Abstract: Systems and methods are provided for data randomization using live patching. A method may comprise generating a plurality of randomization live patches, wherein each randomization live patch comprises a respective technique for swapping data values within a data structure. The method may comprise identifying software comprising at least one of: an operating system and an application, identifying a first data structure associated with the software, and selecting a first randomization live patch from the plurality of randomization live patches. The method may comprise modifying, during runtime and without restarting the software, the software using the first randomization live patch such that data values within the first data structure are swapped or shifted in accordance with a first technique.

Abstract: Systems and methods are provided for reducing attack surface of a software environment by removing code of an unused functionality. A security hardening module may identify a portion of code of a software, the software comprising at least one of: an operating system and an application. The security hardening module may determine whether the portion is being utilized, and in response to determining that the process is not being utilized, the security hardening module may generate a live patch that removes the portion from the code and may modify, during runtime, the software using the live patch without restarting the software.

Abstract: Methods and systems are provided for modifying configuration of a storage system using artificial intelligence. An exemplary method comprises collecting, over a period of time, health and parameter information of the storage system. The method comprises predicting, using a machine learning algorithm, upcoming events that may degrade performance of the storage system based on the health and parameter information. The method comprises determining that the storage system will not operate in accordance with a set of goals based on the upcoming events. In response to determining that the storage system will not operate in accordance with the set of goals, the method comprises generating parameter changes, and applying the parameter changes to the storage system.

Abstract: A variety of methods are provided for an application or operating system (OS) kernel intrusion detection and prevention, based on verification of security invariants and legitimacy of security state transitions from the past historical state. Methods are provided for an application or OS kernel intrusion detection and prevention for unknown attack vectors and vulnerabilities based on additional security checks added to the software by means of live patching.

Abstract: Disclosed are systems and methods for proactive disaster recovery. The described technique monitors for events raised by a system of interconnected external sensors and other devices for obtaining data on the external environment of servers. The system uses these events as a chain of triggers according to which preventative or preparatory actions for disaster recovery are performed.

Abstract: Disclosed herein are systems and method for de-duplicating blocks of data. In one aspect, an exemplary method comprises receiving a block of data at a de-duplication engine that comprises a first block node and a first page node, wherein the first block node stores a single block descriptor for at least two identical blocks previously received and wherein the first page node stores single instances of identical pages in the at least two identical blocks. The method comprises comparing the received block with the at least two identical blocks. In response to determining that the received block partially matches the at least two identical blocks, the method comprises storing a block descriptor of the received block in a second block node and storing at least one page that matches between the received block and the at least two identical blocks in a second page node of the de-duplication engine.

Abstract: Systems and methods are provided for data randomization using live patching. A method may comprise generating a plurality of randomization live patches, wherein each randomization live patch comprises a respective technique for swapping data values within a data structure. The method may comprise identifying software comprising at least one of: an operating system and an application, identifying a first data structure associated with the software, and selecting a first randomization live patch from the plurality of randomization live patches. The method may comprise modifying, during runtime and without restarting the software, the software using the first randomization live patch such that data values within the first data structure are swapped or shifted in accordance with a first technique.

Abstract: A variety of methods are provided for an application or operating system (OS) kernel intrusion detection and prevention, based on usage of existing vulnerability fixes and their transformation into honeypot detectors. A honeypot patch may be generated for a computing system associated with a software vulnerability in software installed on the computing system. The honeypot patch, when used to modify the installed software, can convert the computing system into a honeypot system configured to detect attempts to exploit the software vulnerability of the software, and in response, generate a security event associated with the software vulnerability.

Abstract: Disclosed herein are systems and method for de-duplicating blocks of data. In one aspect, an exemplary method comprises for each previously de-duplicated block of data of a de-duplication engine, storing de-duplicated pages references by hashes and a block descriptor. The method comprises receiving, at the de-duplication engine, a new block of data for de-duplication assessment and determining a similarity of the received block to the previously de-duplicated blocks. When the received block is determined as being similar to the previously de-duplicated blocks, the method comprises storing the received block without duplication in the de-duplication engine, including pages of the block referenced by the hashes and the block descriptor.

Abstract: Disclosed herein are systems and method for building content for a de-duplication engine. In one aspect, an exemplary method comprises periodically receiving instructions for cycling through a coalescing phase and a sedimentation phase of the de-duplication engine, during a first coalescing phase, selecting a set of seed blocks that are similar to each other, when an instruction for proceeding to a next sedimentation phase is received, entering the sedimentation phase during which newly received blocks are processed to be stored near similar seed blocks, and when an instruction to proceed to a next coalescing phase is received, entering the coalescing phase to update the set of seed blocks.

