Abstract: A data management system comprises: a storage appliance configured to store a snapshot of a virtual machine; and one or more processors in communication with the storage appliance. The one or more processors are configured to perform operations including: identifying a plurality of shards of the virtual machine; requesting a snapshot of each of the plurality of shards; receiving the shards asynchronously; ordering the received snapshot shards sequentially into a results queue; and storing a single snapshot of the virtual machine based on the ordered snapshot shards. Operations may further include maintaining a flow control queue that limits the number of snapshot shards requested.

Abstract: A method executed by a computing device includes determining a set of identigens for each query word of a query to produce sets of identigens, where a set of identigens represents different meanings of a word of the query. The method further includes obtaining a first identigen selection for a first query word from the first set of identigens. The method further includes interpreting, using identigen pairing rules and based on the first identigen selection, the sets of identigens to produce a query entigen group. The method further includes accessing a knowledge database utilizing the query entigen group to produce a response entigen group. The method further includes generating a response to the query using the response entigen group, where the response includes at least one response word.

Abstract: A method performed by a computing device includes generating a comparative query entigen group set based on a comparative query in accordance with identigen rules, where the comparative query entigen group set represents a most likely interpretation of the comparative query. The method further includes obtaining a first response entigen group from a knowledge database based on a first comparative query entigen group of the comparative query entigen group set, where the first response entigen group substantially includes the first comparative query entigen group. The method further includes obtaining a second response entigen group from the knowledge database based on a second comparative query entigen group of the comparative query entigen group set, where the second response entigen group substantially includes the second comparative query entigen group. The method further includes generating a comparative response based on the first response entigen group and the second response entigen group.

Abstract: Techniques unmasking ransomware attacks are disclosed. In some embodiments, a computer system performs operations comprising: generating a first prediction that a file system comprising a plurality of files has been attacked by ransomware based on snapshot metadata of the file system using a snapshot-level machine learning prediction model, the snapshot metadata comprising a plurality of file change data indicating a plurality of file change events that have been performed on the file system; in response to the first prediction, generating a classification for each one of the files based on the file change data using a file-level machine learning prediction model, the classification indicating whether the files have been targeted by the ransomware for encryption; determining that one or more files have been targeted by the ransomware based on the classification; and displaying the classification for the one or more files on a computing device of a user.

Abstract: Techniques for implementing a scalable automated training framework for anomaly and ransomware detection are disclosed. In some embodiments, a computer system performs operations comprising: instantiating a plurality of virtual machines, each one of the virtual machines being loaded with a corresponding file system; simulating user actions and ransomware on the virtual machines, the simulating of user actions and ransomware on the virtual machines causing changes to the corresponding file systems of the virtual machines; for each one of the plurality of virtual machines, generating a corresponding metadata file based on one or more corresponding snapshots of the virtual machine, the one or more corresponding snapshots indicating the changes to the corresponding file system of the virtual machine; and training a ransomware detection model using a machine learning algorithm and training data, the training data being based on the corresponding metadata files of the virtual machines.

Abstract: A method executed by a computing device includes determining a set of identigens for each phrase word of a phrase to produce sets of identigens. A set of identigens of the sets of identigens represents one or more different meanings of a phrase word of the phrase. The method further includes obtaining sensor information for one or more phrase words of the phrase. The method further includes selecting an identigen of a first set of identigens based on the sensor information to produce a first identigen selection for the first set of identigens having a selected meaning of one or more different meanings of the first phrase word. The method further includes interpreting remaining sets of identigens of the sets of identigens to produce an entigen group so that the entigen group represents a most likely meaning interpretation of the phrase.

Abstract: Techniques for implementing proactive data security operations for files using an analysis of access permission levels for the files are disclosed. In some embodiments, a computer system performs operations comprising: determining that data of a file includes sensitive information based on an analysis of the data using a data classification model; determining that access to the file is open using an access classification model; and based on the determination that the data of the file includes sensitive information and the determination that the access to the file is open, causing a notification to be displayed on a computing device of a user, the notification comprising an indication that the file includes sensitive information and that access to the file is open.

Abstract: A data management system comprises: a storage appliance configured to store a snapshot of a virtual machine; and one or more processors in communication with the storage appliance. The one or more processors are configured to perform operations including: identifying a plurality of shards of the virtual machine; requesting a snapshot of each of the plurality of shards; receiving the shards asynchronously; ordering the received snapshot shards sequentially into a results queue; and storing a single snapshot of the virtual machine based on the ordered snapshot shards. Operations may further include maintaining a flow control queue that limits the number of snapshot shards requested.

Abstract: Techniques for implementing proactive data security operations for files using an analysis of access permission levels for the files are disclosed. In some embodiments, a computer system performs operations comprising: determining that data of a file includes sensitive information based on an analysis of the data using a data classification model; determining that access to the file is open using an access classification model; and based on the determination that the data of the file includes sensitive information and the determination that the access to the file is open, causing a notification to be displayed on a computing device of a user, the notification comprising an indication that the file includes sensitive information and that access to the file is open.

Abstract: A data management system comprises: a storage appliance configured to store a snapshot of a virtual machine; and one or more processors in communication with the storage appliance. The one or more processors are configured to perform operations including: identifying a plurality of shards of the virtual machine; requesting a snapshot of each of the plurality of shards; receiving the shards asynchronously; ordering the received snapshot shards sequentially into a results queue; and storing a single snapshot of the virtual machine based on the ordered snapshot shards. Operations may further include maintaining a flow control queue that limits the number of snapshot shards requested.

