Abstract: Systems and methods for validating digital components comprise manufacturing a digital component for a computer network, wherein the digital component includes embedded software, creating a unique digital identity for the digital component using parameters of the embedded software, and storing the unique digital identity to a global repository. The method further comprises shipping the digital component to an end user, receiving a query at the global repository to verify an installed digital identity associated with a component being installed in an end user network, and determining whether the installed digital identity matches the unique digital identity. The digital component may be a storage system. The computer network may be a data center or an information handling system (IHS).

Abstract: A service monitors activity of a cloud storage during operation of the storage. The service may be a cloud AI service. The AI service may be trained with data labeled as ‘normal’ relative to compressibility of a storage unit of the storage during a known normal period. The service generates storage activity metrics based on the monitored activity and compares the metrics to a normal characteristic activity associated with the cloud storage. The monitored activity may comprise data reduction operations to a storage unit of the cloud storage. If metrics corresponding to monitored activity do not satisfy normal characteristic activity criteria, such as compressibility, the service may determine that the storage has been subjected to a ransomware attack and may initiate an action that protects data of the storage. Corrective actions may be initiated to block access to a suspicious endpoint or revert a storage unit to a previous version.

Abstract: Techniques for obfuscating and/or de-obfuscating data using bit-level shard masks are disclosed. Shard masks are generated. The shard masks are designed to shard a block of data into a number of shards for distribution and storage among a number of storage arrays. The shard masks shard the block of data at a bit-level granularity. The shard masks are applied to the block of data to generate the shards. The shards are then distributed among the storage arrays for storage on the storage arrays.

Abstract: The technologies described herein are generally directed toward monitoring file sharing commands between network equipment to identify adverse conditions. According to an embodiment, a system can comprise a processor and a memory that can enable performance of operations including monitoring resource sharing communication between first network equipment and second network equipment via a network. In one or more embodiments, the method can additionally include based on the resource sharing communication, detecting a condition of the resource sharing communication that has a likelihood of indicating a defined adverse event that has at least a threshold likelihood. Further, the method can include, but are not limited to, in response to detecting the condition, facilitating suspending the resource sharing communication between the first network equipment and the second network equipment.

Abstract: Systems and methods are disclosed for detecting nonlegitimate communications in a hybrid cloud system. An example method comprises receiving a request from a service on a public cloud platform, calculating a unique signature for the service, and verifying the calculated unique signature against a local signature table on the public cloud platform. If the calculated unique signature is verified, then the calculated unique signature is sent to a security signature service on a private cloud platform. If the calculated unique signature is also verified against a global signature table on the private cloud platform, then a response to the request is received from the security signature service.

Abstract: Methods, system, and non-transitory processor-readable storage medium for a location verification system are provided herein. An example method includes detecting an attempt to access a network from a computerized device located at a physical location. The location verification system determines access status based on a distance requirement between the computerized device and another computerized device.

Abstract: Data encrypted using a first device-specific key of a first host device is written to a first logical storage device of a storage system. The storage system generates a copy of the first logical storage device, and associates the copy of the first logical storage device with a second logical storage device of the storage system. Data encrypted using a second device-specific key of a second host device is written to the second logical storage device of the storage system. Responsive to a request from the second host device for particular data of the second logical storage device, the storage system determines if the particular data was encrypted using the first key or the second key, and provides the second host device with the particular data and an indication of a result of the determination.

Abstract: Methods and systems for detecting ransomware attacks on an SMB (Server Message Block) file sharing system are disclosed. A user’s request for access to the SMB file sharing system is authenticated and an SMB session for the user is initiated. During the SMB session, SMB commands issued by the user are detected and logged. The detected commands are evaluated against a profile of normal file sharing activity by this user. In case a deviation from the user’s activity profile is detected, recent SMB commands from the user are evaluated against a library of patterns of SMB commands indicative of ransomware activity. In case the recent SMB commands from the user match a ransomware command pattern, the user’s SMB session is immediately terminated, thus mitigating further damage by the ransomware.

