| CPC G06F 21/554 (2013.01) [G06F 16/219 (2019.01); G06F 21/6218 (2013.01); G06F 2221/034 (2013.01)] | 16 Claims |
|
1. A method comprising:
detecting, by a data protection system, one or more delete requests to delete one or more recovery datasets of a storage system;
determining, by the data protection system, that the one or more delete requests are inconsistent with a recovery dataset deletion pattern associated with the storage system;
determining, by the data protection system and based on the determining that the one or more delete requests are inconsistent with the recovery dataset deletion pattern, that data stored by the storage system is possibly being targeted by a security threat;
performing, by the data protection system in response to the determining that the data stored by the storage system is possibly being targeted by the security threat, a remedial action with respect to the storage system, the performing the remedial action comprising:
identifying one or more recovery datasets being retained based on the recovery dataset deletion pattern, and
converting at least one of the one or more recovery datasets being retained into a provisional protection recovery dataset that has an increased protection level as compared to the one or more recovery datasets being retained;
determining, by the data protection system, that one or more additional delete requests are inconsistent with the recovery dataset deletion pattern; and
converting, by the data protection system in response to the determining that the one or more additional delete requests are inconsistent with the recovery dataset deletion pattern, the provisional protection recovery dataset into a full protection recovery dataset that has an additionally increased protection level as compared to the provisional protection recovery dataset.
|