Abstract: An illustrative method includes a data protection system determining a first compressibility metric associated with write traffic processed by a storage system, the first compressibility metric indicating an amount of storage space saved if the write traffic is compressed; determining a second compressibility metric associated with read traffic processed by a storage system, the second compressibility metric indicating an amount of storage space saved if the read traffic is compressed; determining, based on a comparison of the first compressibility metric with the second compressibility metric, that the write traffic is less compressible than the read traffic; determining, based on the write traffic being less compressible than the read traffic, that the storage system is possibly being targeted by a security threat; and performing, based on the determining that the storage system is possibly being targeted by the security threat, a remedial action with respect to the storage system.

Abstract: An illustrative method includes a data protection system determining a first compressibility metric associated with write traffic processed by a storage system, the first compressibility metric indicating an amount of storage space saved if the write traffic is compressed; determining a second compressibility metric associated with read traffic processed by a storage system, the second compressibility metric indicating an amount of storage space saved if the read traffic is compressed; determining, based on a comparison of the first compressibility metric with the second compressibility metric, that the write traffic is less compressible than the read traffic; determining, based on the write traffic being less compressible than the read traffic, that the storage system is possibly being targeted by a security threat; and performing, based on the determining that the storage system is possibly being targeted by the security threat, a remedial action with respect to the storage system.

Abstract: An illustrative method includes a data protection system determining that a total amount of read traffic and write traffic processed by a storage system during a time period exceeds a threshold, the read traffic representing data read from the storage system during the time period and the write traffic representing data written to the storage system during the time period, determining that the write traffic is less compressible than the read traffic, and determining, based on the total amount of read traffic and write traffic exceeding the threshold and on the write traffic being less compressible than the read traffic, that the storage system is possibly being targeted by a security threat.

Abstract: An illustrative method includes a data protection system determining that a total amount of read traffic and write traffic processed by a storage system during a time period exceeds a threshold, the read traffic representing data read from the storage system during the time period and the write traffic representing data written to the storage system during the time period, determining that the write traffic is less compressible than the read traffic, and determining, based on the total amount of read traffic and write traffic exceeding the threshold and on the write traffic being less compressible than the read traffic, that the storage system is possibly being targeted by a security threat.

Abstract: A computer software program particularly adapted to run on separate nodes of a cluster of computers validates a target storage device, even when one node fails and a clustering software failover mechanism passes the testing function to another node mid-test. The software first tests for a pre-existing index. If present and non-zero, pre-existing blocks of test data on the target device are compared against a known pattern in a shared reference file in a first loop. In a middle loop, additional copies of the blocks of test data are written from the shared file to the target device until full and an index is incremented with each new write. In a final loop, each stored block of test data is compared against the shared file. If no pre-existing non-zero index is found, the node running the software creates an index file and runs the middle and final loops as above, erasing or overwriting all pre-existing data and files.