Abstract: Disclosed herein are systems and method efficiently executing a program operation on a cloud-based service. In an exemplary aspect, a method comprises receiving a request to perform a program operation on a cloud-based service and at least one user constraint for performing the program operation, and determining a plurality of sub-operations that are comprised in the program operation. The method comprises identifying a plurality of service component combinations offered by the service provider that can execute the program operation, and identifying at least one processing constraint of each service component. The method comprises determining a service component combination from the plurality of service component combinations for executing the program operation based on the at least one user constraint and processing constraints. The method comprises executing the program operation by the determined service component combination.

Abstract: Disclosed herein are systems and method for customizing a user workspace environment using artificial intelligence-based analysis. In one exemplary aspect, a method comprises detecting user actions in a user workspace environment that provides access to a plurality of workspace elements. The method comprises generating a plurality of rules for customizing the user workspace environment, wherein each rule links a set of input parameters of a machine learning algorithm as criteria with an output user action and an output identifier of the workspace element, and wherein each rule assigns at least one customization action that (1) reduces an amount of steps to perform in the user workspace environment to access the workspace element associated with the output identifier and (2) reduces a processing time to perform the output user action. When a criterion is fulfilled, the method comprises executing a corresponding customization action that alters the user workspace environment.

Abstract: Disclosed herein are systems and method for synthetic file scanning. In one exemplary aspect, a method may comprise, for each respective file in a plurality of files on a storage device, determining a respective likelihood of the respective file being targeted by the malicious activity, and including, in a subset of files, each respective file in the plurality of files with a respective likelihood that is greater than a threshold likelihood. The method may comprise for each respective file in the subset of files, identifying at least one fragment of the respective file that is susceptible to the malicious activity. The method may comprise extracting and storing at least one fragment from each respective file in a synthetic file, and scanning the synthetic file periodically instead of the plurality of files.

Abstract: Systems and methods for file sharing over secure connections.

Abstract: Disclosed are systems and methods for data archiving using machine learning techniques. The system collects statistical information and event data and processes them using machine learning techniques to classify data and/or predict data access demands. The system receives statistical information related to user access of a plurality of files, which can effectively “train” the system to archive data that is not needed at a certain moment and extract it at other moments. The system identifies, using a machine learning module, a pattern of access in the plurality of files based on the received statistical information. The system modifies, using the identified pattern of access, a threshold value related to file access, and assigns a set of files from the plurality of files an access classification based on the modified threshold value. The system migrates the set of files between hot and cold data areas based on the assigned access classification.

Abstract: Disclosed herein are systems and methods for securing cloud meetings using containers. In one aspect, an exemplary system comprises, a device comprising a processor, an OS operable in a user mode and a kernel mode, and a kernel driver for performing operations while in kernel mode, the kernel driver having a kernel driver interceptor configured to: register for a process notification callback for user applications used for web-based meetings, monitor to determine when a process notification callback is received, receive a process notification callback and a command line in the callback, and analyze and transmit the command line to a service that secures the meeting, wherein the securing is performed by: configuring a container for executing the user application in an isolated virtual environment, transferring, to the container, all resources needed to run the user application, and executing the user application in the container.

Abstract: A method for creating a collection with optimized family-specific signatures for protecting from malware includes collecting statistics of potential signatures for chosen sample attribute vectors, the statistics of potential signatures being collected for clean files and malware files, estimating a probability to find a potential signature in the clean files, grouping malware files with the same signature in clusters (families), choosing the most optimal signature for the malware family files based on a predefined target function, and exporting a collection with optimized family-specific signatures configured to be implemented by scan engines.

Abstract: The present disclosure relates to a system and method for creating a backup and restoring the exact clean system state prior to malware detection. The system includes a security system, in communication with one or more applications of a computing system, and a backup unit. The security system detects malware during execution of the applications or events based on a memory dump analysis. The backup unit creates a backup copy of the system state corresponding to each event, labels each copy and creates an index. When the security system detects presence of the malware at a particular event, the backup system parses the index, and with use of the labels, retrieves the exact backup copy that belongs to the event preceding the other event that caused the malware attack.

Abstract: Disclosed herein are systems and methods for updating select files in an image backup. In an exemplary aspect, a method comprises performing an image backup of a storage device comprising a plurality of files. The method comprises selecting a file of the plurality of files based on file selection rules and subsequent to the image backup, detecting that the file has exited a full consistency state. The method comprises monitoring the file to detect a return to the full consistency state. In response to detecting that the file has returned to the full consistency state, the method comprises identifying a physical address of at least one sector comprising the file on the storage device, and updating a version of the file previously captured in the image backup with a version of the file after returning to the full consistency state.

