公开(公告)号：US20200250305A1

公开(公告)日：2020-08-06

申请号：US16263297

申请日：2019-01-31

Applicant: Rubrik, Inc.

Inventor： Shanthi Kiran Pendyala ,  Di Wu ,  Matthew Edward Noe

IPC: G06F21/55 ,  G06F16/174 ,  G06N20/20 ,  G06F16/17 ,  G06F9/448

Abstract: Some examples relate generally to managing and storing data, and more specifically to the real-time detection of ransomware, system (or insider) threats, or the misappropriation of credentials by using file system audit events.

公开(公告)号：US20200250062A1

公开(公告)日：2020-08-06

申请号：US16264264

申请日：2019-01-31

Applicant: Rubrik, Inc.

Inventor： Gurjeet S. Arora ,  Karan Jayesh Bavishi ,  Daniel Talamas Cano ,  John Louie ,  Chetas Joshi ,  Matthew Edward Noe

IPC: G06F11/32 ,  G06F11/30 ,  G06F11/34

Abstract: Various embodiments provide for alert generation based on alert dependency. For some embodiments, the alert dependency checking facilitates alert noise reduction. Various embodiments described herein dynamically find or discover alert dependencies based on one or more alerts currently active, one or more active alerts generated in the past, or some combination of both. Various embodiments described herein provide alert monitoring that adapts based on an alert state of a machine. Various embodiments described herein generate a health score for a machine based on an alert state of the machine. Various embodiments described herein provide a tool for managing definitions of one or more alerts that can be identified as an active alert for a machine.

公开(公告)号：US20190384928A1

公开(公告)日：2019-12-19

申请号：US16392908

申请日：2019-04-24

Applicant: Rubrik, Inc.

Inventor： Matthew Edward Noe ,  Seungyeop Han ,  Arohi Kumar

IPC: G06F21/62 ,  H04L29/06

Abstract: A data management and storage (DMS) duster of peer DMS nodes manages resources of a multi-tenant environment. The DMS cluster provides an authorization framework that provides user access which is scoped to the resources within a tenant organization and the privileges of the user within the organization. To authorize an action on a resource by a user, the DMS cluster determines determine user authorizations associated with the user defining privileges of the user on the resources of the multi-tenant environment, and organization authorizations associated defining resources of the multi-tenant environment that belong to the organization. The DMS cluster authorizes the action when the user authorizations and organizations authorized indicate that the action on the resource is authorized.

公开(公告)号：US20230409713A1

公开(公告)日：2023-12-21

申请号：US18458466

申请日：2023-08-30

Applicant: Rubrik, Inc.

Inventor： Oscar Chen ,  Di Wu ,  Benjamin Reisner ,  Matthew Edward Noe

IPC: G06F21/56 ,  G06F11/14 ,  G06F16/11 ,  G06F16/951

CPC classification number: G06F21/565 ,  G06F11/1458 ,  G06F16/128 ,  G06F16/951 ,  G06F2201/84 ,  G06F2221/034

Abstract: Described herein is a system that detects ransomware infection in filesystems. The system detects ransomware infection by using backup data of machines. The system detects ransomware infection in two stages. In the first stage, the system analyzes a filesystem's behavior. The filesystem's behavior can be obtained by loading the backup data and crawling the filesystem to create a filesystem metadata including information about file operations during a time interval. The filesystem determines a pattern of the file operations and compares the pattern to a normal patter to analyze the filesystem's behavior. If the filesystem's behavior is abnormal, the system proceeds to the second stage to analyze the content of the files to look for signs of encryption in the filesystem. The system combines the analysis of both stages to determine whether the filesystem is infected by ransomware.

公开(公告)号：US11783036B2

公开(公告)日：2023-10-10

申请号：US17370203

申请日：2021-07-08

Applicant: Rubrik, Inc.

Inventor： Oscar Chen ,  Di Wu ,  Benjamin Reisner ,  Matthew Edward Noe

IPC: G06F21/56 ,  G06F16/951 ,  G06F11/14 ,  G06F16/11

CPC classification number: G06F21/565 ,  G06F11/1458 ,  G06F16/128 ,  G06F16/951 ,  G06F2201/84 ,  G06F2221/034

Abstract: Described herein is a system that detects ransomware infection in filesystems. The system detects ransomware infection by using backup data of machines. The system detects ransomware infection in two stages. In the first stage, the system analyzes a filesystem's behavior. The filesystem's behavior can be obtained by loading the backup data and crawling the filesystem to create a filesystem metadata including information about file operations during a time interval. The filesystem determines a pattern of the file operations and compares the pattern to a normal patter to analyze the filesystem's behavior. If the filesystem's behavior is abnormal, the system proceeds to the second stage to analyze the content of the files to look for signs of encryption in the filesystem. The system combines the analysis of both stages to determine whether the filesystem is infected by ransomware.

