Abstract: Systems and methods for data recovery, backup and catalog generation are described. In part, the disclosure relates to a computer-implemented method for generating a data catalog includes creating a current backup archive; obtaining access to a Master File Table (MFT), or other index table such as an Inode Table, of the current backup archive and a MFT, or other index table such as an Inode Table, of a previous backup archive; comparing each entry in the MFT, or Inode Table, of the current backup to each entry of the MFT, or Inode Table, of the previous backup to identify one or more differences in the current backup archive; and saving one or more of the differences into the data catalog of the current backup archive.

Abstract: Disclosed herein are systems and methods for enabling self-notarization in a data backup. In one aspects, a method may comprise generating the data backup at a computing device. The method may comprise calculating a checksum of the data backup. The method may comprise adding a self-notarization script to the data backup. The self-notarization script may be configured to automatically trigger without intervention by an external notarization system, in response to a pre-determined backup storage event, and in response to triggering, notarize and send the checksum to a distributed registry. The method may comprise sending the data backup comprising the self-notarization script to a backup storage device.

Abstract: Disclosed herein are systems and method for anti-virus scanning of backup data at a centralized storage. In an exemplary aspect, a method may receive, at the centralized storage, a backup slice from each respective computing device in a plurality of computing devices, wherein the centralized storage comprises, for each respective computing device, a respective backup archive including a plurality of backup slices. The method may mount the received backup slice as a virtual disk. The method may detect, for the respective computing device, a change between the mounted virtual disk and any number of previous backup slices and may evaluate the change against behavioral rules to identify malicious behavior. In response to determining that the change exhibits malicious behavior, the method may execute a remediation action to prevent an attack on the plurality of computing devices or the centralized storage.

Abstract: Methods and systems are provided for modifying configuration of a storage system using artificial intelligence. An exemplary method comprises collecting, over a period of time, health and parameter information of the storage system. The method comprises predicting, using a machine learning algorithm, upcoming events that may degrade performance of the storage system based on the health and parameter information. The method comprises determining that the storage system will not operate in accordance with a set of goals based on the upcoming events. In response to determining that the storage system will not operate in accordance with the set of goals, the method comprises generating parameter changes, and applying the parameter changes to the storage system.

Abstract: A system and method is provided for service level agreement (SLA) based data storage and verification. According to one exemplary aspect, a method includes receiving, from a client device, a request to perform data verification of data relating to a file stored on a remote storage computer; accessing, by a processor, at least one SLA to determine a fault tolerance for the file stored on the remote storage computer; sending, by the processor to the remote storage computer, a request to store k derivatives of the file in the remote storage computer; and transmitting, to the client device, an indication of a location of the k derivatives of the file in the remote storage computer.

Abstract: Aspects of the present disclosure describe methods and systems for optimized re-striping in an erasure encoded storage. In one exemplary aspect, a method may receive a request to re-stripe a plurality of data blocks arranged as a tile in the erasure encoded storage, wherein the request comprises a desired tile width. The method may identify (1) a number of data blocks in the tile and (2) a width of the tile. The method may determine a maximum number of data blocks that do not need to be rearranged when reconfiguring the tile to the desired tile width. Furthermore, the method may determine a tile reconfiguration with the desired tile width that does not rearrange the maximum number of the data blocks of the tile, and may re-stripe the tile in accordance with the tile reconfiguration.

Abstract: Disclosed herein are systems and method for providing agentless security of virtual machines. In one aspect, the method intercepts, by a virtual switch filtering extension of an extensible virtual switch on a host processor, a data packet in an outbound transmission from a virtual machine to a destination device, wherein the virtual switch filtering extension is also configured to intercept data packets in inbound transmissions to the virtual machine. In response to determining that the data packet is not in compliance with the set of predefined rules associated with the virtual machine, the method prevents, by the virtual switch filtering extension, transmission of the data packet from the virtual machine to the destination device.

Abstract: Disclosed herein are systems and method for protecting an endpoint device from malware. In one aspect, an exemplary method comprises performing, by a light analysis tool of the endpoint, a light static analysis of a sample, terminating the process and notifying the user when the process is malware, performing light dynamic analysis when the process is not malware based on the light static analysis, when the process is clean based on the light dynamic analysis, enabling the process to execute, when the process is malware, terminating the process and notifying the user, and when the process is suspicious pattern, suspending the process, setting a level of trust, sending the sample to a sandbox, terminating the process and notifying the user when the process is a malware based on received final verdict, enabling the process to resume executing when the process is determined as being clean based on the final verdict.

Abstract: Disclosed are systems and methods for detecting malicious applications. The described techniques detect a first process has been launched on a computing device, and monitor at least one thread associated with the first process using one or more control points of the first process. An execution stack associated with the one or more control points of the first process is received from the first process. In response to detecting activity on the one or more control points of the first process, an indication that the execution of the first process is malicious is generated by applying a machine learning classifier to the received execution stack associated with the one or more control points of the first process.

Abstract: Systems and methods are provided for generating a blockchain smart contract for managing user accounts and electronic wallets storing cryptocurrency. The described system includes determining a public encryption key associated with a third-party organization configured to manage blockchain transactions on behalf of a first user account, generating a first transaction data structure having a destination address field that specifies a user-account smart contract module published to a distributed ledger, wherein the first transaction data structure is configured to invoke change ownership functionality of the user-account smart contract module using the determined public encryption key associated with the third-party organization, and publishing the first transaction data structure to the distributed ledger maintained by the blockchain network of nodes.

