Abstract: Disclosed herein are systems and method for securely providing access to data. In one exemplary aspect, a method may comprise receiving a request to access data on a computing device of a user and identifying a location of the computing device. The method may comprise determining whether access to the data is allowed in the location based on a location-based rule of a plurality of location-based rule. The method may comprise, in response to determining that access to the data is allowed in the location, detecting, via sensors of the computing device, (1) at least one other person different from the user or (2) a surveillance device in the location, and determining whether the at least one other person or the surveillance device can view the data without direct access to the computing device. If not, the method may comprise providing access to the data on the computing device.

Abstract: Disclosed herein are systems and method storing data. In an exemplary aspect, a method comprises determining a threshold data size for objects in a target data system; generating a data blob that has an allocated size of at least the threshold data size, wherein the data blob comprises at least one data set; identifying a data set stored in a source data system for backup to the target data system; determining whether a size of the data set is less than the threshold data size; and responsive to determining that the size of the data set is less than the threshold data size, inserting the data set into the data blob; and writing the data blob to the target data system.

Abstract: A processing device in a host computer system receives an instruction to write data to a storage device coupled to the host computer system and store a copy of the data in a cache of the host computer system. The processing device initiates a write operation to write the data from the cache to the storage device and detects that the storage device is disconnected from the host computer system during execution of the write operation. In response to detecting that the storage device is disconnected, the processing device may suspend execution of at least one of a virtual machine or a process that issued the first instruction. After determining that the storage device is reconnected to the host computer system, the processing device can resumes the write operation to continue writing the data from the cache to the storage device.

Abstract: Disclosed herein are systems and method for isolating private information in streamed data. In an exemplary aspect, a method may comprise receiving a stream of data, for storage in a first storage device, and an indication of how the stream will be utilized by an end user. The method may comprise comparing the indication against a plurality of rules, wherein each rule indicates a type of private information that should be isolated from a given input stream based on a respective indication of usage for the given input stream. The method may comprise identifying and extracting a first type of private information that should be isolated from the stream, modifying the stream by removing the first type of private information from the stream, storing the modified stream in the first storage device, and storing the extracted first type of private information in a different location from the modified stream.

Abstract: Disclosed herein are systems and method for synthetic file scanning. In one exemplary aspect, a method may comprise, for each respective file in a plurality of files on a storage device, determining a respective likelihood of the respective file being targeted by the malicious activity, and including, in a subset of files, each respective file in the plurality of files with a respective likelihood that is greater than a threshold likelihood. The method may comprise for each respective file in the subset of files, identifying at least one fragment of the respective file that is susceptible to the malicious activity. The method may comprise extracting and storing at least one fragment from each respective file in a synthetic file, and scanning the synthetic file periodically instead of the plurality of files.

Abstract: Disclosed herein are systems and method for selectively restoring a computer system to an operational state. In an exemplary aspect, the method may create a backup image of the computer system comprising a set of data blocks and may store the backup image of the computer system in an archive storage database. The method may determine a subset of the data blocks of the backup image that are required to keep the computer system operational. In response to determining that the computer system should be restored, the method may restore the subset of the data blocks such that the computer system is operational during startup, and may restore a remaining set of the data blocks from the backup image after the startup of the computer system.

Abstract: Disclosed are systems and method for machine learning and blockchain-based anti-discrimination validation. The described techniques uses a machine learning model to generate a numerical determination associated with a first person based on an input data set associated with the first person. The numerical determination is further based on a corrective module configured to compensate for prohibited discrimination by the machine learning model. The technique generates a blockchain transaction data structure comprising a state of the machine learning model at the time of generating the numerical determination, a copy of the input data set associated with the person, and an indication of a correction by the machine learning model. The blockchain transaction data structure is recorded or published in a blockchain network.

Abstract: Disclosed herein are systems and method for malicious behavior detection in processing chains comprising identifying a chain of related processes executing on a computing device; for each respective process in the chain of related processes: monitoring events generated by the respective process; storing snapshots of data modified by any of the events; determining a level of suspicion for the respective process by applying an artificial intelligence (AI) model to the snapshots of data; determining whether the chain of related processes is trusted based on the determined levels of suspicion; and in response to determining that the chain of related processes is not trusted, restoring objects affected by the chain from the snapshots.

Abstract: Disclosed herein are systems and method for backing up data in a load-balanced clustered environment. A clustered resource to be backed up is selected, wherein the clustered resource is stored on a common storage system and operated on by a cluster-aware application executing on at least a first node and a second node of a computing cluster. A load-balanced application may migrate the clustered resource from the first node with a high-load consumption to the second node with low-load consumption. A list of changes made by both nodes are received and merged. A backup agent then generates a consistent incremental backup using data retrieved from the common storage system according to the merged list of changes to the clustered resource.

Abstract: Disclosed herein are systems and method for forming and executing a backup strategy. In one aspect, an exemplary method comprises forming a respective backup strategy for each respective file of a plurality of files stored in a data source based on a frequency of occurrence, a desired recovery time, and a criticality of data loss for the respective file. The method further comprises executing the respective backup strategy for the respective file.

Abstract: Disclosed herein are systems and methods for protecting user data. In one aspect, an exemplary method comprises, by a hardware processor, detecting one or more user files modified by a user on a user device; identifying user actions executed by the user to modify the one or more user files; training a machine learning algorithm to identify whether an arbitrary user action is performed by the user, wherein the user actions used by the user to modify the one or more user files are comprised in a training dataset of the machine learning algorithm; detecting a user action to modify a user file; determining, using the machine learning algorithm, whether the user action classifies as being performed by the user; and in response to determining that the machine learning algorithm classifies the user action as being performed by the user, modifying the user action to mask an identity of the user.

