Abstract: Disclosed herein are systems and method for providing a strategic game recommendation in a sports contest using A.I. In one exemplary aspect, a method may comprise receiving, over a period of time, images and depth information from a plurality of sensors distributed in an environment of a sports contest, and generating a unified visual representation of the sports contest. The method may comprise identifying at least one player in the unified visual representation and receiving a strategy associated with the at least one player, wherein the strategy comprises player movement information during a game event. In response to determining, based on positional data of the at least one player over the period of time, that the game event is occurring, the method may comprise generating a strategic game recommendation for the at least one player to implement the strategy and minimize encounters with game obstacles.

Abstract: A system and method is provided for detecting a suspicious process in an operating system environment. In an exemplary aspect, a method comprises generating, by a hardware processor, a file honeypot in a directory in a file system and receiving a directory enumeration request from a process executing in the operating system environment. The method comprises determining whether the process is identified in a list of trusted processes and in response to determining that the process is not in the list of trusted processes, providing, to the process by the file system, a file list including the file honeypot responsive to the directory enumeration request. The method further comprises intercepting, by a file system filter driver, a file modification request for the file honeypot from the process, and identifying the process as a suspicious object responsive to intercepting the file modification request from the process.

Abstract: Disclosed herein are systems and methods for enabling self-notarization in a data backup. In one aspects, a method may comprise generating the data backup at a computing device. The method may comprise calculating a checksum of the data backup. The method may comprise adding a self-notarization script to the data backup. The self-notarization script may be configured to automatically trigger without intervention by an external notarization system, in response to a pre-determined backup storage event, and in response to triggering, notarize and send the checksum to a distributed registry. The method may comprise sending the data backup comprising the self-notarization script to a backup storage device.

Abstract: Disclosed herein are systems and method for detecting malwares by a server of a sandbox. In one aspect, an exemplary method comprises receiving, by a deep dynamic analysis tool of the server, a sample of a process from an endpoint device with a request for a final verdict indicative of whether the process is a malware or clean based on a deep dynamic analysis, collecting events for the sample, the collected events including events collected using at least one invasive technique, analyzing the collected events using one or more detection models of the deep dynamic analysis tool to detect malwares and issue the final verdict, and sending final verdict to the endpoint device from which the sample is received.

Abstract: Disclosed are systems and methods restoring a computing system. The described method includes receiving a delta disk that was generated based on a backup of a computing device executing a protected application. The delta disk comprises one or more configurations for executing the protected application on a different device than the computing device. In response to a request to perform recovery of the computing device, a recovery virtual machine (VM) is created having a base virtual disk emulated from the backup. The recovery VM is modified by attaching the delta disk having the one or more configurations for executing the protected application. Execution of the protected application on the recovery VM is resumed.

Abstract: Disclosed herein are systems and methods for parallel malware scanning in a cloud environment. In one exemplary aspect, a method may comprise identifying a plurality of agents connected to a server, wherein each agent is configured to synchronize data between a different computing device and the server. The method may comprise receiving, from a first agent of the plurality of agents, a request to scan the synchronized data for malware. In response to determining, from the plurality of agents, at least one other agent that comprises the synchronized data, the method may comprise partitioning the synchronized data into a plurality of portions. The method may comprise assigning a first portion for scanning to the first agent and at least one other portion for scanning to the at least one other agent, and aggregating scan results from the first agent and the at least one other agent.

Abstract: A method, computer program product, computing system, and system for automated disaster recovery are described. The method may include creating, using a backup engine running at a computing device, a backup of a server at a primary computing site; storing the created backup at a storage device at a secondary computing site; monitoring, using a monitoring component, an operating status of the server at the primary computing site; in response to determining, via the monitoring component, that the server at the primary computing site is unavailable based on the operating status, initiating a disaster recovery process at the secondary computing site; and running a copy of the server from the created backup at the secondary computing site.

Abstract: Disclosed herein are systems and methods for preventing anti-forensics actions. In one exemplary aspect, a method may identify a suspicious object from a plurality of objects on a computing device and monitor actions performed by the suspicious object. The method may intercept a first command by the suspicious object to create and/or modify a digital artifact on the computing device and subsequent to intercepting the first command, intercept a second command by the suspicious object to delete at least one of the suspicious object and the digital artifact. In response to intercepting both the first command to create and/or modify the digital artifact and the second command to delete at least one of the suspicious object and the digital artifact, the method may block the second command, and may store the suspicious object and the digital artifact in a digital repository.

Abstract: Disclosed herein are systems and method for generating and storing forensics-specific metadata. In one aspect, a digital forensics module is configured to generate a backup of user data stored on a computing device in accordance with a backup schedule. The digital forensics module identifies, from a plurality of system metadata of the computing device, forensics-specific metadata of the computing device based on predetermined rules, wherein the forensics-specific metadata is utilized for detecting suspicious digital activity. The digital forensics module generates a backup of the forensics-specific metadata in accordance with the backup schedule and analyzes the forensics-specific metadata for an indication of the suspicious digital activity on the computing device. In response to detecting the suspicious digital activity based on the analysis, generates a security event indicating that the suspicious digital activity has occurred.

