Abstract: A data storage system uses erasure coding in combination with hashgraph to organize stored data and recover that data in a computing environment.

Abstract: Disclosed herein are systems and method for determining data storage insurance policies. In an exemplary implementation, a method comprises receiving a request to add a data storage insurance policy to a plurality of data files. The method comprises extracting data file attributes and determining a data recovery score for each respective data file based on a uniqueness, criticality, and/or importance of the respective data file. The method comprises determining a hardware score for each of a plurality of performance tiers comprising at least one storage server, based on an available capacity, a performance cost, and/or data recovery scores of data files currently stored at each of the plurality of performance tiers. The method comprises selecting and executing a data storage insurance policy for the respective data file based on a plurality of data recovery rules and/or the comparison of the data recovery score and the hardware score.

Abstract: A system and method are disclosed for performing non-invasive scan of a target device. The system is configured for: i) loading an endpoint protection agent to a target device; ii) providing a remote direct memory access of the target device to the remote security server for reading a memory of the target device; iii) scanning, by a second memory scan engine of the remote security server, the memory of the target device upon the violation of the security policy; iv) identifying, by the second memory scan engine of the remote security server, a threat on the target device; and v) sending, by the remote security server, a security response action to the endpoint protection agent on the target device in accordance with the security policy.

Abstract: A system and method of anti-malware analysis including iterative techniques. These techniques are used to create a file attribute tree used by a machine learning analyzer to identify malicious files.

Abstract: A system and method of anti-malware analysis including iterative techniques that combine static and dynamic analysis of untrusted programs or files. These techniques are used to identify malicious files by iteratively collecting new data for static analysis through dynamic run-time analysis.

Abstract: The IOC Infrastructure management system (100) and method is disclosed for building an IOC infrastructure and its management thereof. The system mainly includes a IOC processing unit and an endpoint engine. The IOC processing unit is configured to i) source raw IOCs from a plurality of external sources, ii) convert format of the raw IOCs into a predetermined format of an IOC database using a parser unit, where each parser of the parser unit corresponds to at least one IOC format, iii) build and apply syntax tree to the parsed IOCs, where the syntax tree supports complex expression-based toolsets, such as YARA, and sort the IOCs lexicographically to avoid duplication of IOC entry and render the malware detection scanning process faster and efficient.

Abstract: A method of continuous development of an internal threat scan engine based on an iterative quality assessment includes iteratively performing a dynamic assessment of a quality of a threat detection with a frequency defined for each of objects in an object collection, wherein a result of the dynamic assessment includes internal and external scan results of the objects and a consistency verdict of the internal and external scan results of the objects, changing a frequency of scanning iteration of the objects based on the consistency verdict of the external and internal scan results of the objects, classifying the objects based on the result of the dynamic assessment, and creating a development task including the internal and external scan results of the objects, meta-data of the objects, and automated test results to provide details for developing a software to fix inconsistency of the internal and external scan results.

Abstract: Disclosed herein are systems and method for classifying objects in an image using a color-based machine learning classifier. A method may include: training, with a dataset including a plurality of images, a machine learning classifier to classify an object in a given image into a color class from a set of color classes of a first size; receiving an input image depicting at least one object belonging to the set of color classes; determining a subset of color classes that are anticipated to be in the input image based on metadata of the input image; generating a matched mask input indicating the subset set of color classes in the input image, wherein the subset of color classes is of a second size that is smaller than the first size; and inputting both the input image and the matched mask input into the machine learning classifier.

Abstract: Aspects of the disclosure relate to the field of detecting a behavioral anomaly in an application. In one exemplary aspect, a method may comprise retrieving and identifying at least one key metric from historical usage information for an application on a computing device. The method may comprise generating a regression model configured to predict usage behavior associated with the application and generating a statistical model configured to identify outliers in the data associated with the at least one key metric. The method may comprise receiving usage information in real-time for the application. The method may comprise predicting, using the regression model, a usage pattern for the application indicating expected values of the at least one key metric. In response to determining that the usage information does not correspond to the predicted usage pattern and does not comprise a known outlier, the method may comprise detecting the behavioral anomaly.

Abstract: The present disclosure includes methods and systems for protecting network resources. An exemplary method comprises starting, by a processor, copy-on-write snapshotting for modifications to a plurality of files in storage, the modification initiated by a suspicious application, detecting, by the processor, a modification of a file of the plurality of files, determining, by the processor, whether the file is stored on a shared network resource or a local resource, in response to determining that the file is stored on a shared network resource, determining, by the processor, that a current region being modified is not already saved in a snapshot, and if the current region is not saved, saving the current region to a snapshot, marking, by the processor, the current region as being saved and analyzing all saved regions that were modified for malicious activity to determine that the suspicious application modifying the saved regions is malicious.

