Abstract: One method includes monitoring a ransomware risk measure, when the ransomware risk measure indicates the presence of a suspected ransomware process, determining if it is time to overwrite a snapshot stored in backup data storage, and when it is time to overwrite the snapshot, moving the snapshot from the backup data storage to a vault to free space in the backup data storage for new snapshots that continue to be taken after the presence of suspected ransomware is indicated.

Abstract: Techniques are provided for mapping storage objects to storage controllers using digital twins. One method comprises obtaining a virtual representation of a storage system that comprises storage objects and storage controllers, wherein a given storage object is mapped to a particular storage controller according to a storage object to storage controller mapping configuration; configuring the virtual representation of the storage system, for multiple iterations, based on at least one storage metric for respective storage objects, wherein each iteration corresponds to a different storage object to storage controller mapping configuration and generates a load balance score for the respective storage object to storage controller mapping configuration; selecting a given storage object to storage controller mapping configuration based on the respective load balance scores; and initiating an implementation of the selected storage object to storage controller mapping configuration in the storage system.

Abstract: Methods and systems for managing operation of endpoint devices are disclosed. The operation of the endpoint devices may be managed by deploying containers to the endpoint devices. The containers may include applications and/or other components. The applications may provide various desired services. The containers may also limit use of host endpoint devices based on activity profiles for the requestors of services provided by the applications and the services provided by the applications. The activity profiles may be used on historical information regarding similar requestors and similar services. At least some of the containers may be nested and may separately apply different sets of limits.

Abstract: Methods and systems for managing vulnerabilities presented by data processing systems are disclosed. The vulnerabilities may be managed by identifying components of the data processing systems using different processes depending on the computing resource availabilities of the data processing systems. Once identified, corresponding vulnerabilities for the components may be identified. The identified vulnerabilities may then be managed by performing various actions.

Abstract: Techniques are provided for mapping storage objects to storage controllers using digital twins. One method comprises obtaining a virtual representation of a storage system that comprises storage objects and storage controllers, wherein a given storage object is mapped to a particular storage controller according to a storage object to storage controller mapping configuration; configuring the virtual representation of the storage system, for multiple iterations, based on at least one storage metric for respective storage objects, wherein each iteration corresponds to a different storage object to storage controller mapping configuration and generates a load balance score for the respective storage object to storage controller mapping configuration; selecting a given storage object to storage controller mapping configuration based on the respective load balance scores; and initiating an implementation of the selected storage object to storage controller mapping configuration in the storage system.

Abstract: Techniques are provided for device protection against unauthorized encryption using population of available storage. One method comprises obtaining, in response to an unauthorized encryption of data associated with a processing device, an indication of an amount of available storage space in a storage device associated with the processing device; creating a file to populate the indicated amount of available storage space in the storage device; and writing the created file to the storage device. The unauthorized encryption of data may comprise a ransomware attack. The indicated amount of available storage space in the storage device may comprise an amount of available space in a file system associated with the storage device. The file system may write the created file to the storage device by populating available storage areas of the storage device.

Abstract: Techniques are provided for detection of anomalous backup files using known anomalous file fingerprints (or other file-dependent values such as hash values, signatures and/or digest values). One method comprises obtaining first file-dependent values corresponding to respective known anomalous files; obtaining a second file-dependent value for a stored backup file; comparing the second file-dependent value to the first file-dependent values; and performing an automated remedial action in response to a result of the comparing. The second file-dependent value for the stored backup file may be determined by a backup server in response to a source file corresponding to the stored backup file being backed up by the backup server, and may be stored as part of metadata associated with the stored backup file.

Abstract: Methods and systems for managing operation of endpoint devices are disclosed. The operation of the endpoint devices may be managed by deploying containers to the endpoint devices. The containers may include applications and/or other components. The applications may provide various desired services. The containers may also limit use of host endpoint devices based on activity profiles for the requestors of services provided by the applications and the services provided by the applications. The activity profiles may be used on historical information regarding similar requestors and similar services. At least some of the containers may be nested and may separately apply different sets of limits.

Abstract: Devices, systems, and methods for managing data processing systems are disclosed. The data processing systems may include hardware components that generate heat. The heat may be managed using flows of gasses. Filters may be used to screen particulates entrained in the flows of gasses. The data processing systems may include a system for managing accumulations of particulates over time. The system may refresh the filters over time by reducing the particulate accumulations on the filters.

Abstract: Methods and systems for managing operation of endpoint devices are disclosed. The operation of the endpoint devices may be managed by deploying containers to the endpoint devices. The containers may include applications and/or other components. The applications may provide various desired services. The containers may also limit use of host endpoint devices based on activity profiles for the requestors of services provided by the applications and the services provided by the applications. The activity profiles may be used on historical information regarding similar requestors and similar services.

