Abstract: A request is received from a user at a client to access a file of a set of files backed up to a backup server. Upon verifying a password provided by the user, the client is issued another request for authentication. A first data structure is received responsive to the request. The first data structure is generated using identifiers corresponding to a set of files at the client of which at least some presumably have been backed up to the server. A second data structure is generated. The second data structure is generated using identifiers corresponding to the set of files backed up to the server. The first and second data structures are compared to assess a degree of similarity between the files at the client and the files backed up to the backup server. The user is denied access when the degree of similarity is below a threshold.

Abstract: First and second trees having entities identified by hexadecimal values are generated. First files are allocated across the first tree based on hashes of the first files and hexadecimal values of the first tree entities. First index values are calculated for first tree entities using hashes of the first files that have been allocated to entities branching into a lower level of the first tree. Second files are allocated across the second tree based on hashes of the second files and hexadecimal values of the second tree entities. Second index values are calculated for the second tree entities using hashes of the second files that have been allocated to entities branching into a lower level of the second tree. A determination is made of a number of entities between the first and second trees having matching index values to measure similarity between the first and second trees.

Abstract: A request is received from a user at a client to access a file of a set of files backed up to a backup server. Upon verifying a password provided by the user, the client is issued another request for authentication. A first data structure is received responsive to the request. The first data structure is generated using identifiers corresponding to a set of files at the client of which at least some presumably have been backed up to the server. A second data structure is generated. The second data structure is generated using identifiers corresponding to the set of files backed up to the server. The first and second data structures are compared to assess a degree of similarity between the files at the client and the files backed up to the backup server. The user is denied access when the degree of similarity is below a threshold.

Abstract: A request is received from a client seeking to access files stored at a backup server. A first tree is received for the request. The first tree represents hashes of files stored at the client. A second tree is generated representing hashes of the files stored at the backup server. The first and second trees are compared to assess a degree of similarity between the files stored at the client and the files stored at the backup server. The user is denied access to the files stored at the backup server when the degree of similarity is below a threshold.

Abstract: First and second trees having entities identified by hexadecimal values are generated. First files are allocated across the first tree based on hashes of the first files and hexadecimal values of the first tree entities. First index values are calculated for first tree entities using hashes of the first files that have been allocated to entities branching into a lower level of the first tree. Second files are allocated across the second tree based on hashes of the second files and hexadecimal values of the second tree entities. Second index values are calculated for the second tree entities using hashes of the second files that have been allocated to entities branching into a lower level of the second tree. A determination is made of a number of entities between the first and second trees having matching index values to measure similarity between the first and second trees.

Abstract: First and second trees having leaves identified by hexadecimal values are generated. First files from a first file set are allocated across the first tree based on hashes of the first files. The hashes of the first files are translated into first leaf index values. Second files from a second file set are allocated across the second tree based on hashes of the second files. The hashes of the second files are translated into second leaf index values. The first and second leaf index values are compared to identify leaves that are the same between the first and second trees. A similarity index indicating a degree of similarity between the first and second sets of files is created based on the comparison.

Abstract: First and second trees having leaves identified by hexadecimal values are generated. First files from a first file set are allocated across the first tree based on hashes of the first files. The hashes of the first files are translated into first leaf index values. Second files from a second file set are allocated across the second tree based on hashes of the second files. The hashes of the second files are translated into second leaf index values. The first and second leaf index values are compared to identify leaves that are the same between the first and second trees. A similarity index indicating a degree of similarity between the first and second sets of files is created based on the comparison.

Abstract: A request is received from a client seeking to access files stored at a backup server. A first tree is received for the request. The first tree represents hashes of files stored at the client. A second tree is generated representing hashes of the files stored at the backup server. The first and second trees are compared to assess a degree of similarity between the files stored at the client and the files stored at the backup server. The user is denied access to the files stored at the backup server when the degree of similarity is below a threshold.

Abstract: Described is a system that efficiently detects ransomware attacks within a storage environment. The system may perform a specialized validation by comparing a sampling of backup data obtained from a storage environment with a sampling of data maintained by a specialized validation database. Accordingly, if there is a discrepancy between the samples, the system may issue an alert indicating the original backup data may be encrypted as part of a ransomware attack. The system may utilize the specialized sampling as a validation technique in addition, or as an alternative, to relying on data fingerprints for validation. For example, malicious code may be configured to cause the storage environment to provide fingerprints prior to an unauthorized encryption as an attempt to deceive certain validation processes. Accordingly, to counteract such attempts, the system may rely on the sampling of data, instead of relying solely on a fingerprint comparison.

Abstract: Described is a system that efficiently detects ransomware attacks within a storage environment. The system may perform a specialized validation by comparing a sampling of backup data obtained from a storage environment with a sampling of data maintained by a specialized validation database. Accordingly, if there is a discrepancy between the samples, the system may issue an alert indicating the original backup data may be encrypted as part of a ransomware attack. The system may utilize the specialized sampling as a validation technique in addition, or as an alternative, to relying on data fingerprints for validation. For example, malicious code may be configured to cause the storage environment to provide fingerprints prior to an unauthorized encryption as an attempt to deceive certain validation processes. Accordingly, to counteract such attempts, the system may rely on the sampling of data, instead of relying solely on a fingerprint comparison.

