Abstract: A method includes a data protection system determining, based on a first security threat detection process, that a storage system is possibly being targeted by a security threat; performing, based on the determining that the storage system is possibly being targeted by the security threat, a first remedial action with respect to the storage system, the first remedial action comprising generating a snapshot of data stored by the storage system; confirming, based on a second security threat detection process, whether the storage system is possibly being targeted by the security threat; and performing, based on the confirming whether the storage system is possibly being targeted by the security threat, a second remedial action with respect to the storage system, the second remedial action comprising specifying a retention duration with respect to the snapshot.

Abstract: An illustrative method includes determining that a total amount of read traffic and write traffic processed by a storage system during a time period exceeds a threshold; determining a first compressibility metric associated with the write traffic; determining a second compressibility metric associated with the read traffic; determining, based on a comparison of the first compressibility metric with the second compressibility metric, that the write traffic is less compressible than the read traffic; determining, based on the total amount of read traffic and write traffic exceeding the threshold and on the write traffic being less compressible than the read traffic, that the storage system is possibly being targeted by a security threat; and modifying, in response to the determining that the storage system is possibly being targeted by the security threat, a data protection parameter set for one or more recovery datasets generated by the storage system.

Abstract: An illustrative method includes determining that a total amount of read traffic and write traffic processed by a storage system during a time period exceeds a threshold; determining a first compressibility metric associated with the write traffic; determining a second compressibility metric associated with the read traffic; determining, based on a comparison of the first compressibility metric with the second compressibility metric, that the write traffic is less compressible than the read traffic; determining, based on the total amount of read traffic and write traffic exceeding the threshold and on the write traffic being less compressible than the read traffic, that the storage system is possibly being targeted by a security threat; and modifying, in response to the determining that the storage system is possibly being targeted by the security threat, a data protection parameter set for one or more recovery datasets generated by the storage system.

Abstract: An illustrative method includes a data protection system directing a storage system to generate recovery datasets over time in accordance with a data protection parameter set, the recovery datasets usable to restore data maintained by the storage system to a state corresponding to a selectable point in time, determining that the storage system is possibly being targeted by a security threat, and modifying, in response to the determining that the storage system is possibly being targeted by the security threat, the data protection parameter set for one or more of the recovery datasets.

Abstract: An illustrative method includes a data protection system determining a first compressibility metric associated with write traffic processed by a storage system, the first compressibility metric indicating an amount of storage space saved if the write traffic is compressed; determining a second compressibility metric associated with read traffic processed by a storage system, the second compressibility metric indicating an amount of storage space saved if the read traffic is compressed; determining, based on a comparison of the first compressibility metric with the second compressibility metric, that the write traffic is less compressible than the read traffic; determining, based on the write traffic being less compressible than the read traffic, that the storage system is possibly being targeted by a security threat; and performing, based on the determining that the storage system is possibly being targeted by the security threat, a remedial action with respect to the storage system.

Abstract: An illustrative method includes a data protection system detecting, for a storage system, a potential data corruption in the storage system, analyzing, in response to the detecting of the potential data corruption, one or more metrics of the storage system, and determining, based on the analyzing of the one or more metrics of the storage system, a corruption-free recovery point for potential use to recover from the potential data corruption.

Abstract: An illustrative method includes a data protection system performing, for a storage system, a first security threat detection process, determining, based on the performing of the first security threat detection process, that the storage system is possibly being targeted by a security threat, and performing a second security threat detection process, the second security threat detection process providing higher confidence threat detection than the first security threat detection process.

Abstract: An illustrative method includes a data protection system determining a first compressibility metric associated with write traffic processed by a storage system, the first compressibility metric indicating an amount of storage space saved if the write traffic is compressed; determining a second compressibility metric associated with read traffic processed by a storage system, the second compressibility metric indicating an amount of storage space saved if the read traffic is compressed; determining, based on a comparison of the first compressibility metric with the second compressibility metric, that the write traffic is less compressible than the read traffic; determining, based on the write traffic being less compressible than the read traffic, that the storage system is possibly being targeted by a security threat; and performing, based on the determining that the storage system is possibly being targeted by the security threat, a remedial action with respect to the storage system.

Abstract: An illustrative method includes a data protection system determining that a total amount of read traffic and write traffic processed by a storage system during a time period exceeds a threshold, the read traffic representing data read from the storage system during the time period and the write traffic representing data written to the storage system during the time period, determining that the write traffic is less compressible than the read traffic, and determining, based on the total amount of read traffic and write traffic exceeding the threshold and on the write traffic being less compressible than the read traffic, that the storage system is possibly being targeted by a security threat.

Abstract: An illustrative method includes a data protection system detecting, for a storage system, a potential data corruption in the storage system, analyzing, in response to the detecting of the potential data corruption, one or more metrics of the storage system, and determining, based on the analyzing of the one or more metrics of the storage system, a corruption-free recovery point for potential use to recover from the potential data corruption.

Abstract: An illustrative method includes a data protection system directing a storage system to generate recovery datasets over time in accordance with a data protection parameter set, the recovery datasets usable to restore data maintained by the storage system to a state corresponding to a selectable point in time, determining that the storage system is possibly being targeted by a security threat, and modifying, in response to the determining that the storage system is possibly being targeted by the security threat, the data protection parameter set for one or more of the recovery datasets.

Abstract: An illustrative method includes a data protection system determining that a total amount of read traffic and write traffic processed by a storage system during a time period exceeds a threshold, the read traffic representing data read from the storage system during the time period and the write traffic representing data written to the storage system during the time period, determining that the write traffic is less compressible than the read traffic, and determining, based on the total amount of read traffic and write traffic exceeding the threshold and on the write traffic being less compressible than the read traffic, that the storage system is possibly being targeted by a security threat.

Abstract: An illustrative method includes a data protection system performing, for a storage system, a first security threat detection process, determining, based on the performing of the first security threat detection process, that the storage system is possibly being targeted by a security threat, and performing a second security threat detection process, the second security threat detection process providing higher confidence threat detection than the first security threat detection process.

Abstract: An exemplary method includes a monitoring system detecting that a storage system receives a request to perform an operation that affects a capacity of a storage structure within the storage system, identifying an attribute of at least one of the request and the storage system, determining, based on the attribute, that the request is indicative of a malicious action, and performing, in response to the determining that the request is indicative of the malicious action, a remedial action with respect to the requested operation.