Abstract: Disclosed herein are systems and methods for securing cloud meetings using containers. In one aspect, an exemplary system comprises, a device comprising a processor, an OS operable in a user mode and a kernel mode, and a kernel driver for performing operations while in kernel mode, the kernel driver having a kernel driver interceptor configured to: register for a process notification callback for user applications used for web-based meetings, monitor to determine when a process notification callback is received, receive a process notification callback and a command line in the callback, and analyze and transmit the command line to a service that secures the meeting, wherein the securing is performed by: configuring a container for executing the user application in an isolated virtual environment, transferring, to the container, all resources needed to run the user application, and executing the user application in the container.

Abstract: Disclosed herein are systems and methods for preventing malicious injections. In one aspect, a method includes monitoring active processes that are running in suspended mode. For each active process being monitored, the method includes injecting a dynamic link library (DLL) into the active process to hook an application programming interface (API) of an application corresponding to the active process, wherein the DLL is injected for tracking commands for suspension and resumption of the active process. The method includes monitoring file inputs and outputs of the application for anomalies while the active process is in the suspended mode, and when a command for resuming the active process is detected using the DLL, determining, based on the monitoring, whether a malicious process is inserted into the active process. The method includes allowing the suspended process to resume execution in response to determining that no malicious process is inserted in the active process.

Abstract: Disclosed herein are systems and method for performing failover during a cyberattack. In one exemplary aspect, a method comprises monitoring a computing device for the cyberattack and detecting that the cyberattack is in progress. While the cyberattack is in progress, the method comprises identifying a failover device that corresponds to the computing device, hardening the failover device to prevent the cyberattack from affecting the failover device, and performing failover by switching from the computing device to the failover device.

Abstract: Disclosed herein are systems and methods for providing network protection for web-based conferencing services. In one aspect, an exemplary system comprises, a device comprising a processor, an operating system (OS) operable in a user mode and a kernel mode, and a kernel driver for performing operations while the OS is in kernel mode, the kernel driver configured to: monitor file operations that involve objects belonging to a web conferencing service, receive a request from an application executing in a user mode, the request being for an operation to be executed in the kernel mode, when the operation involves at least one object belonging to the web conferencing service, request for an authorization from a protection service executing in the user mode, and allow the operation to be performed only when the authorization is received from the protection service.

Abstract: Aspects of the disclosure describe methods and systems for cross-referencing forensic snapshots over time. In one exemplary aspect, a method may comprise receiving a first snapshot of a computing device at a first time and a second snapshot of the computing device at a second time and applying a pre-defined filter to the first snapshot and the second snapshot, wherein the pre-defined filter includes a list of files that are to be extracted from each snapshot. The method may comprise subsequent to applying the pre-defined filter, identifying differences in the list of files extracted from the first snapshot and the second snapshot. The method may comprise creating a change map for the computing device that comprises the differences in the list of files over a period of time, wherein the period of time comprises the first time and the second time, and outputting the change map in a user interface.

Abstract: A method for providing high availability Virtual Desktop Infrastructure (VDI) includes determining, by a VDI client and based on connection information for a first VDI broker associated with a first datacenter, whether a connection to the first VDI broker is available, and responsive to determining that the connection to the first VDI broker associated with the first datacenter is available, connecting the VDI client to a first VDI broker associated with a first datacenter.

Abstract: Disclosed herein are systems and method for determining a backup schedule on a computer system. In one exemplary aspect, a method may comprise collecting user behavior data on the computer system and analyzing the user behavior data to determine an optimal time of a backup session to create backup copies of modified data stored on a volume of the computer system. The method may comprise determining an optimal duration of the backup session based on the analyzed user behavior and prioritizing portions of the modified data based on priority rules. The method may comprise determining a prioritized portion of the modified data that can be saved during the backup session based on the duration, computer system hardware and network bandwidth at the optimal time of backup, and performing the backup session comprising the prioritized portion.

Abstract: Disclosed are systems and methods for proactive disaster recovery. The described technique monitors for events raised by a system of interconnected external sensors and other devices for obtaining data on the external environment of servers. The system uses these events as a chain of triggers according to which preventative or preparatory actions for disaster recovery are performed.

Abstract: Aspects of the disclosure describe methods and systems for transmitting data via a satellite to a ground node. In one exemplary aspect, a method comprises splitting, on a satellite, a data segment into a plurality of data chunks, wherein an amount of the data chunks equals a number of ground nodes that the data chunks will be transmitted to. For each respective data chunk, the method comprises determining whether the satellite has a stable connection with the respective ground node. When the satellite has the stable connection with the respective ground node, the method comprises transmitting, by the satellite, the respective data chunk to the respective ground node, and when the satellite does not have the stable connection with the respective ground node, the method comprises transmitting, by the satellite, the respective data chunk to a neighboring satellite for storage until the stable connection is established.

Abstract: Disclosed herein are systems and methods for managing access to data objects in cloud storage. In one aspect, an exemplary method comprises storing, by a processor, a data object in a storage device of a cloud storage service for a duration of time, wherein the data object is accessible to a plurality of user accounts. The method comprises extending the duration of time for retaining the data object on the storage device to a first extended duration when a degree of access of the data object by the plurality of user accounts meets a target threshold value during the duration of time. The method further comprises extending the duration of time for retaining the data object on the storage device to a second extended duration when the degree of access does not meet the target threshold value during the duration of time.

