Abstract: Backup data is leveraged to determine whether primary data has been encrypted by malware. The disclosed approach does not rely on recognizing particular malware instances or malware provenance, and thus can be applied to any body of data. Even a novel and previously unknown malware attack can be detected in this way. An illustrative data storage management system analyzes secondary copies it created over time, applies a multi-factor analysis to data recovered from the secondary copies and, based on the analysis, infers whether the primary data from which the secondary copies were created may be encrypted. The present approach uses successive versions of backup copies to find indicia of malware encryption, rather than trying to trace or identify the malware itself. Indicia of entropy correlate highly with encryption, such as encryption performed by malware attacks. Conversely, indicia of similarity correlate highly with lack of encryption of successive versions of documents.

Abstract: A system for providing user access to electronic mail includes an email client and an email server. The email client receives and communicates a user interaction with an email message The email server that receives the communication, determines whether the email message stored in a live database or in a backup storage. Upon determination that the email message is stored in a backup storage, the email server performs a message exchange with a backup storage system to perform the user-requested action.

Abstract: Data recovery from a cyber-attack is expedited based on data storage management integration with cyber threat deception. A cyber threat detection and deception system analyzes a “deposit” placed by an attacker at a deception trap, identifies distinguishing attributes of the deposit, and determines which subset of real data assets may be at risk, preferably based on subnet/VLAN proximity to the attacker's deposit. By focusing immediate attention on the subset of at-risk assets, a data storage management system shortens the amount of time needed to identify safe copies and components and to prepare them for recovery. Storage operations involving the at-risk assets are suspended and users are not shown at-risk assets and cannot invoke recovery or copy operations for them. Without the focus on at-risk assets provided by the cyber threat detection and deception system, the data storage management system would take much longer to navigate its backup data stores.

Abstract: A cyber threat detection and deception system interoperates synergistically with a data storage management system. As a proxy for identifying crown jewels among many and diverse data assets in a network, the illustrative cyber threat detection and deception system uses service level information obtained from the data storage management system, e.g., RPO, RTO, append-only secondary storage, synthetic-full frequency, etc. The cyber threat detection and deception system emulates proprietary protocols used by storage management technologies such as the data storage management system, etc. By creating emulation traps and an emulation lexicon of these storage-related protocols, the illustrative cyber threat detection and deception system can create and execute cyber deception plans for the proprietary storage management assets.

Abstract: Protecting configuration data in a clustered container system may include, in some embodiments, protecting an ETCD data store in a Kubernetes cluster. A data storage management system addresses the unique needs of protecting an ETCD data store of a target Kubernetes cluster, as well as protecting non-ETCD data payloads. The illustrative data storage management system defines ETCD as a unique kind of workload. ETCD protection is integrated within the data storage management system, which automatically creates data structures and resources within the system for, and provides special-purpose features to protect, ETCD contents and associated security certificates. One of the special-purpose features deploys a temporary data transfer agent within the target Kubernetes cluster to safeguard an ETCD snapshot and transmit its contents, along with the security certificates, to a backup infrastructure that operates outside of the target Kubernetes cluster.

Abstract: An illustrative air-gapped data storage site for storing secure copies at the air-gapped storage site. Using specialized air-gapped media agents installed within the air-gapped storage pool site, the illustrative system, at an unpredictable time, establishes a one-way tunnel from secondary storage site to air-gapped site to receive backup copies of the data stored at primary site. In another embodiment, during disaster recovery, backup copies stored within the air-gapped site are replicated to a non-air gapped site (e.g., secondary storage pools) as “tertiary copies.” Those copies are then restored to the primary site in original application data formats for quick recovery. As restoration of data is complete, the tertiary copies are promoted to “secondary copies” to receive incremental backups.

Abstract: An information management system includes a storage manager for managing backup and/or restore operations for one or more client computing devices. The storage manager may be in communication with a resource administrator of a computing resource cluster, wherein the resource administrator instantiates one or more computing pods using the computing resource cluster. The resource administrator may receive a request for computing resources from the storage manager and provision the computing pods based on the request. The resource administrator may then select a pre-configured container image from one or more pre-configured container images based on the computing resource request, wherein the pre-configured container image configures a computing pod to create secondary copies of primary data from a particular primary data source of the information management system.

Abstract: A method of summarizing data files includes implementing, at a server, a storage event for a data file, analyzing the data file and creating a summary of the data file, and storing the summary linked to the data file.

Abstract: A backup or storage management system is provided that can secure data within a primary storage environment that stores data in an unsecured format. The storage management system can automatically analyze data received for backup from the primary storage environment and determine whether the data includes information that has been identified as sensitive and/or information that is determined within a threshold degree of probability to be sensitive. The storage management system can then modify the storage of the data that includes sensitive information at the primary storage environment, thereby enabling the data to be secured within the unsecured, or partially secured, primary storage environment. Advantageously, in certain embodiments, by securing data with sensitive information within an unsecured storage environment, embodiments disclosed herein can reduce the occurrences of a data breach or data leak.

