公开(公告)号：US20230409713A1

公开(公告)日：2023-12-21

申请号：US18458466

申请日：2023-08-30

Applicant: Rubrik, Inc.

Inventor： Oscar Chen ,  Di Wu ,  Benjamin Reisner ,  Matthew Edward Noe

IPC: G06F21/56 ,  G06F11/14 ,  G06F16/11 ,  G06F16/951

CPC classification number: G06F21/565 ,  G06F11/1458 ,  G06F16/128 ,  G06F16/951 ,  G06F2201/84 ,  G06F2221/034

Abstract: Described herein is a system that detects ransomware infection in filesystems. The system detects ransomware infection by using backup data of machines. The system detects ransomware infection in two stages. In the first stage, the system analyzes a filesystem's behavior. The filesystem's behavior can be obtained by loading the backup data and crawling the filesystem to create a filesystem metadata including information about file operations during a time interval. The filesystem determines a pattern of the file operations and compares the pattern to a normal patter to analyze the filesystem's behavior. If the filesystem's behavior is abnormal, the system proceeds to the second stage to analyze the content of the files to look for signs of encryption in the filesystem. The system combines the analysis of both stages to determine whether the filesystem is infected by ransomware.

公开(公告)号：US11783036B2

公开(公告)日：2023-10-10

申请号：US17370203

申请日：2021-07-08

Applicant: Rubrik, Inc.

Inventor： Oscar Chen ,  Di Wu ,  Benjamin Reisner ,  Matthew Edward Noe

IPC: G06F21/56 ,  G06F16/951 ,  G06F11/14 ,  G06F16/11

CPC classification number: G06F21/565 ,  G06F11/1458 ,  G06F16/128 ,  G06F16/951 ,  G06F2201/84 ,  G06F2221/034

Abstract: Described herein is a system that detects ransomware infection in filesystems. The system detects ransomware infection by using backup data of machines. The system detects ransomware infection in two stages. In the first stage, the system analyzes a filesystem's behavior. The filesystem's behavior can be obtained by loading the backup data and crawling the filesystem to create a filesystem metadata including information about file operations during a time interval. The filesystem determines a pattern of the file operations and compares the pattern to a normal patter to analyze the filesystem's behavior. If the filesystem's behavior is abnormal, the system proceeds to the second stage to analyze the content of the files to look for signs of encryption in the filesystem. The system combines the analysis of both stages to determine whether the filesystem is infected by ransomware.

公开(公告)号：US11599629B2

公开(公告)日：2023-03-07

申请号：US16263319

申请日：2019-01-31

Applicant: Rubrik, Inc.

Inventor： Shanthi Kiran Pendyala ,  Di Wu ,  Matthew Edward Noe

IPC: G08B23/00 ,  G06F12/16 ,  G06F12/14 ,  G06F11/00 ,  G06F21/55 ,  G06F16/17 ,  G06F21/56 ,  G06F9/448 ,  G06F16/174

Abstract: Some examples relate generally to managing and storing data, and more specifically to the real-time detection of ransomware, system (or insider) threats, or the misappropriation of credentials by using file system audit events.

公开(公告)号：US11593491B2

公开(公告)日：2023-02-28

申请号：US16668964

申请日：2019-10-30

Applicant: Rubrik, Inc.

Inventor： Di Wu

IPC: G06F21/00 ,  G06F21/57 ,  G06F8/65 ,  G06F16/11 ,  G06F9/455

Abstract: Systems and methods to identify a software vulnerability are described. The system receives a message identifying a software vulnerability. The system identifies snapshot images taken of a production machine and stored in a database. The snapshot images include a snapshot image including a virtual machine. The snapshot images are identified being based on the message. The system identifies whether the snapshot images include the software vulnerability. The system registers the software vulnerability in association with a snapshot image in the database responsive to the identification of the snapshot image of the virtual machine including the software vulnerability.