公开(公告)号：US11599629B2

公开(公告)日：2023-03-07

申请号：US16263319

申请日：2019-01-31

Applicant: Rubrik, Inc.

Inventor： Shanthi Kiran Pendyala ,  Di Wu ,  Matthew Edward Noe

IPC: G08B23/00 ,  G06F12/16 ,  G06F12/14 ,  G06F11/00 ,  G06F21/55 ,  G06F16/17 ,  G06F21/56 ,  G06F9/448 ,  G06F16/174

Abstract: Some examples relate generally to managing and storing data, and more specifically to the real-time detection of ransomware, system (or insider) threats, or the misappropriation of credentials by using file system audit events.

公开(公告)号：US11550901B2

公开(公告)日：2023-01-10

申请号：US16263338

申请日：2019-01-31

Applicant: Rubrik, Inc.

Inventor： Shanthi Kiran Pendyala ,  Di Wu ,  Matthew Edward Noe

IPC: G06F21/55

Abstract: A process for detecting a threat for a file system is described. Audit events in the file system may be accessed, which may include unique file operations and duplicative file operations. The audit events may be de-duplicated to remove the duplicative file operations. Time series data may be generated that includes the unique file operations but not the duplicative file operations, and the time series data may be analyzed to determine whether a subset of the unique file operations includes file-access instructions. An observed pattern of the file-access instructions may be compared to a normal pattern of file-access instructions to determine whether the observed file-access instructions are abnormal. If the observed file-access instructions are abnormal, an alert may be generated.

公开(公告)号：US11010487B2

公开(公告)日：2021-05-18

申请号：US16453274

申请日：2019-06-26

Applicant: Rubrik, Inc.

Inventor： Matthew Edward Noe ,  Seungyeop Han ,  Arohi Kumar

IPC: G06F21/62 ,  H04L29/06

Abstract: A data management and storage (DMS) cluster of peer DMS nodes manages resources of a multi-tenant environment. The DMS cluster provides an authorization framework that provides user access which is scoped to the resources within a tenant organization and the privileges of the user within the organization. To authorize an action on a resource by a user, the DMS cluster determines determine user authorizations associated with the user defining privileges of the user on the resources of the multi-tenant environment, and organization authorizations associated defining resources of the multi-tenant environment that belong to the organization. The DMS cluster authorizes the action when the user authorizations and organizations authorized indicate that the action on the resource is authorized.

公开(公告)号：US10979281B2

公开(公告)日：2021-04-13

申请号：US16264369

申请日：2019-01-31

Applicant: Rubrik, Inc.

Inventor： Gurjeet S. Arora ,  Karan Jayesh Bavishi ,  Daniel Talamas Cano ,  John Louie ,  Chetas Joshi ,  Matthew Edward Noe

IPC: H04L12/24

Abstract: Various embodiments provide for alert generation based on alert dependency. For some embodiments, the alert dependency checking facilitates alert noise reduction. Various embodiments described herein dynamically find or discover alert dependencies based on one or more alerts currently active, one or more active alerts generated in the past, or some combination of both. Various embodiments described herein provide alert monitoring that adapts based on an alert state of a machine. Various embodiments described herein generate a health score for a machine based on an alert state of the machine. Various embodiments described herein provide a tool for managing definitions of one or more alerts that can be identified as an active alert for a machine.

公开(公告)号：US10887158B2

公开(公告)日：2021-01-05

申请号：US16264224

申请日：2019-01-31

Applicant: Rubrik, Inc.

Inventor： Gurjeet S. Arora ,  Karan Jayesh Bavishi ,  Daniel Talamas Cano ,  John Louie ,  Chetas Joshi ,  Matthew Edward Noe

IPC: G06F15/16 ,  H04L12/24 ,  G06F9/455

Abstract: Various embodiments provide for alert generation based on alert dependency. For some embodiments, the alert dependency checking facilitates alert noise reduction. Various embodiments described herein dynamically find or discover alert dependencies based on one or more alerts currently active, one or more active alerts generated in the past, or some combination of both. Various embodiments described herein provide alert monitoring that adapts based on an alert state of a machine. Various embodiments described herein generate a health score for a machine based on an alert state of the machine. Various embodiments described herein provide a tool for managing definitions of one or more alerts that can be identified as an active alert for a machine.