quantarcyber.com · web viewquantar’s preliminary infringement contentions
TRANSCRIPT
EXHIBIT E
Quantar’s Preliminary Infringement Contentions
US Patent No: 9762605 15/012,182 Accused Instrumentalities
Claim: 1
1. Apparatus for assessing financial loss from cyber threats capable of affecting at least one computer network, the threat including at least one electronic threat, the computer network comprising a plurality of IT systems and a plurality of business processes operating on the plurality of IT systems, the apparatus comprising at least one processor configured pursuant to programming code in a non-transitory computer readable memory coupled to the processor, the non-transitory computer memory storing instructions executable by the processor that cause the processor to:
NEHEMIA 1 (at 0.48);
https://quantarsolutions.com/wp-content/uploads/2019/05/NEHEMIA-1.mp4
NEHEMIA 2;
Prioritize Cyber Risks in DollarsRQ is an automated cyber risk platform engineered to deliver financially-quantifiedintelligence and mitigation options specific to each business
Transfer Cyber Risks Intelligentlyweigh the costs of mitigating a risk,
Step 1: Model the Business-Tech EnvironmentRQ gathers business and IT data to establish a comprehensive understanding of a company’senvironment. This exercise uses a step-by-step wizard to establish ties between key businessprocesses, applications, and the underlying IT infrastructure
Step 2: Financially Quantify Cyber RiskRQ manages over 5,000 algorithms, each custom built using Nehemiah’s curated risk intel
Page 1 of 73
database.After modeling the environment, RQ activates the appropriate calculations to measure Probability ofLoss and Computed Loss for a variety of loss types:1. Revenue loss2. Business disruption
Step 3: Drive Action to Mitigate Cyber RisksRQ generates a list of recommended controls and computes the ROI of these security investments.
NEHEMIA 3;
RQ Financially Quantify Cyber as a Business RiskA Risk Quantification PlatformRQ (Risk Quantifier) is a decision support platform that enables organizations to understand the financial exposure from a cyberattack and trace back to the area of impact. RQ combines your existing data with our database of attack and loss intelligence to compute the financial loss of a cyberattack and recommend mitigations that provide the best financial return.
To quantify cyber risks, RQ considers all dimensions: the Business, IT, and the Attacker
Where’s the impact?Trace where in the IT environment a risk can be realized. Detail the correlation between business assets and IT applications to support mitigation efforts
NEHEMIA 4;Nehemiah Security’s Risk Engine Quantifies Cyber Risk in Financial Terms
RQ 2.0, a cyber risk platform engineered to financially quantify security as a business risk
Page 2 of 73
based onverifiable intelligence. Designed to correlate technical risks with an organization’s business assets, RQ’s Risk Engine aggregates data from business units, IT environments, and threat intelligence to identify the dollar amount that an organization’s unique risks pose to their business operations.
Nehemiah is the first to market with continuous, automated cyber risk quantification armed with risk mitigation and projected ROI computations to precisely answer questions like, “What is theseverity of these risks to the business?”
Nehemiah’s RQ platform allows technical leaders to quantitatively report on the business impact of cyber risk through the lens of their company’s unique business model. The risk engine establishes relationships between business applications and technical assets, then correlates technical exposures to threat intelligence feeds and known attacker scenarios.
RQ automatically computes security as a business risk in financial terms. The RQ dashboard updates to report on potential losses such as disruption,
NEHEMIA 6;
Page 3 of 73
LossPRODUCT 2;
Page 4 of 73
PRODUCT 3;
Page 5 of 73
PRODUCT 4
Page 6 of 73
FinancialPRODUCT 1;
Page 7 of 73
PRODUCT 2;
Page 8 of 73
PRODUCT 3;
Page 9 of 73
PRODUCT 4
Page 10 of 73
predict future cyber threat activity using a Monte Carlo method based on stochastic modeling of actual past observed computer network cyber threat activity, to receive observed cyber threat data from a database, the list of observed cyber threats including information, for each threat, of identification of at least one computer system targeted, to extrapolate future event frequency, to
NEHEMIA 1 (at 0.48);
https://quantarsolutions.com/wp-content/uploads/2019/05/NEHEMIA-1.mp4
NEHEMIA 1 (at 1.51);
https://quantarsolutions.com/wp-content/uploads/2019/05/NEHEMIA-1.mp4
Page 11 of 73
produce a profile of predicted cyber threat activity, wherein for each actual observed cyber threat on the computer network, an identifier, a name, a description of the threat, a temporal profile specifying frequency of occurrence, a target (or targets) for the threat and a severity score for the (each target) are included in the cyber threat data within the database, output the predicted future threat activity to one or more firewalls to improve their accuracy in correctly identifying cyber threats actually observed on the one or more computer networks to improve the accuracy of the apparatus and stochastic modeling of assessing financial loss from cyber threats on an ongoing basis, determine expected downtime of each system of the plurality of IT systems in dependence upon said predicted threat activity including the severity scores and extrapolated future event frequency, determine loss for each of the plurality of business processes dependent on the downtimes of the IT systems, and add losses for the plurality of business processes so as to obtain a combined financial loss arising from the cyber threat activity.
