US 11,657,146 B2
Compressibility metric-based detection of a ransomware threat to a storage system
Andrew Miller, Greenville, SC (US); Ronald Karr, Palo Alto, CA (US); Andrew Kutner, Quincy, IL (US); Patrick D. Lee, Los Altos, CA (US); David Huskisson, Minneapolis, MN (US); John Colgrove, Los Altos, CA (US); and Jean-Luc Degrenand, Mountain View, CA (US)
Assigned to Pure Storage, Inc., Mountain View, CA (US)
Filed by Pure Storage, Inc., Mountain View, CA (US)
Filed on Apr. 20, 2022, as Appl. No. 17/725,182.
Application 17/725,182 is a continuation of application No. 16/916,903, filed on Jun. 30, 2020, granted, now 11,341,236.
Application 16/916,903 is a continuation in part of application No. 16/711,060, filed on Dec. 11, 2019, abandoned.
Claims priority of provisional application 62/939,518, filed on Nov. 22, 2019.
Claims priority of provisional application 62/985,229, filed on Mar. 4, 2020.
Prior Publication US 2022/0245241 A1, Aug. 4, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/55 (2013.01); G06F 11/30 (2006.01); G06F 11/34 (2006.01); G06F 21/57 (2013.01); G06F 21/60 (2013.01)
CPC G06F 21/552 (2013.01) [G06F 11/3034 (2013.01); G06F 11/34 (2013.01); G06F 21/577 (2013.01); G06F 21/602 (2013.01); G06F 2201/81 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
determining, by a data protection system, a first compressibility metric associated with write traffic processed by a storage system, the first compressibility metric indicating an amount of storage space saved if the write traffic is compressed;
determining, by the data protection system, a second compressibility metric associated with read traffic processed by a storage system, the second compressibility metric indicating an amount of storage space saved if the read traffic is compressed;
determining, by the data protection system based on a comparison of the first compressibility metric with the second compressibility metric, that the write traffic is less compressible than the read traffic;
determining, by the data protection system based on the write traffic being less compressible than the read traffic, that the storage system is possibly being targeted by a security threat; and
performing, by the data protection system based on the determining that the storage system is possibly being targeted by the security threat, a remedial action with respect to the storage system.