Abstract: A data management system comprises: a storage appliance configured to store a snapshot of a virtual machine; and one or more processors in communication with the storage appliance. The one or more processors are configured to perform operations including: identifying a plurality of shards of the virtual machine; requesting a snapshot of each of the plurality of shards; receiving the shards asynchronously; ordering the received snapshot shards sequentially into a results queue; and storing a single snapshot of the virtual machine based on the ordered snapshot shards. Operations may further include maintaining a flow control queue that limits the number of snapshot shards requested.

Abstract: A method and system include detecting a user activity associated with a file change of a first file, invoking a plurality of analyzers to scan content of the first file, the plurality of analyzers including a first analyzer, matching the first analyzer with a first sensitive data item in the first file, identifying a first policy based on a first pre-determined set of analyzers that includes the first analyzer, and causing display of a first notification in a user interface of a client device, the first notification including a first indication that the first policy may be violated based on the file change associated with the first file.

Abstract: A data management system having a storage appliance configured to store a snapshot of a virtual machine; and one or more processors in communication with the storage appliance. The one or more processors are configured to perform operations including: identifying a plurality of shards of the virtual machine; requesting a shard snapshot of each of the plurality of shards; receiving the shard snapshots asynchronously; ordering the received shard snapshots sequentially into a results queue; and storing a single snapshot of the virtual machine based on the ordered shard snapshots. The operations may further include maintaining a flow control queue that limits a number of the requested shard snapshots.

Abstract: A data management system comprises: a storage appliance configured to store a snapshot of a virtual machine; and one or more processors in communication with the storage appliance. The one or more processors are configured to perform operations including: identifying a plurality of shards of the virtual machine; requesting a snapshot of each of the plurality of shards; receiving the shards asynchronously; ordering the received snapshot shards sequentially into a results queue; and storing a single snapshot of the virtual machine based on the ordered snapshot shards. Operations may further include maintaining a flow control queue that limits the number of snapshot shards requested.

Abstract: Techniques unmasking ransomware attacks are disclosed. In some embodiments, a computer system performs operations comprising: generating a first prediction that a file system comprising a plurality of files has been attacked by ransomware based on snapshot metadata of the file system using a snapshot-level machine learning prediction model, the snapshot metadata comprising a plurality of file change data indicating a plurality of file change events that have been performed on the file system; in response to the first prediction, generating a classification for each one of the files based on the file change data using a file-level machine learning prediction model, the classification indicating whether the files have been targeted by the ransomware for encryption; determining that one or more files have been targeted by the ransomware based on the classification; and displaying the classification for the one or more files on a computing device of a user.

Abstract: Techniques for implementing a scalable automated training framework for anomaly and ransomware detection are disclosed. In some embodiments, a computer system performs operations comprising: instantiating a plurality of virtual machines, each one of the virtual machines being loaded with a corresponding file system; simulating user actions and ransomware on the virtual machines, the simulating of user actions and ransomware on the virtual machines causing changes to the corresponding file systems of the virtual machines; for each one of the plurality of virtual machines, generating a corresponding metadata file based on one or more corresponding snapshots of the virtual machine, the one or more corresponding snapshots indicating the changes to the corresponding file system of the virtual machine; and training a ransomware detection model using a machine learning algorithm and training data, the training data being based on the corresponding metadata files of the virtual machines.

Abstract: Techniques for implementing proactive data security operations for files using an analysis of access permission levels for the files are disclosed. In some embodiments, a computer system performs operations comprising: determining that data of a file includes sensitive information based on an analysis of the data using a data classification model; determining that access to the file is open using an access classification model; and based on the determination that the data of the file includes sensitive information and the determination that the access to the file is open, causing a notification to be displayed on a computing device of a user, the notification comprising an indication that the file includes sensitive information and that access to the file is open.

Abstract: A method, system, and computer program storage product determine determining a trajectory information type of a receipt submitted by an employee. Trajectory information associated with the receipt submitted by the employee is retrieved based on the trajectory information type. Trajectory information corresponding to a device associated with the employee is also retrieved. The receipt is determined as a valid receipt in response to the trajectory information associated with the receipt submitted by the employee matching the trajectory information associated with the device associated with the employee.

Abstract: A data management system comprises: a storage appliance configured to store a snapshot of a virtual machine; and one or more processors in communication with the storage appliance. The one or more processors are configured to perform operations including: identifying a plurality of shards of the virtual machine; requesting a snapshot of each of the plurality of shards; receiving the shards asynchronously; ordering the received snapshot shards sequentially into a results queue; and storing a single snapshot of the virtual machine based on the ordered snapshot shards. Operations may further include maintaining a flow control queue that limits the number of snapshot shards requested.

Abstract: A data management system comprises: a storage appliance configured to store a snapshot of a virtual machine; and one or more processors in communication with the storage appliance. The one or more processors are configured to perform operations including: identifying a plurality of shards of the virtual machine; requesting a snapshot of each of the plurality of shards; receiving the shards asynchronously; ordering the received snapshot shards sequentially into a results queue; and storing a single snapshot of the virtual machine based on the ordered snapshot shards. Operations may further include maintaining a flow control queue that limits the number of snapshot shards requested.