Systems and methods of detecting and responding to a data attack on a file system

Assignee

• Netskope, Inc. · US

Inventors

• Sean Hittel · Calgary, CA
• Krishna Narayanaswamy · Saratoga, US
• Ravindra K. Balupari · San Jose, US
• Ravi Ithal · Los Altos, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2101
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

The technology disclosed relates to detecting a data attack on a file system stored on an independent data store. The detecting includes scanning a list to identify files of the independent data store that have been updated within a timeframe, assembling current metadata for files identified by the scanning, obtaining historical metadata of the files, determining that a malicious activity is in process by analyzing the current metadata of the files and the historical metadata to identify a pattern of changes that exceeds a predetermined change velocity. Further, the detecting includes determining that the malicious activity is in process by analyzing the current metadata of the files and known patterns of malicious metadata to identify a match between the current metadata and the known patterns of malicious metadata, determining a machine/user that initiated the malicious activity, and implementing a response mechanism that restricts file modifications by the determined machine/user.