Abstract: A rootkit detection system and method analyzes memory dumps to determine connections between intercepted system driver operations requested by unknown files and changes in system memory before and after those operations. Memory dump differences and I/O buffers are analyzed with machine learning models to identify clustered features associated with rootkits.

Abstract: Disclosed herein are systems and method for forming and executing a backup strategy. In one aspect, an exemplary method comprises forming a respective backup strategy for each respective file of a plurality of files stored in a data source based on a frequency of occurrence, a desired recovery time, and a criticality of data loss for the respective file. The method further comprises executing the respective backup strategy for the respective file.

Abstract: In a multi-tenant hierarchical data storage system, tenant nodes are organized into trees and subtrees including virtual shards and with tenant data on single shards. The system is configured to allow scalable parallel access by a plurality of tenant-users.

Abstract: A multi-layer path-planning system and method calculates trajectories for autonomous vehicles using a global planner, a fast local planner, and an optimizing local planner. The calculated trajectories are used to guide the autonomous vehicle along a bounded path between a starting point and a destination.

Abstract: A system and method for firewall policy control in a system comprising endpoints, including functionality for isolating network elements on endpoints under management. An endpoint management agent cooperates with a remote management service to carry out policy management and synchronization, implement isolation mode when required, and perform related supporting tasks.

Abstract: Disclosed herein are systems and method for securely providing access to data. In one exemplary aspect, a method may comprise receiving a request to access data on a computing device of a user and identifying a location of the computing device. The method may comprise determining whether access to the data is allowed in the location based on a location-based rule of a plurality of location-based rule. The method may comprise, in response to determining that access to the data is allowed in the location, detecting, via sensors of the computing device, (1) at least one other person different from the user or (2) a surveillance device in the location, and determining whether the at least one other person or the surveillance device can view the data without direct access to the computing device. If not, the method may comprise providing access to the data on the computing device.

Abstract: A rootkit detection system and method analyzes memory dumps to determine connections between intercepted system driver operations requested by unknown files and changes in system memory before and after those operations. Memory dump differences and I/O buffers are analyzed with machine learning models to identify clustered features associated with rootkits.

Abstract: Disclosed herein are systems and method for seamlessly migrating from an existing software to a new software. In one exemplary aspect, a method may comprise retrieving usage activity information of the existing software from the at least one computing device and identifying settings from the existing software to migrate. The method may further comprise converting, based on an internal database with metadata information about the new software, the settings in the existing software to corresponding settings in the new software, and determining, based on the usage activity information, a migration plan indicative of a sequence of tasks for installing the new software and removing the existing software such that a quality of service associated with accessing the plurality of features on the at least one computing device does not decrease to less than a threshold quality of service. The method may further comprise executing the migration plan.

Abstract: Disclosed herein are systems and method for verifying user identity. In one exemplary aspect, a method comprises receiving sensor data from at least one sensor and parsing the sensor data to determine a plurality of identifiers of a user authorized to access data via a computing device. The method comprises generating, for each identifier, an event including the user. The method comprises intercepting, on the computing device, a data access request including an identifier of the user. The method comprises verifying whether the data access request is from the user authorized to access data by generating a chain of events including the user for a period of time preceding the data access request, determining a deviation of the chain of events from a target chain of events, and in response to determining the deviation is less than a threshold deviation value, granting the data access request.

Abstract: The invention relates to data recovery technology. An archive connection driver creates a virtual storage medium that is readable by an operating system, with the operating system running antivirus scanning algorithms on the connected virtual storage medium. Corrupted data and malware are deleted and the relevant data blocks repaired in a connected backup. Corrupted data and infected files are restored in marked invalid data in the backup.

Abstract: The invention relates to data recovery technology. Each created backup is checked for the integrity of the placed files, while calculating the checksums of each block of data that can be restored from the backup. The computer system is restored from a backup copy by connecting it using the archive copy connection driver, which creates a virtual disk that is readable by standard means of the operating system of the computer system being restored. The booting of the operating system is performed from the virtual disk and, after restoring the functioning of the computer system, the system volume that has been damaged is restored from the backup copy to the local storage medium.