Abstract: A method, computer program product, computing system, and system for backing up a virtual machine using a snapshot with memory are described. The method may include receiving a selection of a virtual machine to be backed up, wherein the virtual machine reads from a source virtual disk. The method may further include creating a non-quiesced snapshot with memory of the virtual machine that captures a state of the virtual machine. The method may also include creating a linked clone of the virtual machine and reverting the linked clone back to the state of the virtual machine using the non-quiesced snapshot with memory. Additionally, the method may include gracefully shutting down the linked clone of the virtual machine such that the linked clone is in a consistent state. Moreover, the method may include reading data from one or more virtual disks associated with the linked clone and saving the data.

Abstract: Disclosed herein are systems and method storing data. In an exemplary aspect, a method comprises determining a threshold data size for objects in a target data system; generating a data blob that has an allocated size of at least the threshold data size, wherein the data blob comprises at least one data set; identifying a data set stored in a source data system for backup to the target data system; determining whether a size of the data set is less than the threshold data size; and responsive to determining that the size of the data set is less than the threshold data size, inserting the data set into the data blob; and writing the data blob to the target data system.

Abstract: The present disclosure provides systems and methods for optimizing lock detection in a change block tracker (CBT). A method comprises detecting changes on a disk volume and saving them to current changes, creating a volume changes and a snapshot changes collection, on a snapshot creation request, moving current changes to frozen changes, on a lock request, moving changes to the volume changes collection of the current snapshot, on another lock request, moving volume changes of current snapshot to frozen changes and deleting snapshot changes of current snapshot, when snapshot name is not the same as current snapshot, otherwise: moving the volume changes collection to the frozen changes, copying the frozen changes to the current changes, moving the snapshot changes collection to the frozen changes, and copying the snapshot changes collection to the current changes, moving all volume changes for other snapshots to current changes and allowing the client to read the frozen changes.

Abstract: Disclosed herein are systems and method for protecting an endpoint device from malware. In one aspect, an exemplary method comprises performing, by a light analysis tool of the endpoint, a light static analysis of a sample, terminating the process and notifying the user when the process is malware, performing light dynamic analysis when the process is not malware based on the light static analysis, when the process is clean based on the light dynamic analysis, enabling the process to execute, when the process is malware, terminating the process and notifying the user, and when the process is suspicious pattern, suspending the process, setting a level of trust, sending the sample to a sandbox, terminating the process and notifying the user when the process is a malware based on received final verdict, enabling the process to resume executing when the process is determined as being clean based on the final verdict.

Abstract: Disclosed herein are systems and method for correlating malware detections by endpoint devices and servers. In one aspect, an exemplary method comprises receiving, by a correlator, from one or more servers, one or more events collected without invasive techniques, one or more events collected using one or more invasive techniques, and one or more final verdicts, correlating the one or more events collected without invasive techniques with one or more events collected using the one or more invasive techniques, creating a suspicious pattern when an event of the one or more events collected without invasive techniques is correlated with an event of the one or more events collected using the one or more invasive techniques, and the event of the one or more events collected using one or more invasive techniques is used to detect a malware, and updating databases of one or more endpoint devices with created suspicious patterns.

Abstract: Disclosed herein are systems and method for detecting malwares by a server of a sandbox. In one aspect, an exemplary method comprises receiving, by a deep dynamic analysis tool of the server, a sample of a process from an endpoint device with a request for a final verdict indicative of whether the process is a malware or clean based on a deep dynamic analysis, collecting events for the sample, the collected events including events collected using at least one invasive technique, analyzing the collected events using one or more detection models of the deep dynamic analysis tool to detect malwares and issue the final verdict, and sending final verdict to the endpoint device from which the sample is received.

Abstract: A system and method is provided for geo-location-based user authentication and data access control. An exemplary method includes receiving a request from a mobile device to access a user account and user data where the request includes current geo-location data that indicates a current geographical location of the mobile device/ An authentication server then determines whether the current geo-location data is within at least one geo zone that indicates approved geographical areas where the mobile device can access the user account and data. If the current geographical location of the mobile device is determined to be within the approved geographical areas, the server will provide the mobile device with access to the requested account and data.

Abstract: Disclosed herein are systems and method for backing up data in a clustered environment. A clustered resource to be backed up is selected, wherein the clustered resource is stored on a common storage system and operated on by a cluster-aware application executing on two or more nodes of a computing cluster. A first backup agent executing on a first node of the computing cluster may determine a list of changes to the clustered resource and may receive at least one list of changes to the clustered resource that are tracked by peer backup agents executing on other nodes of the computing cluster. The first backup agent may merge the lists of changes to the clustered resource, and may generate a consistent incremental backup using data retrieved from the common storage system according to the merged lists of changes to the clustered resource.

Abstract: Disclosed herein are systems and method for malicious behavior detection in processing chains comprising identifying a chain of related processes executing on a computing device; for each respective process in the chain of related processes: monitoring events generated by the respective process; storing snapshots of data modified by any of the events; determining a level of suspicion for the respective process by applying an artificial intelligence (AI) model to the snapshots of data; determining whether the chain of related processes is trusted based on the determined levels of suspicion; and in response to determining that the chain of related processes is not trusted, restoring objects affected by the chain from the snapshots.

Abstract: A method, computer program product, computing system, and system for backing up a virtual machine by creating consistent copies of application data are described. The method may include creating a snapshot of a virtual machine running on a host system. The method may further include determining if the snapshot has a snapshot ID and creating the snapshot ID if the snapshot does not have the snapshot ID. The method may also include creating a virtual machine restoration script configured to roll back the virtual machine to a state corresponding to the snapshot based on the snapshot ID. The method may additionally include backing up the host system in a backup archive while the virtual machine continues operating.