Abstract: Disclosed herein are systems and method for detecting unauthorized access to computing resources for cryptomining. In one exemplary aspect, a method may detect that at least one process has been launched on a computer system. In response to the detecting, the method may collect data related to the launch of the at least one process. The method may compare the collected data with behavioral rules specifying compliant behavior on the computer system. The method may identify suspicious behavior associated with the at least one process in response to determining that the collected data does not meet the behavioral rules. The method may generate an alert indicative of the suspicious behavior. In response to identifying the suspicious behavior, the method may obtain telemetry data of the computer system, and may update the behavioral rules based on the telemetry data to improve accuracy of identifying further suspicious behavior.

Abstract: Disclosed herein are system and method for driving organization and subsequent analysis of an autonomous vehicle. In an exemplary aspect, the system and method comprise dividing a path of a vehicle into a plurality of segments based on predetermined conditions; monitoring both behavior of the vehicle and driving conditions during each of the plurality of segments; storing the behavior and the driving conditions in a plurality of records of an immutable storage; determining whether an accident has occurred involving the vehicle; in response to determining that the accident has occurred, retrieving for the plurality of segments the behavior and the driving conditions from the immutable storage; reconstructing the path using the retrieved behavior and the driving conditions and the plurality of segments; and analyzing the reconstructed path to determine a cause of the accident.

Abstract: Systems and methods for remediating vulnerabilities on a plurality of computing devices is disclosed herein. In one exemplary aspect, a method comprises classifying monitored data into a plurality of categories using a machine learning algorithm. For each respective data file of the monitored data, the method comprises retrieving one or more policies associated with a classified category of the respective data file and determining whether respective data file complies with the one or more policies. The method further comprises generating a compliance map based on compliance with policies for each respective data file of the monitored data, wherein the compliance map indicates vulnerabilities in the plurality of computing devices, determining whether the vulnerabilities are actionable, and in response to determining the vulnerabilities are actionable, requesting actions to be performed on the plurality of devices to remediate the vulnerabilities and non-compliance.

Abstract: Disclosed herein are systems and method for determining a backup schedule on a computer system. In one exemplary aspect, a method may comprise collecting user behavior data on the computer system and analyzing the user behavior data to determine an optimal time of a backup session to create backup copies of modified data stored on a volume of the computer system. The method may comprise determining an optimal duration of the backup session based on the analyzed user behavior and prioritizing portions of the modified data based on priority rules. The method may comprise determining a prioritized portion of the modified data that can be saved during the backup session based on the duration, computer system hardware and network bandwidth at the optimal time of backup, and performing the backup session comprising the prioritized portion.

Abstract: Disclosed are systems and methods for proactive disaster recovery. The described technique monitors for events raised by a system of interconnected external sensors and other devices for obtaining data on the external environment of servers. The system uses these events as a chain of triggers according to which preventative or preparatory actions for disaster recovery are performed.

Abstract: Disclosed herein are systems and methods for managing access to data objects in cloud storage. In one aspect, an exemplary method comprises storing, by a processor, a data object in a storage device of a cloud storage service for a duration of time, wherein the data object is accessible to a plurality of user accounts. The method comprises extending the duration of time for retaining the data object on the storage device to a first extended duration when a degree of access of the data object by the plurality of user accounts meets a target threshold value during the duration of time. The method further comprises extending the duration of time for retaining the data object on the storage device to a second extended duration when the degree of access does not meet the target threshold value during the duration of time.

Abstract: Disclosed herein are systems and method for de-duplicating blocks of data. In one aspect, an exemplary method comprises receiving a block of data at a de-duplication engine that comprises a first block node and a first page node, wherein the first block node stores a single block descriptor for at least two identical blocks previously received and wherein the first page node stores single instances of identical pages in the at least two identical blocks. The method comprises comparing the received block with the at least two identical blocks. In response to determining that the received block partially matches the at least two identical blocks, the method comprises storing a block descriptor of the received block in a second block node and storing at least one page that matches between the received block and the at least two identical blocks in a second page node of the de-duplication engine.

Abstract: Disclosed herein are systems and method for inspecting archived slices for malware. In one exemplary aspect, the method comprises mounting, to a disk, a first slice of a plurality of slices in a backup archive, wherein the first slice is an image of user data at a first time. The method further comprises detecting a modified block of the mounted, identifying at least one file in the mounted first slice that corresponds to the detected modified block, and scanning the at least one file for viruses and malicious software. In response to detecting that the at least one file is infected, the method comprises generating a cured slice that comprises the user data of the mounted first slice without the at least one file.

Abstract: Disclosed herein are systems and method for disaster recovery using application streaming. In one aspect, a method includes generating a backup image of a computing system having at least one installed application and user data. The generating involves including the user data in the backup image and actively excluding program data files of the at least one installed application from the backup image. The method includes determining an application package specifying the installed application. The application package is stored at an application streaming service. Responsive to detecting a disaster recovery event, the method further includes copying the user data from the backup image to a recovery computing instance, and executing, on the recovery computing instance, a remote application from the application streaming service based on the determined application package.

Abstract: Disclosed herein are systems and methods for data remediation without data loss. In one exemplary aspect, the method comprises performing, at a first time, a first backup of a plurality of files on a file system of a computer system; tracking changes to any of the plurality of files on the file system after the first time; performing, at a second time, a second backup of the plurality of files on the file system; detecting, based on a scan of the second backup, an infection of the computer system caused by a malicious application; identifying, by the processor, a most recent backup of the file system that does not comprise the infection; in response to determining that the first backup is the most recent backup: restoring the first backup to the file system, and restoring a subset of files on the file system for which authorized changes.