Abstract: A system and method is provided for performing a full data backup of user data with data protection. An example method includes generating a snapshot of the electronic data stored in memory, initiating a transfer of the electronic data to a data storage facility; detecting requests to modify a file of the electronic data, saving an initial version of the file based on the snapshot of the electronic data, continuing the transfer of the data to the data storage facility, and transferring the modified file using the initial version of the file based on the snapshot of the electronic data.

Abstract: A system and method for encrypting and publishing data using blockchain technology is provided. An exemplary method includes receiving, by one or more nodes of a distributed network that maintains a blockchain, a message requesting publication of private information within the blockchain subsequent to a specified time interval. Moreover, the method includes recording a sequence of transactions in the blockchain based on the time interval, wherein each transaction in the sequence of transactions includes a payload calculated using a first homomorphic operation; and extracting the private information from a final payload of a final transaction in the sequence of transactions from the blockchain.

Abstract: Disclosed herein are systems and methods for managing access to data objects in cloud storage. In one aspect, an exemplary method comprises storing, by a processor, a data object in a storage device of a cloud storage service for a duration of time, wherein the data object is accessible to a plurality of user accounts. The method comprises extending the duration of time for retaining the data object on the storage device to a first extended duration when a degree of access of the data object by the plurality of user accounts meets a target threshold value during the duration of time. The method further comprises extending the duration of time for retaining the data object on the storage device to a second extended duration when the degree of access does not meet the target threshold value during the duration of time.

Abstract: Systems and methods for monitoring backup performance of a computing device are described. In one aspect, the disclosure relates to automatic transparent load-balancing such that there is no or substantially no user involvement and resource usage is optimized. In one aspect, the disclosure relates to customization of backup destination by user using scripting such that backups can be distributed by a rule to different locations or it can use local for agent configuration to resolve backup performance degradation issues.

Abstract: Disclosed are system and method for verification of data transferred among several data storages. An exemplary method includes: calculating first hash-sums of the data during an initial placement in a data storage; transmitting the first hash-sums to at least one blockchain network; detecting a transfer of the data to a new data storage; calculating second hash-sums of the data after a placement of the data in the new data storage; transmitting the second hash-sums to the at least one blockchain network; comparing the first and second hash-sums of the data; and determining data immutability after the transfer of the data from the data storage to the new data storage based at least on results of the comparing.

Abstract: A system and method is provided for detecting ransomware and malicious programs.

Abstract: Disclosed herein are systems and method for determining a boot status of a failover server. In an exemplary aspect, a method may receive a failover test request for a failover server that provides disaster recovery for a production server, wherein the failover test request queries a successful boot status of the failover server. The method may determine whether a login into the failover server can be performed to execute the failover test request. In response to determining that the login cannot be performed, the method may retrieve server metrics for a failover server from a metric store and may determine a probability of the successful boot status based on both the retrieved server metrics and historic server metrics. In response to determining that the probability is greater than a threshold probability, the method may mark a recovery point of the failover server as validated.

Abstract: Disclosed herein are systems and methods for fast recovery of backup data. In one aspect, an exemplary method comprises, identifying information related to a computing device performing a backup, identifying a data center where the backup is stored based on the information, identifying patterns of movement of the computing device over a period of time, scheduling a transfer of the backup to a target data center of a plurality of data centers based on the patterns of movement, and transferring the backup to the data center using a secure reliable transport protocol in accordance with the scheduled transfer.

Abstract: Methods and systems are disclosed herein for detecting malicious software executing on a plurality of computing devices. In an exemplary aspect, a method comprises collecting, from a plurality of agents executing on a respective computing device, analysis data corresponding to executables on the respective computing device, determining a suspicious activity pattern based on the received analysis data, determining that at least one executable on a computing device is malware based on the determined suspicious activity pattern, generating a plurality of remedial actions for protecting respective computing devices of the plurality of agents based on the suspicious activity pattern, and distributing, to the plurality of agents, the plurality of remedial actions to protect the respective computing device from the malware.

Abstract: Systems and methods for migrating and/or replicating computer systems are disclosed. Computer systems may be migrated and/or replicated from physical systems or virtual systems to physical or virtual systems. Migrating/replicating computer systems comprises determining the structure of the source computer system, generating instructions for migrating/replicating the structure of the computer system, and packaging the instructions in an executable package. The instructions may be formatted as a template, such as an OVF template, and be packaged with an executable agent and task list. The executable agent may be received and executed by a destination computer system. Executing the executable package may cause the instructions to be executed, as well as the optional agent, there configuring the destination computer system, possibly copying data present on the source computer system, and possibly rebooting the destination computer system.

Abstract: A method, computer program product, computing system, and system for increasing speed during synchronization or restore are described. The method may include acquiring list of items to be synchronized or restored. The method may further include defining a set of storage sources available to a client computer. The method may also include mounting the available storage sources to the client computer. The method may additionally include determining a storage intersection of items in the list based on the items being available in more than one mounted storage device. Moreover, the method may include, in response to determining a set of items that has a storage intersection, synchronizing or restoring the items based on at least one of a speed of download and a network latency.