NEHEMIA 2;
Prioritize Cyber Risks in DollarsRQ is an automated cyber risk platform engineered to deliver financially-quantifiedintelligence and mitigation options specific to each business
Transfer Cyber Risks Intelligentlyweigh the costs of mitigating a risk,
Step 1: Model the Business-Tech EnvironmentRQ gathers business and IT data to establish a comprehensive understanding of a company’senvironment. This exercise uses a step-by-step wizard to establish ties between key businessprocesses, applications, and the underlying IT infrastructure
Step 2: Financially Quantify Cyber RiskRQ manages over 5,000 algorithms, each custom built using Nehemiah’s curated risk intel database.After modeling the environment, RQ activates the appropriate calculations to measure Probability ofLoss and Computed Loss for a variety of loss types:1. Revenue loss2. Business disruption
Step 3: Drive Action to Mitigate Cyber RisksRQ generates a list of recommended controls and computes the ROI of these security investments.
NEHEMIA 3;
Page 12 of 73
RQ Financially Quantify Cyber as a Business RiskA Risk Quantification PlatformRQ (Risk Quantifier) is a decision support platform that enables organizations to understand the financial exposure from a cyberattack and trace back to the area of impact. RQ combines your existing data with our database of attack and loss intelligence to compute the financial loss of a cyberattack and recommend mitigations that provide the best financial return.
To quantify cyber risks, RQ considers all dimensions: the Business, IT, and the Attacker
Where’s the impact?Trace where in the IT environment a risk can be realized. Detail the correlation between business assets and IT applications to support mitigation efforts
NEHEMIA 4;Nehemiah Security’s Risk Engine Quantifies Cyber Risk in Financial Terms
RQ 2.0, a cyber risk platform engineered to financially quantify security as a business risk based onverifiable intelligence. Designed to correlate technical risks with an organization’s business assets, RQ’s Risk Engine aggregates data from business units, IT environments, and threat intelligence to identify the dollar amount that an organization’s unique risks pose to their business operations.
Nehemiah is the first to market with continuous, automated cyber risk quantification armed with risk mitigation and projected ROI computations to precisely answer questions like, “What is theseverity of these risks to the business?”
Nehemiah’s RQ platform allows technical leaders to quantitatively report on the business impact of cyber risk through the lens of their company’s unique business model. The risk
Page 13 of 73
engine establishes relationships between business applications and technical assets, then correlates technical exposures to threat intelligence feeds and known attacker scenarios.
