Objectsecurity LLC SBIR Phase I Award, December 2022

The cybersecurity tool landscape is rapidly expanding and becoming more complex. It is becoming increasingly difficult for organizations to effectively manage all of the cybersecurity tools they utilize. This is due to the growing complexity of network environments, increasingly advanced and frequent attacks, an abundance of information being ingested from cybersecurity tools, and the demand for building correlations between results from various logs and tools. Management of a secure database and its access logs even further complicates risk management, since databases have their own set of cybersecurity challenges that need to be addressed, such as authentication, network and data access controls, data encryption, auditing, vulnerabilities and patches to database software, database compliance, backups, etc. We propose “NLC-ADP” (No/Low-Code – Application Development Platform), an enhancement to an existing no-code or low-code application development platform, tying in AI/ML, database management, and cybersecurity into a single solution and enabling the rapid development of applications for Nuclear Logistics data and systems. Our proposed NLC-ADP solution will ingest and normalize data from databases, cybersecurity tools, local logs, system usage, and system messages and allow for configurations of mitigations, alerts, and system messages and usage. Users will be able to configure mitigations and threat responses based on set limits for threat severities and types. AI/ML will be used to continually improve tool mapping, mitigations, threat responses, and anomalous behavior discovery. We propose a novel system to automatically import, integrate, and map cybersecurity tools and databases into a low-code or no-code platform to automatically identifying cybersecurity risks holistically across multiple tools. Additionally, the proposed solution will be able to detect and report on insider threat behavior. Results will be provided with severity and confidence scores and the ability to sort by importance. NLC-ADP major components include: (1) a tool and database integrator, (2) an AI/ML data preprocessor, (3) a data mapper for tool integrations, (4) an advanced graph database, and (5) an AI/ML engine for analytics, monitoring, predicting and reporting. The resulting product from using our application development platform will be an application or CI/CD plugin for AI/ML monitoring for anomalous behavior or usage on DTRA systems. ObjectSecurity has more than two decades of practical experience in the development, analysis, and risk assessment of trusted complex systems, including model-driven engineering (MDE), which is conceptually related to low/no-code development. We have in-depth practical experiences in the AI/ML and Deep Learning domain including Optical Character Recognition (OCR), achieved through novel AI/ML techniques in cybersecurity systems, such as automated Bill of Materials (BOM) analysis for hardware vulnerability detection.