Wells Fargo Bank, N.a.

Qomplx, Inc.

Daniel Fricano

Peter Anatole Makohon

Charles Steven Edison

Kodzo Wegba

Thomas Gilheany

James Bonk

Dale Miller

Shane D Cross

Kevin Michael Wurzer

Jason Crabtree

Andrew Sellers

Ian MacLeod

Rajat Gupta

James A Smith

Paul D Jacobson

Cheng Tcha Vue

Christopher Sean Michael Stamp

A system includes a data channel configured to provide device connectivity data associated with an entity, a data channel communication network configured to communicate the device connectivity data from the data channel, and a processing circuit communicatively coupled to the data channel via the data channel communication network. The processing circuit is structured to identify a vulnerability associated with a property of the device connectivity data, generate a scanner uniform resource locator (URL) based on the property of the device connectivity data, the scanner URL including a parametrized scanner executable structured to accept as a parameter at least a part of the property of the device connectivity data, and transmit the scanner URL to a computing system.

Security model utilizing multi-channel data with vulnerability remediation circuitry

Systems and methods for monitoring and enforcing a service level agreement for an entity are provided. A system includes a scanning engine, an assessment engine, a terms repository, an agreements repository, an assessments repository, and a processing circuit. The processing circuit is configured to perform operations including: receive device connectivity data; determine an entity; identify a data set of computing resources associated with the entity; reference a service level agreement associated with the entity; parse at least one term from the service level agreement; retrieve an assessment map for the at least one parsed term, wherein the assessment map comprises a key performance indicator, a data set of actual service level values, and a response protocol; score the identified data set of computing resources associated with the entity; determine an assessed service level value; store the assessed service level value; and monitor the identified data set of computing resources.

Security model utilizing multi-channel data with service level agreement integration

A computing system comprising a processing circuit is configured to receive, via a data channel from an agentless monitoring data source, user activity data associated with a first computing device of a first user, determine a policy violation based on the user activity data, compare employee-related information associated with the first user to a threshold, determine a baseline level of risk based on the employee-related information exceeding the threshold, determine a user score based on at least one of a threat dimension or an exposure dimension or an impact dimension, determine a probability of an adverse event based on the determined baseline level of risk and the user score, generate a user-interactive electronic notification comprising an indication of the probability of the adverse event, and transmit the user-interactive electronic notification to a second computing device of a second user.

Systems and methods for automated anomalous behavior detection and risk-scoring individuals

A system comprises a memory and one or more processors in communication with the memory. The one or more processors may be configured to obtain information associated with one or more authorized file changes and store the information associated with one or more authorized file changes in a first index. The processors may be further configured to obtain one or more file change events and enrich the one or more file change events with the information associated with one or more authorized file changes from the first index. The processors may also be configured to store the one or more file change events enriched with the information associated with one or more authorized file changes in a second index, and based on the enriched data stored in the second index, output an indication that the one or more file change events are false positives.

Determining false positives of file change events detected by file integrity monitoring tools

Systems and methods for managing cybersecurity for an entity are disclosed. An example method includes providing a content portal to a user configured to display a security risk profile via a generated GUI; receiving, via the generated GUI, a first input from the user comprising a selection of a component identified in the security risk profile and a response parameter; providing, via the generated GUI, parameters for a targeted scan of the selected component; receiving, via the generated GUI, a second input from the user comprising a selection of a confirmation of the parameters; identifying a vulnerability associated with a first property or a second property from device connectivity data based on the parameters; initiating the targeted scan of the selected component associated with the vulnerability; determining a result of the targeted scan; updating the security risk profile; and updating a multi-dimensional score based on the updated security risk profile.

Security model utilizing multi-channel data with risk-entity facing cybersecurity alert engine and portal

Systems, methods, and computer-readable storage media are utilized to analyze multi-channel data based on a security model in a computer network environment. One system includes a plurality of data channels configured to access entity data and a processing circuit communicatively coupled to a data channel of the plurality of data channels, the processing circuit configured to identify at least one vulnerability, determine an impact of the at least one vulnerability, assign the first property to a first cybersecurity dimension, generate a cybersecurity risk score based at least on the impact of the at least one vulnerability, and generate a multi-dimensional score for a target computer network environment based on the cybersecurity risk score.