RQ automatically computes security as a business risk in financial terms. The RQ dashboard updates to report on potential losses such as disruption,
NEHEMIA 6;
LossPRODUCT 2;
Page 14 of 73
PRODUCT 3;
Page 15 of 73
PRODUCT 4
Page 16 of 73
;
FinancialPRODUCT 1;
Page 17 of 73
PRODUCT 2;
Page 18 of 73
PRODUCT 3;
Page 19 of 73
PRODUCT 4
Page 20 of 73
Receive (data)PRODUCT 1;
Page 21 of 73
PredictedPRODUCT 2;
Page 22 of 73
PRODUCT 3;
Page 23 of 73
DependencePRODUCT 2;
Page 24 of 73
SeverityPRODUCT 2;
Page 25 of 73
ScorePRODUCT 2;
Page 26 of 73
Claim: 11
11. A computer-implemented method, the method being performed by a computer system having one or more computer processors and a non-transitory computer readable memory in which programming code is stored, whereupon execution of the programming code by one or more computer processors the computer system performs
Page 27 of 73
operations comprising:
predicting future cyber threat activity, for each of a plurality of computer network cyber threats, using a Monte Carlo method based on stochastic modeling of actual past observed computer network cyber threat activity, to receive observed cyber threat data from a database, the list of observed cyber threats including information, for each threat, of identification of at least one computer system targeted, to extrapolate future event frequency, to produce a profile of predicted cyber threat activity, wherein for each actual observed cyber threat on the computer network, an identifier, a name, a description of the threat, a temporal profile specifying frequency of occurrence, a target (or targets) for the threat and a severity score for the (each target) are included in the cyber threat data within the database, output the predicted future threat activity to one or more firewalls to improve their accuracy in correctly identifying cyber threats actually observed on the one or more computer networks to improve the accuracy of the apparatus and stochastic modeling of assessing financial loss from cyber threats on an ongoing basis, wherein for each given threat the method comprises;
NEHEMIA 1 (at 0.48);
https://quantarsolutions.com/wp-content/uploads/2019/05/NEHEMIA-1.mp4
NEHEMIA 1 (at 1.51);
https://quantarsolutions.com/wp-content/uploads/2019/05/NEHEMIA-1.mp4
NEHEMIA 2;
Prioritize Cyber Risks in DollarsRQ is an automated cyber risk platform engineered to deliver financially-quantifiedintelligence and mitigation options specific to each business
Transfer Cyber Risks Intelligentlyweigh the costs of mitigating a risk,
Step 1: Model the Business-Tech EnvironmentRQ gathers business and IT data to establish a comprehensive understanding of a company’senvironment. This exercise uses a step-by-step wizard to establish ties between key businessprocesses, applications, and the underlying IT infrastructure
Step 2: Financially Quantify Cyber RiskRQ manages over 5,000 algorithms, each custom built using Nehemiah’s curated risk intel database.
Page 28 of 73
After modeling the environment, RQ activates the appropriate calculations to measure Probability ofLoss and Computed Loss for a variety of loss types:1. Revenue loss2. Business disruption
Step 3: Drive Action to Mitigate Cyber RisksRQ generates a list of recommended controls and computes the ROI of these security investments.
NEHEMIA 3;
RQ Financially Quantify Cyber as a Business RiskA Risk Quantification PlatformRQ (Risk Quantifier) is a decision support platform that enables organizations to understand the financial exposure from a cyberattack and trace back to the area of impact. RQ combines your existing data with our database of attack and loss intelligence to compute the financial loss of a cyberattack and recommend mitigations that provide the best financial return.
To quantify cyber risks, RQ considers all dimensions: the Business, IT, and the Attacker
Where’s the impact?Trace where in the IT environment a risk can be realized. Detail the correlation between business assets and IT applications to support mitigation efforts
NEHEMIA 4;Nehemiah Security’s Risk Engine Quantifies Cyber Risk in Financial Terms
RQ 2.0, a cyber risk platform engineered to financially quantify security as a business risk based on
Page 29 of 73
verifiable intelligence. Designed to correlate technical risks with an organization’s business assets, RQ’s Risk Engine aggregates data from business units, IT environments, and threat intelligence to identify the dollar amount that an organization’s unique risks pose to their business operations.
Nehemiah is the first to market with continuous, automated cyber risk quantification armed with risk mitigation and projected ROI computations to precisely answer questions like, “What is theseverity of these risks to the business?”
Nehemiah’s RQ platform allows technical leaders to quantitatively report on the business impact of cyber risk through the lens of their company’s unique business model. The risk engine establishes relationships between business applications and technical assets, then correlates technical exposures to threat intelligence feeds and known attacker scenarios.
RQ automatically computes security as a business risk in financial terms. The RQ dashboard updates to report on potential losses such as disruption,
NEHEMIA 6;
Page 30 of 73
;
LossPRODUCT 2;
Page 31 of 73
PRODUCT 3;
Page 32 of 73
PRODUCT 4
Page 33 of 73
FinancialPRODUCT 1;
Page 34 of 73
PRODUCT 2;
Page 35 of 73
PRODUCT 3;
Page 36 of 73
PRODUCT 4
Page 37 of 73
Receive (data)PRODUCT 1;
Page 38 of 73
PredictedPRODUCT 2;
Page 39 of 73
PRODUCT 3;
Page 40 of 73
SeverityPRODUCT 2;
Page 41 of 73
ScorePRODUCT 2;
Page 42 of 73
modeling a set of past observed computer network cyber threat events to obtain an estimate of at least one model parameter;
performing a Monte Carlo simulation of the given computer network cyber threat by:
predicting future computer network cyber threat events using the at least one model parameter and a
NEHEMIA 1 (at 0.48);
Page 43 of 73
stochastic model using a projection of at least one model parameter which is based on the estimate of at least one model parameter and on a randomly-drawn variable according to a predefined distribution and to use said at least one variable in the stochastic model and predicting a distribution of future computer network cyber threat events by repeating the simulation using a plurality of variables, determining expected downtime of each IT system in dependence upon said predicted future computer network cyber threat activity, determining financial loss for each of a plurality of operational processes dependent on the downtimes of the IT systems adding losses for the plurality of processes to obtain a combined financial loss arising from the future computer network cyber threat activity.
