公开(公告)号：US20210026982A1

公开(公告)日：2021-01-28

申请号：US16914020

申请日：2020-06-26

Applicant: Commvault Systems, Inc.

Inventor： Arun Prasad Amarendran ,  Chirag Anand ,  Tirthankar Chatterjee ,  Tanmay Garg ,  Virakti Jain ,  Bhavyan Bharatkumar Mehta ,  Anh Hoang Nguyen ,  Karthikeyan Shanmugasundaram ,  Chandan Singh ,  Prosenjit Sinha ,  Praveen Veeramachaneni

IPC: G06F21/62 ,  G06F16/11 ,  G06N20/00

Abstract: A content analysis system of an information management system can analyze data for one or more data governance tasks. The content analysis system can reduce the overhead on the information management system when identifying sensitive data by analyzing a portion of the data in the file without analyzing the entirety of the file. The content analysis system may reduce overhead by analyzing a portion of files that include structured data. If the portion of the file that includes structured data does not include sensitive data, it is often the case that the entire file excludes sensitive data. Thus, overhead can be reduced by analyzing the portion of the file instead of the entire file. Further, the content analysis system can modify an information management job based on the determination of the inclusion of sensitive data to comply with data protection and privacy rules.

公开(公告)号：US12292974B2

公开(公告)日：2025-05-06

申请号：US17975409

申请日：2022-10-27

Applicant: Commvault Systems, Inc.

Inventor： Jitin Jindal ,  Arun Prasad Amarendran ,  Chandan Singh ,  Gopikannan Venugopalsamy ,  Yongtao Liu

IPC: G06F21/56

Abstract: Backup data is leveraged to determine whether primary data has been encrypted by malware. The disclosed approach does not rely on recognizing particular malware instances or malware provenance, and thus can be applied to any body of data. Even a novel and previously unknown malware attack can be detected in this way. An illustrative data storage management system analyzes secondary copies it created over time, applies a multi-factor analysis to data recovered from the secondary copies and, based on the analysis, infers whether the primary data from which the secondary copies were created may be encrypted. The present approach uses successive versions of backup copies to find indicia of malware encryption, rather than trying to trace or identify the malware itself. Indicia of entropy correlate highly with encryption, such as encryption performed by malware attacks. Conversely, indicia of similarity correlate highly with lack of encryption of successive versions of documents.