Abstract: A system for providing user access to electronic mail includes an email client and an email server. The email client receives and communicates a user interaction with an email message The email server that receives the communication, determines whether the email message stored in a live database or in a backup storage. Upon determination that the email message is stored in a backup storage, the email server performs a message exchange with a backup storage system to perform the user-requested action.

Abstract: Systems and methods that enable an information management system to utilize machine learning processes to modify and/or reconfigure presentation of mailbox contents, such as mail objects (e.g., email messages), are described. The systems and methods may provide data associated with mail objects to a machine learning system, which runs various machine learning processes using the mail object data. The machine learning processes may discover and/or identify connections between mail objects, such as connections between objects based on two or more objects sharing an associated product or service, an object being associated with a trending topic or issue, an object being associated and/or identified as having a relative high (or, low) priority, and so on.

Abstract: Systems and methods that enable an information management system to utilize machine learning processes to modify and/or reconfigure presentation of mailbox contents, such as mail objects (e.g., email messages), are described. The systems and methods may provide data associated with mail objects to a machine learning system, which runs various machine learning processes using the mail object data. The machine learning processes may discover and/or identify connections between mail objects, such as connections between objects based on two or more objects sharing an associated product or service, an object being associated with a trending topic or issue, an object being associated and/or identified as having a relative high (or, low) priority, and so on.

Abstract: A method of summarizing data files includes implementing, at a server, a storage event for a data file, analyzing the data file and creating a summary of the data file, and storing the summary linked to the data file.

Abstract: This application relates to ransomware detection and data pruning management. Ransomware typically involves an I/O heavy process of encrypting data files and/or deleting or renaming the original files. Thus, ransomware attacks may be detected by analyzing the I/O activity in a given file system. In some embodiments, a software module running on a client machine manages copying, archiving, migrating, and/or replicating of primary data and restoring and/or pruning secondary data (e.g., backup copies of the primary data). When a potential ransomware attack is detected, the software module is immediately stopped so that the software module does not prune any data that may need to be restored. Upon receiving user input that indicates that the client machine is not under a ransomware attack, the software module is allowed to resume its operations, including pruning of the secondary data.

Abstract: A method and system for remotely executing commands at a client computing device. The method comprises receiving a selection of commands to transmit to a group of client computing devices via a webserver. The group of client computing devices, as well as the selected commands, are associated with a group identifier. The method validates access privileges of the administrator to transmit the selected commands to the group of client computing devices. Upon receipt of the selected commands, the webserver transmits the selected commands to at least one registered proxy server. The registered proxy server then determines one or more client identifiers associated with the group identifier. Each client identifier is assigned to a client computing device. Upon receipt of the selected commands, the registered proxy server transmits the selected commands to client computing devices in the group of client computing devices matching the determined client identifiers.

Abstract: A method of summarizing data files includes implementing, at a server, a storage event for a data file, analyzing the data file and creating a summary of the data file, and storing the summary linked to the data file.

Abstract: A method and system for remotely executing commands at a client computing device. The method comprises receiving a selection of commands to transmit to a group of client computing devices via a webserver. The group of client computing devices, as well as the selected commands, are associated with a group identifier. The method validates access privileges of the administrator to transmit the selected commands to the group of client computing devices. Upon receipt of the selected commands, the webserver transmits the selected commands to at least one registered proxy server. The registered proxy server then determines one or more client identifiers associated with the group identifier. Each client identifier is assigned to a client computing device. Upon receipt of the selected commands, the registered proxy server transmits the selected commands to client computing devices in the group of client computing devices matching the determined client identifiers.

Abstract: A content analysis system of an information management system can analyze data for one or more data governance tasks. The content analysis system can reduce the overhead on the information management system when identifying sensitive data by analyzing a portion of the data in the file without analyzing the entirety of the file. The content analysis system may reduce overhead by analyzing a portion of files that include structured data. If the portion of the file that includes structured data does not include sensitive data, it is often the case that the entire file excludes sensitive data. Thus, overhead can be reduced by analyzing the portion of the file instead of the entire file. Further, the content analysis system can modify an information management job based on the determination of the inclusion of sensitive data to comply with data protection and privacy rules.

Abstract: A backup or storage management system is provided that can secure data within a primary storage environment that stores data in an unsecured format. The storage management system can automatically analyze data received for backup from the primary storage environment and determine whether the data includes information that has been identified as sensitive and/or information that is determined within a threshold degree of probability to be sensitive. The storage management system can then modify the storage of the data that includes sensitive information at the primary storage environment, thereby enabling the data to be secured within the unsecured, or partially secured, primary storage environment. Advantageously, in certain embodiments, by securing data with sensitive information within an unsecured storage environment, embodiments disclosed herein can reduce the occurrences of a data breach or data leak.

Abstract: Systems and methods that enable an information management system to utilize machine learning processes to modify and/or reconfigure presentation of mailbox contents, such as mail objects (e.g., email messages), are described. The systems and methods may provide data associated with mail objects to a machine learning system, which runs various machine learning processes using the mail object data. The machine learning processes may discover and/or identify connections between mail objects, such as connections between objects based on two or more objects sharing an associated product or service, an object being associated with a trending topic or issue, an object being associated and/or identified as having a relative high (or, low) priority, and so on.