Abstract: Disclosed herein are systems and method for de-duplicating blocks of data. In one aspect, an exemplary method comprises receiving a block of data at a de-duplication engine that comprises a first block node and a first page node, wherein the first block node stores a single block descriptor for at least two identical blocks previously received and wherein the first page node stores single instances of identical pages in the at least two identical blocks. The method comprises comparing the received block with the at least two identical blocks. In response to determining that the received block partially matches the at least two identical blocks, the method comprises storing a block descriptor of the received block in a second block node and storing at least one page that matches between the received block and the at least two identical blocks in a second page node of the de-duplication engine.

Abstract: A method and system for verified data restoration in storage systems is described. The method may include calculating a hash sum relating to initial data for storing in an archive and storing the data into the archive and storing the calculated initial hash sum into a blockchain network. The method may further include retrieving the data from the archive and calculating a retrieved hash sum of the retrieved data. The method may also include comparing the initial hash sum from the blockchain network with the retrieved hash sum. The method may additionally include restoring the data from the archive if the initial hash sum is equivalent to the retrieved hash sum.

Abstract: Disclosed herein are systems and method for inspecting archived slices for malware. In one exemplary aspect, the method comprises mounting, to a disk, a first slice of a plurality of slices in a backup archive, wherein the first slice is an image of user data at a first time. The method further comprises detecting a modified block of the mounted, identifying at least one file in the mounted first slice that corresponds to the detected modified block, and scanning the at least one file for viruses and malicious software. In response to detecting that the at least one file is infected, the method comprises generating a cured slice that comprises the user data of the mounted first slice without the at least one file.

Abstract: Disclosed herein are systems and method for disaster recovery using application streaming. In one aspect, a method includes generating a backup image of a computing system having at least one installed application and user data. The generating involves including the user data in the backup image and actively excluding program data files of the at least one installed application from the backup image. The method includes determining an application package specifying the installed application. The application package is stored at an application streaming service. Responsive to detecting a disaster recovery event, the method further includes copying the user data from the backup image to a recovery computing instance, and executing, on the recovery computing instance, a remote application from the application streaming service based on the determined application package.

Abstract: Disclosed herein are systems and methods for data remediation without data loss. In one exemplary aspect, the method comprises performing, at a first time, a first backup of a plurality of files on a file system of a computer system; tracking changes to any of the plurality of files on the file system after the first time; performing, at a second time, a second backup of the plurality of files on the file system; detecting, based on a scan of the second backup, an infection of the computer system caused by a malicious application; identifying, by the processor, a most recent backup of the file system that does not comprise the infection; in response to determining that the first backup is the most recent backup: restoring the first backup to the file system, and restoring a subset of files on the file system for which authorized changes.

Abstract: Disclosed herein are systems and method for multiplexing data of an underlying index. In an exemplary aspect, an index handler may generate a plurality of slots and a plurality of data buckets for a traditional index. The index handler may receive, from a software application, a request to access a data file. The index handler may determine whether any slot of the plurality of slots is attached to a respective data bucket of the plurality of data buckets comprising the data file. In response to determining that a first slot of the plurality of slots is attached to a first data bucket comprising the data file, the index handler may enable, via the first data bucket attached to the first slot, access to the data file to the software application.

Abstract: Disclosed herein are systems and method for malicious behavior detection in processing chains comprising identifying and monitoring events generated by a first process executing on a computing device; storing snapshots of data modified by any of the events; determining a level of suspicion for the first process, wherein the level of suspicion is a likelihood of the first process being attributed to malware based on the data modified by any of the events; in response to determining that the first process is not trusted based on the determined level of suspicion, identifying at least one sub-process of the first process; and restoring, from the snapshots, objects affected by the first process and the at least one sub-process.

Abstract: Disclosed herein are systems and method for determining a boot status of a failover server. In an exemplary aspect, a method may receive a failover test request for a failover server that provides disaster recovery for a production server, wherein the failover test request queries a successful boot status of the failover server. The method may determine whether a login into the failover server can be performed to execute the failover test request. In response to determining that the login cannot be performed, the method may retrieve server metrics for a failover server from a metric store and may determine a probability of the successful boot status based on both the retrieved server metrics and historic server metrics. In response to determining that the probability is greater than a threshold probability, the method may mark a recovery point of the failover server as validated.

Abstract: Disclosed herein are systems and method for selectively restoring a computer system to an operational state. In an exemplary aspect, the method may include creating a backup image of the computer system comprising a set of data blocks, detecting that the computer system has begun an initial startup, identifying a subset of the data blocks read from a disk of the computer system during the initial startup. In response to determining that the computer system should be restored, the method may include restoring the subset of the data blocks such that the computer system is operational during startup, and restoring a remaining set of the data blocks from the backup image after the startup of the computer system.

Abstract: Disclosed herein are systems and method for selectively restoring a computer system to an operational state. In an exemplary aspect, the method may create a backup image of the computer system comprising a set of data blocks, and create and start a virtual machine based on the backup image. The method may identify a subset of the data blocks accessed from the backup image during startup of the virtual machine. In response to determining that the computer system should be restored, the method may restore the subset of the data blocks such that the computer system is operational during startup, and restore a remaining set of the data blocks from the backup image after the startup of the computer system.