Abstract: Described is a system for securing recovery information that is distributed amongst multiple cloud-based systems. Encrypted recovery data may be stored on at least one cloud-based system. To decrypt the recovery data, coordination between multiple cloud-based systems may be required to obtain the encryption key. Accordingly, a production system does not have to perform key management. Therefore, even if the production system is compromised by a malicious party, the encryption key remains secure as multiple cloud-based systems would also have to be comprised. In addition, the system may coordinate the creation and distribution of the recovery information, as well as the acquisition of such recovery information as part of a data recovery process. Thus, the system may secure recovery information by leveraging multiple cloud-based systems (or services).

Abstract: Described is a system for distributing data amongst storage components using data sensitivity (or security) classifications. The system may define categories for classifying data files and assign a sensitivity (or security) rating to each of the defined categories. The categories and/or associated sensitivity ratings may be determined using machine learning components that may leverage industry-specific information or data sensitivity information used by other clients. The system may then continuously reevaluate (or reclassify) data files to determine whether they are stored on a storage component that meets the necessary data sensitivity requirements. If the system determines particular data files are stored on a corresponding storage component that does not meet certain data sensitivity requirements, the system may perform an action to secure the particular data files.

Abstract: The disclosed embodiments include a method of disarming malicious code in a computer system having a processor. The method comprises receiving, by the computer system, input content, and rendering, by the processor, any malicious code included in the input content inactive for its intended malicious purpose without applying a malware detection algorithm to the input content. The rendering is performed by automatically applying, using the processor, a data value alteration model to the input content for altering select data values within the input content, and outputting a new content reflecting the application of the data value alteration model to the input content. The processor renders any malicious code included in the input content inactive for its intended malicious purpose without regard to any structure used to encapsulate the input content. The input content includes media content.

Abstract: The disclosed embodiments include a method for disarming malicious code in a computer system having a processor. The method comprises accessing, by the computer system, input content, wherein the input content includes a plurality of data units having a value representing media content, and adjusting, by the processor, a data unit value of at least a portion of the data units, wherein the portion of the data units and an adjustment of the data unit value are determined so as to render any malicious code included in the plurality of data units inactive for its intended malicious purpose while not interfering with an intended use of the input content.

Abstract: The disclosed embodiments include a method for disarming malicious code in a computer system having a processor. The method comprises accessing, by the computer system, input content, wherein the input content includes a plurality of data units having a value representing media content, and adjusting, by the processor, a data unit value of at least a portion of the data units, wherein the portion of the data units and an adjustment of the data unit value are determined so as to render any malicious code included in the plurality of data units inactive for its intended malicious purpose while not interfering with an intended use of the input content.

Abstract: The disclosed embodiments include a method of disarming malicious code in a computer system having a processor. The method comprises receiving, by the computer system, input content, and rendering, by the processor, any malicious code included in the input content inactive for its intended malicious purpose without applying a malware detection algorithm to the input content. The rendering is performed by automatically applying, using the processor, a data value alteration model to the input content for altering select data values within the input content, and outputting a new content reflecting the application of the data value alteration model to the input content. The processor renders any malicious code included in the input content inactive for its intended malicious purpose without regard to any structure used to encapsulate the input content. The input content includes media content.

Abstract: The disclosed embodiments include a method of disarming malicious code in a computer system having a processor. The method comprises receiving, by the computer system, input content, and rendering, by the processor, any malicious code included in the input content inactive for its intended malicious purpose without applying a malware detection algorithm to the input content. The rendering is performed by automatically applying, using the processor, a data value alteration model to the input content for altering select data values within the input content, and outputting a new content reflecting the application of the data value alteration model to the input content. The processor renders any malicious code included in the input content inactive for its intended malicious purpose without regard to any structure used to encapsulate the input content. The input content includes media content.

Abstract: The disclosed embodiments include a method for disarming malicious code in a computer system having a processor. The method comprises accessing, by the computer system, input content, wherein the input content includes a plurality of data units having a value representing media content, and adjusting, by the processor, a data unit value of at least a portion of the data units, wherein the portion of the data units and an adjustment of the data unit value are determined so as to render any malicious code included in the plurality of data units inactive for its intended malicious purpose while not interfering with an intended use of the input content.

Abstract: The disclosed embodiments include a method of disarming malicious code in a computer system having a processor. The method comprises receiving, by the computer system, input content, and rendering, by the processor, any malicious code included in the input content inactive for its intended malicious purpose without applying a malware detection algorithm to the input content. The rendering is performed by automatically applying, using the processor, a data value alteration model to the input content for altering select data values within the input content, and outputting a new content reflecting the application of the data value alteration model to the input content. The processor renders any malicious code included in the input content inactive for its intended malicious purpose without regard to any structure used to encapsulate the input content. The input content includes media content.

Abstract: A method and a non-transitory computer readable medium that stores instructions for converting a first file of a first format to a second file of a second format that differs from the first format; wherein the converting comprises converting first file fields having invalid values with second file fields having valid values; and converting the second file to a third file of the first file format, if the converting of the first file to the second file succeeds.