Abstract: Methods and systems for offloading signature computations are disclosed. The signature computations may be offloaded from a storage array to a host. The host may use data processing units or graphical processing units to process the signature computations. In processing the signature computations by the host, the storage array may further process deduplication of the signatures, once they are received from the host. The host may require that the storage array support the distributed system and the deduplication procedure and meet a deduplication ratio specified by a criteria.

Abstract: Methods and systems for processing data from geographically distributed data sources are disclosed. The data may be processed by an application system that receives the data from geographically distributed data sources. Before arriving at the application system, the data may be affixed with a timestamp by a trusted local network component. The application system may reorder incoming data in a buffer based on the timestamp. Data may be then extracted from the buffer and processed based on the reordering.

Abstract: Techniques are provided for firmware protection using multi-chip storage of firmware images. One method comprises obtaining a firmware image; encrypting the firmware image; splitting the encrypted firmware image into a plurality of encrypted firmware image portions; and storing the plurality of encrypted firmware image portions on a plurality of recovery chips, wherein a threshold number of the encrypted firmware image portions from at least two different recovery chips are needed to reconstruct the firmware image. The threshold number of the encrypted firmware image portions can be obtained from the at least two different recovery chips and a validation can be applied to the obtained encrypted firmware image portions. The threshold number of encrypted firmware image portions may be obtained in response to a chip that stores the firmware image being inactive.

Abstract: Methods and systems for managing the operation of data processing systems are disclosed. The data processing systems may provide computer implemented services to any type and number of other devices and/or users of the data processing systems. To improve the likelihood of the data processing systems being able to provide the computer implemented services, a system may proactively attempt to identify and remediate attempts to limit access to data stored in the data processing systems. To do so, multiple layers of monitoring may be deployed to the data processing systems. A first deployed layer of monitoring may identify information regarding encryption types and/or characteristics of encryption being performed. A second deployed layer of monitoring may identify telemetry for storage devices on which data subject to encryption is deployed. The information collected via theses layers may be used to infer whether any encryption being performed is authorized or unauthorized.

Abstract: Methods and systems for retiring edge devices are disclosed. The edge devices may be secured through destruction of the trusted platform module. Destruction of the trusted platform module may remove access to the key used to encrypt all data on an edge device. Removal of access to the key on an edge device may render data on the edge device to be inaccessible. Data that may be inaccessible may ultimately secure the edge device from access. In securing the access to the edge device, the edge device may be retired.

Abstract: The technologies described herein are generally directed toward monitoring file sharing commands between network equipment to identify adverse conditions. According to an embodiment, a system can comprise a processor and a memory that can enable performance of operations including identifying a resource allocation communication between first network equipment and second network equipment via a network, with the resource allocation communication including a command authority and an allocation command. In an additional operation, based on the resource allocation communication, a validation source can be selected to validate the command authority for execution of the allocation command by the second network equipment. Further operations include, based on a failure to validate by the validation source, blocking execution of the allocation command by the second network equipment.

Abstract: Systems and methods are disclosed for detecting nonlegitimate communications in a hybrid cloud system. An example method comprises receiving a request from a service on a public cloud platform, calculating a unique signature for the service, and verifying the calculated unique signature against a local signature table on the public cloud platform. If the calculated unique signature is verified, then the calculated unique signature is sent to a security signature service on a private cloud platform. If the calculated unique signature is also verified against a global signature table on the private cloud platform, then a response to the request is received from the security signature service.

Abstract: Techniques are provided for access control of protected data using storage system-based multi-factor authentication. One method comprises obtaining, in a storage system, an input/output request for data; determining, by the storage system, whether a multi-factor authentication is required for the requested data; initiating, by the storage system, a multi-factor authentication of a user associated with the input/output request, in response to a result of the determining, to obtain a verification result; and processing, in the storage system, the input/output request for the data based at least in part on the verification result. The data may be marked as protected data using a manual process and/or an automated process that processes one or more smart tags associated with the data. The marking of the data as protected data may comprise marking a partition comprising the data, marking a protected folder comprising the data, and/or marking a protected file comprising the data.

Abstract: Techniques are provided for multi-cloud data protection using threshold-based file reconstruction. One method comprises obtaining a file comprising metadata and data for storage in a cloud environment; generating a plurality of encrypted file portions from the data; and uploading each of the encrypted file portions with the metadata as cloud objects to multiple different cloud environments. A threshold number of the encrypted file portions are needed from at least two different cloud environments to reconstruct the file. For file reconstruction, the threshold number of encrypted file portions can be validated, merged and decrypted.

Abstract: The technologies described herein are generally directed toward monitoring file sharing commands between network equipment to identify adverse conditions. According to an embodiment, a system can comprise a processor and a memory that can enable performance of operations including monitoring resource sharing communication between first network equipment and second network equipment via a network. In one or more embodiments, the method can additionally include based on the resource sharing communication, detecting a condition of the resource sharing communication that has a likelihood of indicating a defined adverse event that has at least a threshold likelihood. Further, the method can include, but are not limited to, in response to detecting the condition, facilitating suspending the resource sharing communication between the first network equipment and the second network equipment.