https://quantarsolutions.com/wp-content/uploads/2019/05/NEHEMIA-1.mp4
NEHEMIA 2;
Prioritize Cyber Risks in DollarsRQ is an automated cyber risk platform engineered to deliver financially-quantifiedintelligence and mitigation options specific to each business
Transfer Cyber Risks Intelligentlyweigh the costs of mitigating a risk,
Step 1: Model the Business-Tech EnvironmentRQ gathers business and IT data to establish a comprehensive understanding of a company’senvironment. This exercise uses a step-by-step wizard to establish ties between key businessprocesses, applications, and the underlying IT infrastructure
Step 2: Financially Quantify Cyber RiskRQ manages over 5,000 algorithms, each custom built using Nehemiah’s curated risk intel database.After modeling the environment, RQ activates the appropriate calculations to measure Probability ofLoss and Computed Loss for a variety of loss types:1. Revenue loss2. Business disruption
Step 3: Drive Action to Mitigate Cyber RisksRQ generates a list of recommended controls and computes the ROI of these security investments.
Page 44 of 73
NEHEMIA 3;
RQ Financially Quantify Cyber as a Business RiskA Risk Quantification PlatformRQ (Risk Quantifier) is a decision support platform that enables organizations to understand the financial exposure from a cyberattack and trace back to the area of impact. RQ combines your existing data with our database of attack and loss intelligence to compute the financial loss of a cyberattack and recommend mitigations that provide the best financial return.
To quantify cyber risks, RQ considers all dimensions: the Business, IT, and the Attacker
Where’s the impact?Trace where in the IT environment a risk can be realized. Detail the correlation between business assets and IT applications to support mitigation efforts
NEHEMIA 4;Nehemiah Security’s Risk Engine Quantifies Cyber Risk in Financial Terms
RQ 2.0, a cyber risk platform engineered to financially quantify security as a business risk based onverifiable intelligence. Designed to correlate technical risks with an organization’s business assets, RQ’s Risk Engine aggregates data from business units, IT environments, and threat intelligence to identify the dollar amount that an organization’s unique risks pose to their business operations.
Nehemiah is the first to market with continuous, automated cyber risk quantification armed with risk mitigation and projected ROI computations to precisely answer questions like, “What is theseverity of these risks to the business?”
Page 45 of 73
Nehemiah’s RQ platform allows technical leaders to quantitatively report on the business impact of cyber risk through the lens of their company’s unique business model. The risk engine establishes relationships between business applications and technical assets, then correlates technical exposures to threat intelligence feeds and known attacker scenarios.
RQ automatically computes security as a business risk in financial terms. The RQ dashboard updates to report on potential losses such as disruption,
NEHEMIA 6;
LossPRODUCT 2;
Page 46 of 73
PRODUCT 3;
Page 47 of 73
PRODUCT 4
Page 48 of 73
FinancialPRODUCT 1;
Page 49 of 73
PRODUCT 2;
Page 50 of 73
PRODUCT 3;
Page 51 of 73
PRODUCT 4
Page 52 of 73
PredictedPRODUCT 2;
Page 53 of 73
PRODUCT 3;
Page 54 of 73
DependencePRODUCT 2;
Page 55 of 73
Claim: 13
13. A computer readable medium having a computer program thereon, which when executed by a computer system having one or more computer processors and a non-transitory computer readable memory, causes the computer system to perform steps comprising:
Page 56 of 73
to predict, for each of a plurality of computer network cyber threats, future cyber threat activity using a Monte Carlo method based on stochastic modeling of actual past observed computer network cyber threat activity, to receive observed cyber threat data from a database, the list of observed cyber threats including information, for each threat, of identification of at least one computer system targeted, to extrapolate future event frequency, to produce a profile of predicted cyber threat activity, wherein for each actual observed cyber threat on the computer network, an identifier, a name, a description of the threat, a temporal profile specifying frequency of occurrence, a target (or targets) for the threat and a severity score for the (each target) are included in the cyber threat data within the database, output the predicted future threat activity to one or more firewalls to improve their accuracy in correctly identifying cyber threats actually observed on the one or more computer networks to improve the accuracy of the apparatus and stochastic modeling of assessing financial loss from cyber threats on an ongoing basis;