Abstract: Methods and systems are provided for modifying configuration of a storage system using artificial intelligence. An exemplary method comprises collecting, over a period of time, health and parameter information of the storage system. The method comprises predicting, using a machine learning algorithm, upcoming events that may degrade performance of the storage system based on the health and parameter information. The method comprises determining that the storage system will not operate in accordance with a set of goals based on the upcoming events. In response to determining that the storage system will not operate in accordance with the set of goals, the method comprises generating parameter changes, and applying the parameter changes to the storage system.

Abstract: A system and method is provided for fast random access erasure encoded storage. An exemplary method includes writing data to an append-only data log that includes data log extents that are each associated with data that is mapped to corresponding offset range of a virtual file of a client and storing the append-only data log as a sequence of data chunks each allocated on one or more one storage disks. Moreover, the method determines an amount of useful data in one or more data chunks and, when the amount of useful data in the data chunk is less than a predetermined threshold, appending the useful data from the data chunk to an end of the append-only data log. Finally, the data log is cleaned by releasing the one or more data chunk from the append-only data log after the useful data is appended to the append-only data log.

Abstract: Methods and systems are provided for modifying configuration of a storage system using artificial intelligence. An exemplary method comprises storing an initial configuration of the storage system as configuration parameters, collecting health information and parameter information related to the storage system over a period of time, analyzing the collected health information using machine learning by comparing the health and the parameter information to a set of goals of the storage system, and in response to determining that the storage system is not operating in accordance with the set of goals, identifying a problem with the storage system using artificial intelligence by analyzing the health information and generating parameter changes that correct the problem, updating the configuration parameters with the parameter changes and applying the parameter changes to the storage system to correct the problem and restore performance of the storage system.

Abstract: Systems and methods are provided for reducing attack surface of a software environment by removing code of an unused functionality. A security hardening module may identify a portion of code of a software, the software comprising at least one of: an operating system and an application. The security hardening module may determine whether the portion is being utilized, and in response to determining that the process is not being utilized, the security hardening module may generate a live patch that removes the portion from the code and may modify, during runtime, the software using the live patch without restarting the software.

Abstract: Disclosed herein are systems and method for de-duplicating blocks of data. In one aspect, an exemplary method comprises receiving a block of data at a de-duplication engine that comprises a first block node and a first page node, wherein the first block node stores a single block descriptor for at least two identical blocks previously received and wherein the first page node stores single instances of identical pages in the at least two identical blocks. The method comprises comparing the received block with the at least two identical blocks. In response to determining that the received block partially matches the at least two identical blocks, the method comprises storing a block descriptor of the received block in a second block node and storing at least one page that matches between the received block and the at least two identical blocks in a second page node of the de-duplication engine.

Abstract: A variety of methods are provided for an application or operating system (OS) kernel intrusion detection and prevention, based on verification of security invariants and legitimacy of security state transitions from the past historical state. Methods are provided for an application or OS kernel intrusion detection and prevention for unknown attack vectors and vulnerabilities based on additional security checks added to the software by means of live patching.

Abstract: Disclosed herein are systems and method for de-duplicating blocks of data. In one aspect, an exemplary method comprises for each previously de-duplicated block of data of a de-duplication engine, storing de-duplicated pages references by hashes and a block descriptor. The method comprises receiving, at the de-duplication engine, a new block of data for de-duplication assessment and determining a similarity of the received block to the previously de-duplicated blocks. When the received block is determined as being similar to the previously de-duplicated blocks, the method comprises storing the received block without duplication in the de-duplication engine, including pages of the block referenced by the hashes and the block descriptor.

Abstract: A variety of methods are provided for an application or operating system (OS) kernel intrusion detection and prevention, based on usage of existing vulnerability fixes and their transformation into honeypot detectors. A honeypot patch may be generated for a computing system associated with a software vulnerability in software installed on the computing system. The honeypot patch, when used to modify the installed software, can convert the computing system into a honeypot system configured to detect attempts to exploit the software vulnerability of the software, and in response, generate a security event associated with the software vulnerability.

Abstract: Disclosed herein are systems and method for de-duplicating blocks of data. In one aspect, an exemplary method comprises for each previously de-duplicated block of data of a de-duplication engine, storing de-duplicated pages references by hashes and a block descriptor, creating a set of hash components of the previously de-duplicated blocks, and for each newly received block of data for de-duplication, calculating a translation tolerant hash vector including a predetermined number of hash components, determining a similarity of the received block to the previously de-duplicated blocks based on a comparison of the hash components of the received block with the hash components in the set, and when the received block is determined as being similar to the previously processed blocks based on the comparison, storing the block without duplication in the de-duplication engine, including pages of the block referenced by hashes and a block descriptor.

Abstract: Disclosed are systems and methods for proactive disaster recovery. The described technique monitors for events raised by a system of interconnected external sensors and other devices for obtaining data on the external environment of servers. The system uses these events as a chain of triggers according to which preventative or preparatory actions for disaster recovery are performed.