Abstract: Disclosed herein are systems and methods for protecting user data. In one aspect, an exemplary method comprises, by a hardware processor, detecting one or more user files, created by a user, that are on a user device; generating user transactional data associated with one or more detected network-based interactions with a service provider by the user, and user behavior data based on one or more user interactions with a graphical user interface of the user device by the user; generating a user classification using a machine learning model that classifies the user based on the one or more user files, the user transactional data, and the user behavior data; and when the user is identifiable based on the user classification, modifying at least one of the one or more user files stored on the user device and user behavior of the user during an operation of the user device.

Abstract: Disclosed herein are systems and method for de-duplicating blocks of data. In one aspect, an exemplary method comprises for each previously de-duplicated block of data of a de-duplication engine, storing de-duplicated pages references by hashes and a block descriptor. The method comprises receiving, at the de-duplication engine, a new block of data for de-duplication assessment and determining a similarity of the received block to the previously de-duplicated blocks. When the received block is determined as being similar to the previously de-duplicated blocks, the method comprises storing the received block without duplication in the de-duplication engine, including pages of the block referenced by the hashes and the block descriptor.

Abstract: Disclosed herein are systems and method for building content for a de-duplication engine. In one aspect, an exemplary method comprises periodically receiving instructions for cycling through a coalescing phase and a sedimentation phase of the de-duplication engine, during a first coalescing phase, selecting a set of seed blocks that are similar to each other, when an instruction for proceeding to a next sedimentation phase is received, entering the sedimentation phase during which newly received blocks are processed to be stored near similar seed blocks, and when an instruction to proceed to a next coalescing phase is received, entering the coalescing phase to update the set of seed blocks.

Abstract: The subject matter of this specification can be implemented in, among other things, a method that includes storing first client information identifying a first client device, identifying a location of the first client device, and identifying a first remote access session that provides the first client device access to resources of the remote access system. The method further includes receiving access information identifying an access device and a user account associated with the first client information. The access information indicates that the user account has been successfully authenticated by the access device. The method further includes, in response to the receipt of the access information, causing the first client device to connect to the first remote access session with the remote access system as a background process of the client device while a user interface of the client device remains locked.

Abstract: Aspects of the disclosure relate to the field of detecting a behavioral anomaly in an application. In one exemplary aspect, a method may comprise retrieving and identifying at least one key metric from historical usage information for an application on a computing device. The method may comprise generating a regression model configured to predict usage behavior associated with the application and generating a statistical model configured to identify outliers in the data associated with the at least one key metric. The method may comprise receiving usage information in real-time for the application. The method may comprise predicting, using the regression model, a usage pattern for the application indicating expected values of the at least one key metric. In response to determining that the usage information does not correspond to the predicted usage pattern and does not comprise a known outlier, the method may comprise detecting the behavioral anomaly.

Abstract: Disclosed herein are systems and method for backing up data in a clustered environment. A clustered resource to be backed up is selected, wherein the clustered resource is stored on a common storage system and operated on by a cluster-aware application executing on two or more nodes of a computing cluster. A first backup agent executing on a first node of the computing cluster may determine a list of changes to the clustered resource and may receive at least one list of changes to the clustered resource that are tracked by peer backup agents executing on other nodes of the computing cluster. The first backup agent may merge the lists of changes to the clustered resource, and may generate a consistent incremental backup using data retrieved from the common storage system according to the merged lists of changes to the clustered resource.

Abstract: Disclosed herein are systems and methods for protecting user data. In one aspect, an exemplary method comprises, by a hardware processor, detecting user files created by a first user and stored on a user device, the user files containing personal information associated with the first user, generating user transactional data associated with one or more detected network-based interactions with a service provider, generating user behavior data based on one or more user interactions with a graphical user interface of the user device, applying a machine learning model to user data to generate a classification of the first user, the user data comprising the user files, the user transactional data, and the user behavior data, and when the user is identifiable based on the generated classification, modifying at least one of (i) user files stored on the user device and (ii) user behavior during an operation of the user device.

Abstract: Disclosed herein are systems and method for detecting passwords vulnerable to compromise. In one exemplary aspect, a method comprises identifying a plurality of files in at least one storage device of an organization. For each respective file in the plurality of files, in response to determining that the respective file type is in the database of vulnerable file types, the method comprises parsing text in the respective file and identifying, for the respective file, at least one demographic associated with the organization. The method further comprises retrieving dictionaries and expressions specific to the at least one demographic and determining the text in the respective file comprises a password using the retrieved dictionaries and expressions of the at least one demographic. In response to determining that the text comprises the password, the method comprises generating a security alert for an administrator of the storage device.

Abstract: Disclosed herein are systems and methods for classifying organizational structure for implementing data protection policies. In one exemplary aspect, a method may comprise retrieving a plurality of data files of an organization, wherein the plurality of data files are stored in a data storage; retrieving structural information of the organization, the structural information comprising details of user accounts, organizational roles, and file metadata within the organization; classifying the structural information into an organization type of a plurality of organization types; classifying each respective data file of the plurality of data files into a respective topic of a plurality of topics, wherein the plurality of topics are associated with the organization type; generating a data protection policy for the organization based on each respective topic of the plurality of data files and the organization type; and executing the data protection policy on the data storage.