, at least one database, a network, and a combination of machine learning and vulnerability probing techniques, to analyze software, locate any vulnerabilities or malicious behavior, and attempt to patch and prevent undesired behavior from occurring, autonomously.

公开(公告)号：US20240022546A1

公开(公告)日：2024-01-18

申请号：US18361825

申请日：2023-07-29

申请人： QOMPLX, Inc.

发明人： Jason Crabtree ,  Richard Kelley

IPC分类号： H04L9/40 ,  H04L9/32

CPC分类号： H04L63/0428 ,  H04L9/3236 ,  H04L9/3239 ,  H04L63/1433 ,  H04L63/1425 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/145

摘要： A system and method for implementation of zero trust computer network security combined with stateful authentication object tracking, authentication object manipulation and forgery detection, and assessment of authentication and identity attack surface. The methodology involves gathering all authentication objects issued by a network, storing the authentication objects in a master ledger for use in stateful deterministic authentication object tracking, and running detection functions that compare authentication objects presented for access to network resources with the master ledger. In an embodiment, an authentication object agent is installed at the domain controller level. In another embodiment, a log extension utility is installed at the local host computer level to provide additional log data for additional cyberattack detections.

公开(公告)号：US11848966B2

公开(公告)日：2023-12-19

申请号：US17245201

申请日：2021-04-30

申请人： QOMPLX, Inc.

发明人： Jason Crabtree ,  Andrew Sellers

IPC分类号： H04L9/40 ,  G06F16/2458 ,  G06F16/951

CPC分类号： H04L63/20 ,  G06F16/2477 ,  G06F16/951 ,  H04L63/1425 ,  H04L63/1441

摘要： A system and method for analyzing integrated operational technology and information technology systems with sufficient granularity to predict their behavior with a high degree of accuracy. The system and method involve creating high-fidelity models of the operational technology and information technology systems using one or more cyber-physical graphs, performing parametric analyses of the models to identify key components, scaling the parametric analyses of the models to analyze the key components at a greater level of granularity, and iteratively improving the models testing them against in-situ data from the real-world systems represented by the high-fidelity models.

公开(公告)号：US11831682B2

公开(公告)日：2023-11-28

申请号：US17074882

申请日：2020-10-20

申请人： QOMPLX, Inc.

发明人： Jason Crabtree ,  Angadbir Salaria ,  Andrew Sellers ,  Marian Trnkus

IPC分类号： H04L9/40 ,  G06F16/2458 ,  G06F16/951

CPC分类号： H04L63/20 ,  G06F16/2477 ,  G06F16/951 ,  H04L63/1425 ,  H04L63/1441

摘要： A system and method for a highly scalable distributed connection interface for data capture from multiple network service sources. The connection interface is designed to enable simple to initiate, performant and highly available input/output from a large plurality of external networked service's and application's application programming interfaces (API) to the modules of an integrated predictive business operating system. To handle the high volume of information exchange, the connection interface is distributed and designed to be scalable and self-load-balancing. The connection interface possesses robust expressive scripting capabilities that allow highly specific handling rules to be generated for the routing, transformation, and output of data within the business operating system.

公开(公告)号：US20230370491A1

公开(公告)日：2023-11-16

申请号：US18358005

申请日：2023-07-24

申请人： QOMPLX, Inc.

发明人： Jason Crabtree ,  Richard Kelley

IPC分类号： H04L9/40

CPC分类号： H04L63/1433 ,  H04L63/20 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/102

摘要： A system and method for cyber exploitation path analysis and response using federated networks to minimize network exposure and maximize network resilience, with the ability to simulate complex and large scale network traffic through the use of federated training networks, by gathering network entity information, establishing baseline behaviors for each entity, and monitoring each entity for behavioral anomalies that might indicate cybersecurity concerns. Further, the system and method involve incorporating network topology information into the analysis by generating a model of the network, annotating the model with risk and criticality information for each entity in the model and with a vulnerability level between entities, and using the model to evaluate cybersecurity risks to the network. Lastly, network attack path analysis and automated task planning for minimizing network exposure and maximizing resiliency is performed with machine learning, generative adversarial networks, hierarchical task networks, and Monte Carlo search trees.

公开(公告)号：US20230368076A1

公开(公告)日：2023-11-16

申请号：US18349909

申请日：2023-07-10

申请人： QOMPLX, Inc.

发明人： Jason Crabtree ,  Andrew Sellers

IPC分类号： G06N20/00 ,  G06F16/90 ,  G06F16/25 ,  G06N5/022

CPC分类号： G06N20/00 ,  G06F16/90 ,  G06F16/252 ,  G06N5/022 ,  H04L67/10

摘要： A system for multitemporal data analysis is provided, comprising a directed computation graph service module configured to receive input data from a plurality of sources, analyze the input data to determine a best course of action for analyzing the input data, and split the input data for queueing to a general transformer service module or a decomposable service module based at least in part by analysis of the input data; a general transformer service module configured to receive data from the directed computation graph service module, and perform analysis on the received data; and a general transformer service module configured to receive data from directed computational graph module, and perform analysis on the received data.

公开(公告)号：US20230208820A1

公开(公告)日：2023-06-29

申请号：US18172213

申请日：2023-02-21

申请人： QOMPLX, Inc.

发明人： Jason Crabtree ,  Richard Kelley

IPC分类号： H04L9/40 ,  H04L9/14 ,  G06F16/951 ,  H04L9/32 ,  G06N20/00 ,  H04L9/00

CPC分类号： H04L63/0428 ,  G06F16/951 ,  G06N7/01 ,  H04L9/14 ,  H04L9/3236 ,  H04L9/3297 ,  H04L63/061 ,  H04L63/1408 ,  G06N5/01 ,  G06N5/045 ,  G06N5/046 ,  G06N20/00 ,  H04L9/50 ,  H04L63/123 ,  H04L63/0442

摘要： A system and method for predictive cyber-physical resource management, including a business operating system, parameter evaluation engine, at least one cyber-physical asset, at least one crypt-ledger, a network, and the ability to represent data in Markov State Models and finite state machines.

公开(公告)号：US20230171292A1

公开(公告)日：2023-06-01

申请号：US17986850

申请日：2022-11-14

申请人： QOMPLX, Inc.

发明人： Jason Crabtree ,  Richard Kelley

IPC分类号： H04L9/40 ,  G06F16/2458 ,  G06F16/951

CPC分类号： H04L63/20 ,  H04L63/1425 ,  H04L63/1441 ,  G06F16/2477 ,  G06F16/951

摘要： A system and method for holistic network cybersecurity evaluation and risk rating that takes into account the operation of the entire target network environment comprising hardware, software, operating systems, and network connections. Not only are the hardware, software, operating system, and network evaluated separately for cybersecurity concerns, their interaction and operation as a whole are also evaluated and scored. The results of such analyses may be used, for example, by underwriters of cybersecurity insurance policies to determine policy terms and rates.