NEHEMIA 1 (at 0.48);
https://quantarsolutions.com/wp-content/uploads/2019/05/NEHEMIA-1.mp4
NEHEMIA 1 (at 1.51);
https://quantarsolutions.com/wp-content/uploads/2019/05/NEHEMIA-1.mp4
NEHEMIA 2;
Prioritize Cyber Risks in DollarsRQ is an automated cyber risk platform engineered to deliver financially-quantifiedintelligence and mitigation options specific to each business
Transfer Cyber Risks Intelligentlyweigh the costs of mitigating a risk,
Step 1: Model the Business-Tech EnvironmentRQ gathers business and IT data to establish a comprehensive understanding of a company’senvironment. This exercise uses a step-by-step wizard to establish ties between key businessprocesses, applications, and the underlying IT infrastructure
Step 2: Financially Quantify Cyber RiskRQ manages over 5,000 algorithms, each custom built using Nehemiah’s curated risk intel database.After modeling the environment, RQ activates the appropriate calculations to measure Probability ofLoss and Computed Loss for a variety of loss types:1. Revenue loss
Page 57 of 73
2. Business disruption
Step 3: Drive Action to Mitigate Cyber RisksRQ generates a list of recommended controls and computes the ROI of these security investments.
NEHEMIA 3;
RQ Financially Quantify Cyber as a Business RiskA Risk Quantification PlatformRQ (Risk Quantifier) is a decision support platform that enables organizations to understand the financial exposure from a cyberattack and trace back to the area of impact. RQ combines your existing data with our database of attack and loss intelligence to compute the financial loss of a cyberattack and recommend mitigations that provide the best financial return.
To quantify cyber risks, RQ considers all dimensions: the Business, IT, and the Attacker
Where’s the impact?Trace where in the IT environment a risk can be realized. Detail the correlation between business assets and IT applications to support mitigation efforts
NEHEMIA 4;Nehemiah Security’s Risk Engine Quantifies Cyber Risk in Financial Terms
RQ 2.0, a cyber risk platform engineered to financially quantify security as a business risk based onverifiable intelligence. Designed to correlate technical risks with an organization’s business assets, RQ’s Risk Engine aggregates data from business units, IT environments, and threat intelligence to identify the dollar amount that an organization’s unique risks pose to their business operations.
Page 58 of 73
Nehemiah is the first to market with continuous, automated cyber risk quantification armed with risk mitigation and projected ROI computations to precisely answer questions like, “What is theseverity of these risks to the business?”
Nehemiah’s RQ platform allows technical leaders to quantitatively report on the business impact of cyber risk through the lens of their company’s unique business model. The risk engine establishes relationships between business applications and technical assets, then correlates technical exposures to threat intelligence feeds and known attacker scenarios.
RQ automatically computes security as a business risk in financial terms. The RQ dashboard updates to report on potential losses such as disruption,
NEHEMIA 6;
Page 59 of 73
LossPRODUCT 2;
Page 60 of 73
PRODUCT 3;
Page 61 of 73
PRODUCT 4
Page 62 of 73
FinancialPRODUCT 1;
Page 63 of 73
PRODUCT 2;
Page 64 of 73
PRODUCT 3;
Page 65 of 73
PRODUCT 4
Page 66 of 73
Receive (data)PRODUCT 1;
Page 67 of 73
PredictedPRODUCT 2;
Page 68 of 73
PRODUCT 3;
Page 69 of 73
SeverityPRODUCT 2;
Page 70 of 73
wherein execution of the computer program causes the computer system to perform, for each given threat, steps further comprising:
modeling a set of past observed computer network cyber threat events to obtain an estimate of at least one model parameter;
performing a Monte Carlo simulation of the given computer network cyber threat by:
Page 71 of 73
predicting future computer network cyber threat events using the at least one model parameter and a stochastic model using a projection of at least one model parameter which is based on the estimate of at least one model parameter and on a randomly-drawn variable according to a predefined distribution and to use said at least one variable in the stochastic model and predicting a distribution of future computer network cyber threat events by repeating the simulation using a plurality of variables.
PredictedPRODUCT 2;
PRODUCT 3;
Page 72 of 73
Note: Total claims: 15 and Independent claims: 3
Page 73 of 73