Abstract: An information handling system (IHS) smart network interface controller (SmartNIC) or storage device having a ransomware protection (engine) that paves an IHS by creating a secure snapshot of a boot device of the IHS, creating a read and writable snapshot from the secure snapshot, and exposing the read and writable snapshot of the secure snapshot to the IHS, through a unified extensible firmware interface (UEFI) or basic input/output system (BIOS) of the IHS, as a primary boot device. The ransomware protection (engine) may also repave the IHS by recreating the boot read and writable snapshot upon a reboot of the IHS, in response to receipt of a repave command (through a management interface of the SmartNIC, restoring the primary boot device to a known good state captured by the secure snapshot.

Abstract: A ransomware protection smart network interface controller (SmartNIC) is configured to create a secure snapshot of a boot device of an information handling system (IHS), create a secure alternate boot device on each boot of the IHS, and export the boot device and the secure alternate boot device to the IHS. The IHS is configured to set a boot order of the IHS, with the secure alternate boot device immediately after the boot device in the boot order. The ransomware protection SmartNIC may also be configured to create a read and writeable snapshot from the secure snapshot of the IHS boot device, and may delete, on each subsequent boot of the IHS, the read and writeable snapshot for the prior boot, and create a new read and writeable snapshot from a secure snapshot of the IHS boot device from the subsequent boot of the IHS.

Abstract: An information handling system ransomware protection device has a ransomware protection engine that implements secure snapshot policies in a domain of a storage device by taking a secure snapshot of a data object, by creating a point in time image of a storage object and retaining the point in time image of the storage object until a retention timer has expired. The ransomware protection engine also implements snapshot virtualization in the domain of the storage device by mapping the secure snapshot, and may implement vault semantics and operational controls to data in the domain of the storage device as management functions of the secure snapshot. The ransomware protection device may be, or include, an application specific integrated circuit that includes the ransomware protection engine and is coupled to, or in, the storage device, or a memory controller of the storage device may include the ransomware protection engine.

Abstract: A ransomware protection smart network interface controller (SmartNIC) is configured to implement data protection in a domain of the SmartNIC by taking a secure snapshot, a point in time image of a storage object, and retaining the point in time image of the storage object until a retention timer has expired, and implementing vault semantics and operational controls. The ransomware protection SmartNIC is also configured to implement ransomware detection in the domain of the SmartNIC by implementing inline ransomware attack detection and/or near-line ransomware attack detection, using periodic snapshots, by evaluating probability of a ransomware attack based, at least in part, on a delta change set in consecutive snapshots. The ransomware protection SmartNIC is further configured to implement ransomware protection policies in the domain of the SmartNIC by implementing policies of when the secure snapshots are taken.

Abstract: A method, computer program product, and computing system for receiving a plurality of lock sequences associated with a plurality of objects of the computing device. A plurality of matrices may be generated for each lock sequence of the plurality of lock sequences, thus defining a plurality of lock sequence matrix towers. The plurality of lock sequence matrix towers may be combined, thus defining a combined lock sequence matrix tower. One or more lock sequence conflicts may be identified within the plurality of lock sequences based upon, at least in part, the combined lock sequence matrix tower.

Abstract: A method, computer program product, and computing system for receiving a plurality of lock sequences associated with a plurality of objects of the computing device. A plurality of matrices may be generated for each lock sequence of the plurality of lock sequences, thus defining a plurality of lock sequence matrix towers. The plurality of lock sequence matrix towers may be combined, thus defining a combined lock sequence matrix tower. One or more lock sequence conflicts may be identified within the plurality of lock sequences based upon, at least in part, the combined lock sequence matrix tower.

Abstract: A technique for logging events in a data storage system involves designating one subset of storage processors of the data storage system as clients that generate log entries and another subset of the storage processors as servers that receive log entries. Only one server is active at a time. The active server receives the generated log entries from the clients and persists the log entries to a centralized log store. Clients assign first timestamps to the log entries based on locally accessible clocks. The active server receives the log entries, including the first timestamps, from the clients and applies second timestamps based on a clock accessible to the server. As the second timestamps are consistent across the different clients, the second timestamps can be applied to correct misalignments in time among the log entries received from the clients.