Abstract: Disclosed herein are systems and methods for preserving data using a replication and blockchain notarization. In one aspect, an exemplary method comprises, by a hardware processor, receiving, from a user, a request for a legal hold of data and criteria for controlling access to the data, creating a legal hold object and establishing an access control criteria, creating, in the cloud storage, a cloud storage space that corresponds to the created legal hold object, and defining the access control for reading from the created cloud storage space, searching, in a backup data storage of a client data system, to identify all relevant data corresponding to the created legal hold object, and storing the identified relevant data and the search queries used for the identification of the relevant data, replicating the identified relevant data in the created cloud storage space, and notarizing the replicated relevant data using a blockchain notarization service.

Abstract: Disclosed are systems and methods for detecting multiple malicious processes. The described techniques identify a first process and a second process launched on a computing device. The techniques receive from the first process a first execution stack indicating at least one first control point used to monitor at least one thread associated with the first process, and receive from the second process a second execution stack indicating at least one second control point used to monitor at least one thread associated with the second process. The techniques determine that both the first process and the second process are malicious using a machine learning classifier on the at least one first control point and the at least one second control point. In response, the techniques generate an indication that an execution of the first process and the second process is malicious.

Abstract: Disclosed herein are systems and methods for enabling self-notarization in a data backup. In one aspects, a method may comprise generating the data backup at a computing device. The method may comprise calculating a checksum of the data backup. The method may comprise adding a self-notarization script to the data backup. The self-notarization script may be configured to automatically trigger without intervention by an external notarization system, in response to a pre-determined backup storage event, and in response to triggering, notarize and send the checksum to a distributed registry. The method may comprise sending the data backup comprising the self-notarization script to a backup storage device.

Abstract: Disclosed are systems and methods for detecting malicious applications. An exemplary method may comprise detecting that a first process has been launched on a computing device. The method may comprise receiving, from the first process, an execution stack associated with one or more control points of the first process. The method may comprise applying a machine learning classifier on the execution stack, wherein the machine learning classifier is configured to classify whether a process is malicious based on activity on control points captured on a given execution stack, and wherein a feature of a malicious process is detection of a system call to create a remote thread that runs in a virtual address space of a shared-service process configured to import third-party processes to be embedded in the shared-service process as separate threads. The method may comprise generating an indication that the execution of the first process is malicious/non-malicious.

Abstract: Disclosed herein are systems and method for anti-virus scanning of backup data at a centralized storage. In an exemplary aspect, a method may receive, at the centralized storage, a backup slice from each respective computing device in a plurality of computing devices, wherein the centralized storage comprises, for each respective computing device, a respective backup archive including a plurality of backup slices. The method may mount the received backup slice as a virtual disk. The method may detect, for the respective computing device, a change between the mounted virtual disk and any number of previous backup slices and may evaluate the change against behavioral rules to identify malicious behavior. In response to determining that the change exhibits malicious behavior, the method may execute a remediation action to prevent an attack on the plurality of computing devices or the centralized storage.

Abstract: A distributed agent for backup and restoration of virtual machines collects backup data and meta-data. The distributed agent includes an agent inside a virtual machine and an agent outside the virtual machine. The two kinds of agents communicate with each other to collect data of different types used to backup and restore virtual machines.

Abstract: An anomaly detection system uses an AI engine to analyze configurations and backups to identify and assess anomalies. Backup data and configurations are used to characterize events as either secure or insecure.

Abstract: A distributed agent for backup and restoration of virtual machines collects backup data and meta-data. The distributed agent includes an agent inside a virtual machine and an agent outside the virtual machine. The two kinds of agents communicate with each other to collect data of different types used to backup and restore virtual machines.

Abstract: In a multi-tenant hierarchical data storage system, tenant nodes are organized into trees and subtrees including virtual shards and with tenant data on single shards. The system is configured to allow scalable parallel access by a plurality of tenant-users.

Abstract: Disclosed herein are systems and method for customizing a user workspace environment using artificial intelligence-based analysis. In one exemplary aspect, a method comprises detecting user actions in a user workspace environment that provides access to a plurality of workspace elements. The method comprises generating a plurality of rules for customizing the user workspace environment, wherein each rule links a set of input parameters of a machine learning algorithm as criteria with an output user action and an output identifier of the workspace element, and wherein each rule assigns at least one customization action that (1) reduces an amount of steps to perform in the user workspace environment to access the workspace element associated with the output identifier and (2) reduces a processing time to perform the output user action. When a criterion is fulfilled, the method comprises executing a corresponding customization action that alters the user workspace environment.