US 11,924,251 B2
System and method for cybersecurity reconnaissance, analysis, and score generation using distributed systems
Jason Crabtree, Vienna, VA (US); Joe Gray, Lenoir City, TN (US); Michael James, Independence, MO (US); Richard Kelley, Woodbridge, VA (US); Andrew Sellers, Monument, CO (US); and Farooq Shaikh, Reston, VA (US)
Assigned to QOMPLX LLC, New York, NY (US)
Filed by QOMPLX LLC, Reston, VA (US)
Filed on Dec. 31, 2021, as Appl. No. 17/567,074.
Application 17/567,074 is a continuation of application No. 16/887,304, filed on May 29, 2020, granted, now 11,297,109.
Application 16/887,304 is a continuation in part of application No. 16/837,551, filed on Apr. 1, 2020, granted, now 11,070,592.
Application 16/837,551 is a continuation in part of application No. 16/777,270, filed on Jan. 30, 2020, granted, now 11,025,674, issued on Jun. 1, 2021.
Application 16/777,270 is a continuation in part of application No. 16/720,383, filed on Dec. 19, 2019, granted, now 10,944,795, issued on Mar. 9, 2021.
Application 16/720,383 is a continuation of application No. 15/823,363, filed on Nov. 27, 2017, granted, now 10,560,483, issued on Feb. 11, 2020.
Application 16/837,551 is a continuation in part of application No. 15/818,733, filed on Nov. 20, 2017, granted, now 10,673,887, issued on Jun. 2, 2020.
Application 15/818,733 is a continuation in part of application No. 15/725,274, filed on Oct. 4, 2017, granted, now 10,609,079, issued on Mar. 31, 2020.
Application 15/823,363 is a continuation in part of application No. 15/725,274, filed on Oct. 4, 2017, granted, now 10,609,079, issued on Mar. 31, 2020.
Application 15/725,274 is a continuation in part of application No. 15/655,113, filed on Jul. 20, 2017, granted, now 10,735,456, issued on Aug. 4, 2020.
Application 15/655,113 is a continuation in part of application No. 15/616,427, filed on Jun. 7, 2017, abandoned.
Application 15/616,427 is a continuation in part of application No. 15/237,625, filed on Aug. 15, 2016, granted, now 10,248,910, issued on Apr. 2, 2019.
Application 15/237,625 is a continuation in part of application No. 15/206,195, filed on Jul. 8, 2016, abandoned.
Application 15/206,195 is a continuation in part of application No. 15/186,453, filed on Jun. 18, 2016, abandoned.
Application 15/186,453 is a continuation in part of application No. 15/166,158, filed on May 26, 2016, abandoned.
Application 15/166,158 is a continuation in part of application No. 15/141,752, filed on Apr. 28, 2016, granted, now 10,860,962, issued on Dec. 8, 2020.
Application 15/141,752 is a continuation in part of application No. 15/091,563, filed on Apr. 5, 2016, granted, now 10,204,147, issued on Feb. 12, 2019.
Application 15/091,563 is a continuation in part of application No. 14/986,536, filed on Dec. 31, 2015, granted, now 10,210,255, issued on Feb. 19, 2019.
Application 14/986,536 is a continuation in part of application No. 14/925,974, filed on Oct. 28, 2015, abandoned.
Application 15/616,427 is a continuation in part of application No. 14/925,974, filed on Oct. 28, 2015, abandoned.
Prior Publication US 2022/0210203 A1, Jun. 30, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 16/2458 (2019.01); G06F 16/951 (2019.01)
CPC H04L 63/20 (2013.01) [G06F 16/2477 (2019.01); G06F 16/951 (2019.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); H04L 63/1441 (2013.01); H04L 63/1408 (2013.01)] 2 Claims
OG exemplary drawing
 
1. A system for cybersecurity reconnaissance, analysis, and scoring using distributed computing services, comprising:
a cloud computing platform comprising a hardware memory, a hardware processor, and a non-volatile storage device;
a proxy server operating on the cloud computing platform configured to act as a public-facing proxy network, the public-facing proxy network comprising one or more selectable attribute nodes;
wherein the cloud computing platform, upon request by a user application:
receives a domain name for reconnaissance and scoring; and
creates a first queue of Internet search tasks for the domain name using an in-memory associative array service, the search tasks comprising searches for, and receipt of search results for, each of the following four types of domain name system records:
a domain name system search for domain name system records;
a domain name system search for domain name system sender policy framework records;
a domain name system search for domain name system domain-based message authentication, reporting, and conformance records; and
a domain name system search for domain name system zone transfer records;
implements the first queue of Internet search tasks through the one or more selectable attribute nodes of the public-facing proxy network;
identifies Internet protocol addresses associated with the domain name from the domain name system records; and
implements a second queue of Internet protocol address scanning tasks for the identified Internet protocol addresses, the scanning tasks comprising an open port scan for each of a list of open ports for the domain name; and
a distributed data processing engine comprising a second plurality of programming instructions stored in the memory which, when operating on the processor, causes the cloud computing platform to:
receive a cybersecurity scoring model comprising category weights for a plurality of categories drawn from: domain name system records, domain name system sender policy framework records, domain name system domain-based message authentication, reporting, and conformance records, zone transfer records, and the list of open ports, and further comprising an algorithm for combining the categories using the category weights;
retrieve the search results and the list of open ports stored in the cloud-based storage bin; and
calculate a cybersecurity score by applying the algorithm to the weighted categories; and
generate a cybersecurity profile for the domain name based on the cybersecurity score.