A transmitting data between a real first network and a real second network is provided. The transmission device has a first network port for coupling to the real first network and a second network port for coupling to the real second network and also comprises: a simulation unit which is connected to the first network port and which is configured to receive network-specific data from the real first network via the first network port, to provide, in accordance with the received network-specific data, a virtual simulation network of the real first network, and to prepare the provided virtual simulation network, via the second network port, for access to the provided virtual simulation network by the real second network. The transmission device provided allows an attacker to be deliberately deceived, which increases security against attempts to access the real first network from the real second network.

A network monitoring, reporting and risk mitigation system collects events at a computing device within the local network to provide improved network security. The events are aggregated into alerts, which may be processed according to triggering definitions in order to create ARO (action, recommendations and observations) reports providing required or recommended actions to take or observations to a network administrator. The ARO reports may be processed by a remote server in order to generate contextual feedback for updating the triggering definitions.

The present application describes a system that uses endpoint data and network data to detect an anomaly. Once an anomaly is detected, the system may determine a severity of the anomaly by comparing the anomaly to a global database of known anomalies. The system may then initiate preventative measures to address the anomaly.

In one or more embodiments, the disclosed systems, methods, and media include utilizing a crosswalk algorithm to identify controls (e.g., cybersecurity controls) across frameworks, and for utilizing identified controls to generate cybersecurity risk assessments. A cybersecurity module may identify one or more controls in a data structure. The process may utilize a crosswalk algorithm to determine a relatedness between the identified controls and different controls of different frameworks. The process may update the data structure with selected different controls, such that a more robust set of controls are identified when the cybersecurity module indexes into the data structure to identify particular controls. Additionally, the process may generate a risk assessment for a device/software. The process may generate a risk score for the risk assessment, and the risk score may be based on a determined compliance level for each control determined to be related to a defined risk of interest.

A machine learning model is trained based at least on previous change requests, wherein each of the previous change requests are associated with a controlled management of a lifecycle of a change to an information technology environment. A security vulnerability of the information technology environment is identified. Using the trained machine learning model, a corresponding match score for each of a plurality of pending change requests is determined for the security vulnerability. An indication of whether a resolution specification for the security vulnerability is to be linked with one of the plurality of pending change requests selected based on a factor associated with its corresponding match score is received.

Disclosed herein are an apparatus and method for inferring a cyberattack path based on attention. The apparatus includes memory in which at least one program is recorded and a processor for executing the program. The program generates test data required for generating an intelligent attack graph and generates an attack graph based on an intelligent attack path prediction model.

Methods, systems, devices, and tangible non-transitory computer readable media for resource provisioning based on risk scores. The disclosed technology can include accessing resource request data including information associated with a request for a resource from an entity associated with an organization. Organizational data associated with the entity can be accessed. The organizational data can include information associated with risk factors and previous resource allocations of the entity. Based on performance of risk evaluation operations on the organizational data, a risk score associated with provisioning the resource to the entity can be determined. A resource provisioning amount can be determined based on the risk score. The resource provisioning amount can include an amount of the resource authorized to be provisioned to the entity. Furthermore, output including indications associated with the resource provisioning amount can be generated.

A computer implemented method to detect a data breach in a network-connected computing system including generating, at a trusted secure computing device, a copy of data distributed across a network; the computing device accessing sensitive information for the network-connected computer system and searching for at least part of the sensitive information in the copy of the data; in response to an identification of sensitive information in the copy of the data identifying the sensitive information as compromised sensitive information.

A radio transmitter adjusts its radio frequency (RF) fingerprint to defeat RF fingerprinting identification without destroying the content of its transmissions. The radio transmitter comprises a frequency-upconverter configured to upconvert a baseband or intermediate-frequency signal to an RF signal, and an amplifier to amplify the RF signal to produce a transmission signal. An RF fingerprint control circuit changes the non-linear behavior of the frequency-upconverter or the amplifier in order to change the RF fingerprint. The transmitter may create RF fingerprint “personalities” to be paired with different radio protocol behaviors and subscriber terminal identification codes (e.g., MAC addresses or SMSIs) for generating different radio identities.

An apparatus for managing a security policy of a firewall according to an embodiment includes a rule request module that receives one or more requested rules to be applied to a firewall, a rule merge module that merges a pre-applied rule of the firewall and the one or more requested rules when the number of rules applied to the firewall exceeds a maximum number of rule registrations of the firewall due to the requested rule, and a firewall interface module that receives the pre-applied rule from the firewall and provides the pre-applied rule to the rule merge module, and re-registers a merged rule merged through the rule merge module in the firewall, and the rule merge module is configured to merge the pre-applied rule and the one or more requested rules so that a security vulnerable space occurring due to the merging is minimized.