公开(公告)号：US11550901B2

公开(公告)日：2023-01-10

申请号：US16263338

申请日：2019-01-31

Applicant: Rubrik, Inc.

Inventor： Shanthi Kiran Pendyala ,  Di Wu ,  Matthew Edward Noe

IPC: G06F21/55

Abstract: A process for detecting a threat for a file system is described. Audit events in the file system may be accessed, which may include unique file operations and duplicative file operations. The audit events may be de-duplicated to remove the duplicative file operations. Time series data may be generated that includes the unique file operations but not the duplicative file operations, and the time series data may be analyzed to determine whether a subset of the unique file operations includes file-access instructions. An observed pattern of the file-access instructions may be compared to a normal pattern of file-access instructions to determine whether the observed file-access instructions are abnormal. If the observed file-access instructions are abnormal, an alert may be generated.

公开(公告)号：US20210406135A1

公开(公告)日：2021-12-30

申请号：US17141570

申请日：2021-01-05

Applicant: Rubrik, Inc.

Inventor： Di Wu

IPC: G06F11/14 ,  G06F9/38 ,  G06F16/901 ,  G06F17/18 ,  G06F9/455 ,  H04L12/24

Abstract: An automated system monitors network traffic to determine dependencies between different machines. These dependencies can be used to automatically develop a recovery plan for the machines, for example restoring servers in a certain order. This approach can also automatically adjust the recovery plan for changes in system configuration, for example as different servers come online or are taken offline or change their roles.

公开(公告)号：US20210133328A1

公开(公告)日：2021-05-06

申请号：US16668964

申请日：2019-10-30

Applicant: Rubrik, Inc.

Inventor： Di Wu

IPC: G06F21/57 ,  G06F8/65 ,  G06F9/455 ,  G06F16/11

Abstract: Systems and methods to identify a software vulnerability are described. The system receives a message identifying a software vulnerability. The system identifies snapshot images taken of a production machine and stored in a database. The snapshot images include a snapshot image including a virtual machine. The snapshot images are identified being based on the message. The system identifies whether the snapshot images include the software vulnerability. The system registers the software vulnerability in association with a snapshot image in the database responsive to the identification of the snapshot image of the virtual machine including the software vulnerability.

公开(公告)号：US20210034738A1

公开(公告)日：2021-02-04

申请号：US16527405

申请日：2019-07-31

Applicant: Rubrik, Inc.

Inventor： Di Wu ,  Chenyang Zhou ,  Shanthi Kiran Pendyala

IPC: G06F21/55 ,  G06F16/172 ,  G06F16/13 ,  G06F16/17

Abstract: Some examples relate generally to computer architecture software for data classification and information security and, in some more particular aspects, to verifying audit events in a tile system.

公开(公告)号：US20210034393A1

公开(公告)日：2021-02-04

申请号：US16527377

申请日：2019-07-31

Applicant: Rubrik, Inc.

Inventor： Di Wu ,  Chenyang Zhou ,  Shanthi Kiran Pendyala

IPC: G06F9/455 ,  H04L9/32 ,  G06F16/18 ,  G06F11/14

Abstract: Some examples relate generally to computer architecture software for data classification and information security and, in some more particular aspects, to verifying audit events in a file system.

公开(公告)号：US20190266016A1

公开(公告)日：2019-08-29

申请号：US16287199

申请日：2019-02-27

Applicant: Rubrik, Inc.

Inventor： Di Wu

IPC: G06F9/48 ,  G06F9/455 ,  G06N20/00 ,  G06F11/14

Abstract: A system for reducing VM stunting during backup of a set of virtual machines is provided. In some examples, a system comprises processors and a memory storing instructions that, when executed by at least one processor among the processors, cause the system to perform certain operations. Example operations may include running an analytic process to learn resource utilization patterns of a hypervisor system monitoring the set of virtual machines, determining an opportunistic window of reduced resource utilization based on the resource utilization patterns, and scheduling backup for the set of virtual machines during the opportunistic window.