Abstract: Disclosed herein are systems and method for storing media authentication data using a distributed ledger. In one aspect, an exemplary method comprises, receiving, by a processor of a computing node of a plurality of computing nodes, one or more hashes associated with a media content and a timestamp, the computing nodes being communicatively linked, generating a data block that contains at least one of the received hashes, the data block being generated by hashing a hash corresponding to a previous data block of the distributed ledger together with the at least one hash, the at least one hash corresponding to the media content of the data block being generated, transmitting to the plurality of computing nodes, a message reporting an addition of the generated data block, wherein at least some of the plurality of computing nodes maintain at least a partial copy of the distributed ledger.

Abstract: Disclosed herein are systems and method for correlating malware detections by endpoint devices and servers. In one aspect, an exemplary method comprises receiving, by a correlator, from one or more servers, one or more events collected without invasive techniques, one or more events collected using one or more invasive techniques, and one or more final verdicts, correlating the one or more events collected without invasive techniques with one or more events collected using the one or more invasive techniques, creating a suspicious pattern when an event of the one or more events collected without invasive techniques is correlated with an event of the one or more events collected using the one or more invasive techniques, and the event of the one or more events collected using one or more invasive techniques is used to detect a malware, and updating databases of one or more endpoint devices with created suspicious patterns.

Abstract: Disclosed herein are systems and method for storing and managing states of a computing device. In one aspect, an exemplary method comprises determining an initial state of the computing device, wherein the initial state includes states of all storage sectors associated with the computing device, storing the determined initial state in an initial blocks storage, for each new state that corresponds to a respective point in time subsequent to a time at which the initial state was determined, creating a snapshot, where the created snapshot includes a difference between the initial state and the new state, for each created snapshot, identifying a set of changed blocks that are in storage, and storing the changed blocks of data to a changed blocks storage, and creating a snap-map for any number of consecutive changes based on the sets of changed blocks corresponding to the respective consecutive changes.

Abstract: A method is provided for protecting a file server from a ransomware attack. An exemplary method comprises assigning a session identifier to a remote session initiated with the file server, monitoring operations associated with the session identifier, determining whether the operations are suspicious according to a policy, creating a volume-level snapshot of files on the file server, determining that encryption of the data is occurring when entropy of the monitored data is growing faster than the predetermined threshold rate, classifying the remote session as having a calculated degree of danger when the operations match operations contained in previously observed suspicious behavior patterns, interrupting the remote session when a combination of the degree of danger and the entropy is greater than a predetermined threshold value and restoring the data on the file server using the volume-level snapshot to a state prior to the encryption and dangerous activity.

Abstract: Methods and systems are provided for modifying configuration of a storage system using artificial intelligence. An exemplary method comprises storing an initial configuration of the storage system as configuration parameters, collecting health information and parameter information related to the storage system over a period of time, analyzing the collected health information using machine learning by comparing the health and the parameter information to a set of goals of the storage system, and in response to determining that the storage system is not operating in accordance with the set of goals, identifying a problem with the storage system using artificial intelligence by analyzing the health information and generating parameter changes that correct the problem, updating the configuration parameters with the parameter changes and applying the parameter changes to the storage system to correct the problem and restore performance of the storage system.

Abstract: Disclosed herein are systems and method for detecting malwares by a server of a sandbox. In one aspect, an exemplary method comprises receiving, by a deep dynamic analysis tool of the server, a sample of a process from an endpoint device with a request for a final verdict indicative of whether the process is a malware or clean based on a deep dynamic analysis, collecting events for the sample, the collected events including events collected using at least one invasive technique, analyzing the collected events using one or more detection models of the deep dynamic analysis tool to detect malwares and issue the final verdict, and sending final verdict to the endpoint device from which the sample is received.

Abstract: Disclosed are systems and methods restoring a computing system. The described method includes receiving a delta disk that was generated based on a backup of a computing device executing a protected application. The delta disk comprises one or more configurations for executing the protected application on a different device than the computing device. In response to a request to perform recovery of the computing device, a recovery virtual machine (VM) is created having a base virtual disk emulated from the backup. The recovery VM is modified by attaching the delta disk having the one or more configurations for executing the protected application. Execution of the protected application on the recovery VM is resumed.

Abstract: A method, computer program product, computing system, and system for automated disaster recovery are described. The method may include creating, using a backup engine running at a computing device, a backup of a server at a primary computing site; storing the created backup at a storage device at a secondary computing site; monitoring, using a monitoring component, an operating status of the server at the primary computing site; in response to determining, via the monitoring component, that the server at the primary computing site is unavailable based on the operating status, initiating a disaster recovery process at the secondary computing site; and running a copy of the server from the created backup at the secondary computing site.

Abstract: A system and method is provided for performing a full data backup of user data with data protection. An example method includes generating a snapshot of the electronic data stored in memory, initiating a transfer of the electronic data to a data storage facility; detecting requests to modify a file of the electronic data, saving an initial version of the file based on the snapshot of the electronic data, continuing the transfer of the data to the data storage facility, and transferring the modified file using the initial version of the file based on the snapshot of the electronic data.