Abstract: The technologies described herein are generally directed toward monitoring file sharing commands between network equipment to identify adverse conditions. According to an embodiment, a system can comprise a processor and a memory that can enable performance of operations including monitoring resource sharing communication between first network equipment and second network equipment via a network. In one or more embodiments, the method can additionally include based on the resource sharing communication, detecting a condition of the resource sharing communication that has a likelihood of indicating a defined adverse event that has at least a threshold likelihood. Further, the method can include, but are not limited to, in response to detecting the condition, facilitating suspending the resource sharing communication between the first network equipment and the second network equipment.

Abstract: The technologies described herein are generally directed toward monitoring file sharing commands between network equipment to identify adverse conditions. According to an embodiment, a system can comprise a processor and a memory that can enable performance of operations including identifying a resource allocation communication between first network equipment and second network equipment via a network, with the resource allocation communication including a command authority and an allocation command. In an additional operation, based on the resource allocation communication, a validation source can be selected to validate the command authority for execution of the allocation command by the second network equipment.

Abstract: Techniques are provided for device protection using a configuration lockdown mode. One method comprises receiving a configuration command from a user for a device; determining, responsive to receiving the configuration command, if the device is in a configuration lockdown mode that limits an execution of one or more configuration commands; and performing one or more automated remedial actions in response to determining that the device is in the configuration lockdown mode, such as generating a configuration lockdown alert. A configuration manager associated with the device may (i) determine if a duration of a disabling of the configuration lockdown mode violates one or more duration limits, and/or (ii) determine if the device is in the configuration lockdown mode.

Abstract: Methods and systems for managing the operation of data processing systems are disclosed. The data processing systems may provide computer implemented services to any type and number of other devices and/or users of the data processing systems. To improve the likelihood of the data processing systems being able to provide the computer implemented services, a system may proactively attempt to identify and remediate attempts to limit access to data stored in the data processing systems. To do so, multiple layers of monitoring may be deployed to the data processing systems. A first deployed layer of monitoring may identify information regarding encryption types and/or characteristics of encryption being performed. A second deployed layer of monitoring may identify telemetry for storage devices on which data subject to encryption is deployed. The information collected via theses layers may be used to infer whether any encryption being performed is authorized or unauthorized.

Abstract: Methods, system, and non-transitory processor-readable storage medium for a secure development lifecycle compliance system are provided herein. An example method includes verifying secure development lifecycle (SDL) compliance by executing an SDL system in communication with an application development pipeline. The SDL system comprises a user interface, an application development pipeline interface, and at least one SDL verification module. The method verifies successful execution of the SDL system prior to advancing from a previous stage to a subsequent stage within the application development pipeline.

Abstract: Techniques are provided for pattern-based identification of sensitive data in a storage system. One method comprises obtaining, in a storage system, one or more patterns indicating sensitive data; evaluating whether one or more files of the storage system comprise sensitive data by searching for the one or more patterns in the one or more files; and classifying, in the storage system, at least one of the one or more files as comprising sensitive data based on a result of the evaluating. In response to a file type of a file being written supporting text, an identifier of the file being written can be stored in a list of files to be evaluated, and the one or more files subject to the evaluating can be identified using the list. The evaluating may be performed in response to a load of the storage system satisfying one or more sensitive data evaluation criteria.

Abstract: Techniques are provided for detecting violations of user physical location constraints. One method comprises obtaining a constraint on a physical location of a user within a building; evaluating a network signal from a processing device of the user to identify a physical port that connects the processing device of the user to a network; obtaining a mapping of the physical port to a physical location within the building to determine the physical location of the user within the building; determining if the physical location of the user within the building violates the constraint; and initiating an automated remedial action in response to a result of the determining. The user can be identified using a device signature of the processing device of the user (e.g., based on one or more identifiers of hardware, software and/or network elements associated with the processing device).

Abstract: Data protection techniques are provided that use encryption and inserted execution code. One method comprises obtaining, by a user device, a request from a user to access data, wherein the requested data comprises (i) an environment-based signature indicating an environment where the data can be accessed and (ii) execution code that interacts with a data protection agent; in response to the request to access the data: determining whether the user device comprises a data protection agent; and providing, via the data protection agent, the requested data based on an evaluation of an environment-based signature generated by the data protection agent relative to the environment-based signature included in the requested data. The requested data may be created by a given data protection agent that generates the environment-based signature using identifiers of hardware elements, software elements and/or network elements associated with a device that executes the given data protection agent.