Abstract: Disclosed herein are systems and methods for protecting user data. In one aspect, an exemplary method comprises, by a hardware processor, detecting user files created by a first user and stored on a user device, the user files containing personal information associated with the first user, generating user transactional data associated with one or more detected network-based interactions with a service provider, generating user behavior data based on one or more user interactions with a graphical user interface of the user device, applying a machine learning model to user data to generate a classification of the first user, the user data comprising the user files, the user transactional data, and the user behavior data, and when the user is identifiable based on the generated classification, modifying at least one of (i) user files stored on the user device and (ii) user behavior during an operation of the user device.

Abstract: The present disclosure generally relates to the field of wearable human interface devices. In one aspect, a human interface device may comprise at least one housing configured to be worn by a user, comprising a transmitter configured to generate a wireless signal and a sensor configured to detect the wireless signal generated by the transmitter, a processing unit, communicatively linked to the sensor and configured to analyze the wireless signal detected by the sensor and calculate the position of a portion of the user wearing the at least one housing based on the wireless signal and a control unit, configured to perform an operation based upon the position of the portion of the user wearing the at least one housing.

Abstract: Disclosed are systems, methods and computer program products for data deduplication during a backup using at least two LSM trees. An example method includes calculating, for a first data block, a first hash value associated with the first data block and determining a reduced hash value based on the first hash value. The method includes determining whether the first data block contains data duplicative of an existing data block in a prior backup based on whether the reduced hash value occurs in a first log-structured merge (LSM) tree. If so, the method includes comparing the first hash value to one or more hash values in a second LSM tree to identify a matching hash value, and writing a first segment identifier (ID) corresponding to the matching hash value in an archive, the first segment ID referencing the existing data block in a segment store.

Abstract: Disclosed are systems, methods and computer program products for controlling access to operating system (OS) resources. An exemplary method includes: creating an OS resource associated with a first program; assigning a unique label to the first program; associating the unique label with the OS resource; and configuring a resource descriptor of the OS resource to allow access to the OS resource to processes having the same unique label as the first program, and to deny access to the OS resource to processes having a different label.

Abstract: Disclosed herein are systems and methods for managing access to data objects in cloud storage. In one aspect, an exemplary method comprises, by a hardware processor, storing a first data object in a cloud storage service, wherein the first data object is uploaded by a first user, modifying a data access policy associated with the first data object to permit access by user accounts other than the first user, determining a utility ranking of the first data object based on a degree of access of the first data object using the cloud storage service, and modifying a data retention policy associated with the first data object based on the determined utility ranking.

Abstract: Disclosed herein are systems and method for method for predictive data protection. In one aspect, an exemplary method comprises selecting data stored on a computing device for backing up, according to a predetermined schedule for performing a backup; collecting features associated with the computing device where the data for the backup is stored, the features comprising device information for the computing device, user information for a user of the data, and external information associated with a locale of the computing device; analyzing the features to determine a set of backup parameters for the backup, wherein the backup parameters comprise scheduling parameters and destination storage parameters; generating a backup plan based on the set of parameters for performing the backup; and performing the backup of the data according to the backup plan.

Abstract: A method, computer program product, computing system, and system for backing up changed sectors of a virtual disk are described. A method may include determining changed file regions of the virtual disk, the changed file regions being file regions of the virtual disk that changed since a last backup. The method may further include determining changed blocks of the virtual disk, the changed blocks of the virtual disk being blocks of the virtual disk that lie, at least in part, in the changed file regions. The method may also include determining changed sectors for the changed blocks of the virtual disk based upon, at least in part, at least one of: a region offset, a block offset, sector size, and a count of sectors in an associated block. Additionally, the method may include backing up the changed sectors of the virtual disk.

Abstract: A cloud-based disaster recovery service solution is provided. The disaster recovery provides cloud-based backup services that maintain local and off-site backups that may be activated on demand for backup purposes, or for full-site disaster recovery. The cloud-based data center may be configured to perform this backup and recovery process in a secure way, while protecting individual client environments from each other, and protecting the backup and recovery operations environment from the individual client environments.

Abstract: A system and method provided for managing services and licenses using blockchain technology. An exemplary method includes storing an operator license relating to an operator node associated with a vendor, where the operator license indicates transactional authority of the operator node. Moreover, the method includes executing a transaction relating to a service and/or a license provided to client device; transmitting data relating to the operator license to a blockchain network in which a node in the blockchain network adds the data relating to the operator license as one or more blocks in an existing blockchain; and replicating the transaction to at least one additional node in the blockchain network. As a result, the existing blockchain can be used to verify the transaction authority of the operator node and the transaction between the client device and the operator node.

Abstract: A method, computer program product, computing system, and system for recovering a virtual machine while running the virtual machine from a backup archive are described. The method may include emulating the virtual machine in preparation for finalizing the recovery of the virtual machine. The method may include creating a snapshot of the emulated virtual machine to redirect changes to the emulated virtual machine to a second delta file in the production datastore. The method may include cloning an original base virtual disk, including the first delta file, to the production datastore to create a cloned base virtual disk. The method may include patching a virtual disk file descriptor of the second delta file of the emulated virtual machine. The patching operation may include replacing links to the original base virtual disk of the emulated virtual machine, including the first delta file, with links to the cloned base virtual disk.