Abstract: A system and method for encrypting and publishing data using blockchain technology is provided. An exemplary method includes receiving, by one or more nodes of a distributed network that maintains a blockchain, a message requesting publication of private information within the blockchain subsequent to a specified time interval. Moreover, the method includes recording a sequence of transactions in the blockchain based on the time interval, wherein each transaction in the sequence of transactions includes a payload calculated using a first homomorphic operation; and extracting the private information from a final payload of a final transaction in the sequence of transactions from the blockchain.

Abstract: Disclosed are system and method for verification of data transferred among several data storages. An exemplary method includes: calculating first hash-sums of the data during an initial placement in a data storage; transmitting the first hash-sums to at least one blockchain network; detecting a transfer of the data to a new data storage; calculating second hash-sums of the data after a placement of the data in the new data storage; transmitting the second hash-sums to the at least one blockchain network; comparing the first and second hash-sums of the data; and determining data immutability after the transfer of the data from the data storage to the new data storage based at least on results of the comparing.

Abstract: A system and method is provided for detecting ransomware and malicious programs.

Abstract: Methods and systems are disclosed herein for detecting malicious software executing on a plurality of computing devices. In an exemplary aspect, a method comprises collecting, from a plurality of agents executing on a respective computing device, analysis data corresponding to executables on the respective computing device, determining a suspicious activity pattern based on the received analysis data, determining that at least one executable on a computing device is malware based on the determined suspicious activity pattern, generating a plurality of remedial actions for protecting respective computing devices of the plurality of agents based on the suspicious activity pattern, and distributing, to the plurality of agents, the plurality of remedial actions to protect the respective computing device from the malware.

Abstract: Systems and methods for migrating and/or replicating computer systems are disclosed. Computer systems may be migrated and/or replicated from physical systems or virtual systems to physical or virtual systems. Migrating/replicating computer systems comprises determining the structure of the source computer system, generating instructions for migrating/replicating the structure of the computer system, and packaging the instructions in an executable package. The instructions may be formatted as a template, such as an OVF template, and be packaged with an executable agent and task list. The executable agent may be received and executed by a destination computer system. Executing the executable package may cause the instructions to be executed, as well as the optional agent, there configuring the destination computer system, possibly copying data present on the source computer system, and possibly rebooting the destination computer system.

Abstract: Disclosed herein are systems and methods for managing access to data objects in cloud storage. In one aspect, an exemplary method comprises, by a hardware processor, storing a first data object in a cloud storage service, wherein the first data object is uploaded by a first user, modifying a data access policy associated with the first data object to permit access by user accounts other than the first user, determining a utility ranking of the first data object based on a degree of access of the first data object using the cloud storage service, and modifying a data retention policy associated with the first data object based on the determined utility ranking.

Abstract: Disclosed herein are systems and method for de-duplicating blocks of data. In one aspect, an exemplary method comprises for each previously de-duplicated block of data of a de-duplication engine, storing de-duplicated pages references by hashes and a block descriptor, creating a set of hash components of the previously de-duplicated blocks, and for each newly received block of data for de-duplication, calculating a translation tolerant hash vector including a predetermined number of hash components, determining a similarity of the received block to the previously de-duplicated blocks based on a comparison of the hash components of the received block with the hash components in the set, and when the received block is determined as being similar to the previously processed blocks based on the comparison, storing the block without duplication in the de-duplication engine, including pages of the block referenced by hashes and a block descriptor.

Abstract: Methods of optimizing transmission of data from a client to a remote data center are disclosed, as well as systems and computer program products related to the same. An exemplary method comprises: receiving data, at a first intervening data center, transmitted from a client and addressed to a terminal data center, wherein the first intervening data center and the terminal data center are selected from a plurality of connected data centers; and transferring the data, from the first intervening data center through one or more additional intervening data centers selected from the plurality of connected data centers, until the data reaches the terminal data center; wherein each data center in the plurality of data centers independently selects a connected data center to transfer the data to based upon the amount of latency and/or bandwidth available at the connected data center.

Abstract: Disclosed herein are systems and method for protecting an endpoint device from malware. In one aspect, an exemplary method comprises performing, by a light analysis tool of the endpoint, a light static analysis of a sample, terminating the process and notifying the user when the process is malware, performing light dynamic analysis when the process is not malware based on the light static analysis, when the process is clean based on the light dynamic analysis, enabling the process to execute, when the process is malware, terminating the process and notifying the user, and when the process is suspicious pattern, suspending the process, setting a level of trust, sending the sample to a sandbox, terminating the process and notifying the user when the process is a malware based on received final verdict, enabling the process to resume executing when the process is determined as being clean based on the final verdict.

Abstract: A systems and methods of managing user data using clustering patterns based on metadata analysis. The described technique includes receiving file metadata from multiple user devices, where the file metadata is associated with data stored on the plurality of user devices associated with a plurality of users. The technique generates a user metadata fingerprint based on a plurality of user metadata record attributes contained in the file metadata, and determines clustering of the plurality of users based on the generated user metadata fingerprint. The data for the plurality of users may be stored based on the determined clustering.

Abstract: Disclosed are systems and methods for proactive disaster recovery. The described technique monitors for events raised by a system of interconnected external sensors and other devices for obtaining data on the external environment of servers. The system uses these events as a chain of triggers according to which preventative or preparatory actions for disaster recovery are performed.