Security model utilizing multi-channel data

Systems and methods for managing third party data are provided. A third party data management system includes a processing circuit. The processing circuit is configured to receive first third party activity data from a source computing system and via a cybersecurity correlation and analytics computing system, determine a computing entity external to the third party data management system associated with the third party activity data based on at least one item extracted from the first third party activity data, periodically monitor third party activity associated with the computing entity, comprising operations to collect second third party activity data, and correlate the monitored second third party activity data to an entity profile.

3rd party data explorer

Systems and methods for vulnerability remediation based on a dynamic security model are disclosed. Device connectivity data for an entity external to an identifier entity is received by the identifier entity. A vulnerability is identified and risk-scored based on a property parsed from the device connectivity data. The identifier entity may execute an automatic action to prevent the identifier entity from receiving electronic communications from the affected component of the external entity. Further, based on the risk score meeting various parameters, a hyperlink is generated by the identifier entity and provided to the external entity. The hyperlink may include a remediation executable parametrized using the property parsed from the device connectivity data. The remediation executable may include a reference to a patch structured to remediate the vulnerability. Once the external entity remediates the vulnerability, the external entity may initiate a rescan of its affected component.

Systems, methods and computer-readable storage media are utilized dynamically discovering components of a computer network environment. The processing circuit of a data acquisition engine configured determine a domain name associated with an entity profile, determine an IP range, validate at the domain name, the IP range, and the IP address, collect additional device connectivity data, and provide the additional device connectively data.

Systems, methods, and computer-readable media for managing cybersecurity risk for an entity are disclosed. An example method includes receiving device connectivity data for the entity; determining vulnerability data based on the device connectivity data; generating a security risk profile of the entity; retrieving an external contact; generating a vulnerability notification; transmitting the vulnerability notification; providing a content portal to a user, wherein the content portal is configured to display the security risk profile via a dynamically generated graphical user interface (GUI); receiving, via the dynamically generated GUI, an input from the user, the input comprising a selection of a component identified in the security risk profile and a response parameter; initiating a targeted scan of the selected component; determining a result of the targeted scan; updating the security risk profile; and providing, via the dynamically generated GUI, the updated security risk profile to the user.

Systems, methods and computer-readable storage media are utilized to analyze multi-channel data based on a security model in a computer network environment. A computing system is communicatively coupled to a plurality of data channels configured to access entity data via at least one data channel communication network. A plurality of data sources configured to store entity data are associated with the respective data channels. A processing circuit is communicatively coupled to a particular data channel via a data channel communication network and is structured to receive, via the data channel, entity data comprising device connectivity data, parse properties from the device connectivity data where the properties correspond to particular security dimensions, identify vulnerabilities associated with the properties, determine vulnerability impact, and generate a multi-dimensional risk score for a target computer network environment associated with the entity.

Systems, methods, and apparatuses for anomalous user behavior detection and risk-scoring individuals are described. User activity data associated with a first computing device of a first user is received from an agentless monitoring data source different from the first computing device. The user activity data includes a user identifier. An active directory (AD) identifier and employee-related information from a human resources database are determined based on the user identifier. Based on the employee-related information and/or AD identifier, a probability of an adverse event is determined. When the probability of the adverse event exceeds a predetermined threshold, a logging agent is activated on the first computing device and additional user activity data is received from the logging agent. A user-interactive electronic notification comprising an indication of the probability of the adverse event, a subset of the user activity data, and the additional user activity data is generated and transmitted to a second computing device of a second user.

A system for mitigation of cyberattacks employing an advanced cyber decision platform which uses a time series data store, a directed computational graph module, an action outcome simulation module, and observation and state estimation module, wherein the state of a network is monitored and used to produce a cyber-physical graph representing network resources, simulated network events are produced and monitored, and the network events and their effects are analyzed to produce security recommendations.

Growing community of inventors

San Francisco, CA, United States of America

Daniel Fricano