Protecting data against malware attacks using cyber vault and automated airgap control

What is claimed is: 1 . A computer-implemented method of preventing malware attacks in a data protection system, comprising: providing an air gap between a data center and a vault, the data center having a production site generating and storing datasets to be backed up, and the vault having protection storage for isolated storage of a backup dataset; analyzing, in an analyzer component of the vault, the backup dataset to detect bad data; closing, upon detection of bad data, the air gap by the vault; issuing an alert signal from the vault to the data center to implement heightened security measures; and implementing, in the data center, heightened security measures to protect data in the production site from further damage or destruction. 2 . The method of claim 1 wherein the heightened security measures are organized into a series of hierarchical security levels (HSL) as classified into a classification ranging from a highest level of security imposing most stringent I/O restrictions to a lowest level of security imposing least stringent I/O restrictions. 3 . The method of claim 2 further comprising determining, in the vault, an initial HSL level for transmission to the data center in the alert signal. 4 . The method of claim 3 wherein the data center monitors its own internal condition and maintains, elevates, or lowers the initial HSL level from the vault to a different HSL level based on one of: the monitoring, or a subsequent HLS level signal from the vault. 5 . The method of claim 3 wherein the heightened security measures absolutely or conditionally suspend certain input/output (I/O) operations in the data center for an indefinite or temporary period of time. 6 . The method of claim 5 further comprising: implementing a first HSL level of security measures based on the classification; and determining whether or not the first HSL level of security measures is satisfied, and if so, implementing a next lower HSL level of security measures in the hierarchy. 7 . The method of claim 4 further comprising: providing an HSL sender component in the vault transmitting the alert signal; providing an HSL receiver component in the data center for receiving the transmitted alert signal; and providing a health monitor component coupled to the HSL receiver to monitor operations and the internal conditions in the data center. 8 . The method of claim 7 wherein the HSL receiver and the health monitor component are always on and become active only upon receiving the control signal from the HSL sender. 9 . The method of claim 1 further comprising transmitting a user alert signal to a user upon detection of malware by the vault. 10 . A computer-implemented method of preventing malware attacks in a data protection system having a production site generating backup datasets and a vault storing the backup datasets in vault storage isolated from the production site through an air gap, the method comprising: analyzing, in the vault, backed up data to detect a malware attack causing bad data; formulating, in the vault upon detection of the malware attack, a heighted security level (HSL) signal for transmission to the production site; closing, by the vault, the air gap for transmission of the HSL signal, wherein the production site is configured to continuously listen for control signals from the vault; and initiating, in the production center, one or more actions corresponding to the HSL signal to protect data in the production site from damage from the malware attack. 11 . The method of claim 10 further comprising: monitoring, in the production site, operations and internal conditions of data in the production site; and modifying an action of the one or more actions based on at least one of the operations and internal conditions, or a subsequent HSL signal from the vault. 12 . The method of claim 11 wherein the actions are organized into a series of hierarchical security levels as classified into a classification ranging from a highest level of security imposing most stringent I/O restrictions to a lowest level of security imposing least stringent I/O restrictions. 13 . The method of claim 12 wherein the heightened security measures absolutely or conditionally suspend certain input/output (I/O) operations in the data center for an indefinite or temporary period of time. 14 . The method of claim 13 further comprising: implementing a first HSL level of security measures based on the classification; and determining whether or not the first HSL level of security measures is satisfied, and if so, implementing a next lower HSL level of security measures in the hierarchy. 15 . The method of claim 10 wherein the analyzing step comprises comparing known malware patterns to the backed up data. 16 . The method of claim 15 further comprising transmitting a user alert signal to a user upon detection of malware by the vault. 17 . A computer-implemented method of preventing a malware attack in a data protection system, comprising: providing a cyber recovery vault configured to store data backed up for a production site for long-term retention and disaster recovery; coupling the vault to a data center comprising the production site through an automated air gap controlled by the vault for transmission of control signals; and triggering from the vault, the air gap to close for a short time period upon detection of a malware and transmitting the control signals to trigger a heightened security level (HSL) action within the data center, and wherein the data center is configured to listen for the control signals and the HSL action is configured to prevent further damage to data from the malware. 18 . The method of claim 17 further comprising: providing an HSL sender component in the vault transmitting the control signals; providing an HSL receiver component in the data center for receiving the transmitted control signals; and providing a health monitor component coupled to the HSL receiver to monitor operations in the data center. 19 . The method of claim 18 wherein the HSL receiver and the health monitor component are always on and become active only upon receiving the a control signal from the HSL sender. 20 . The method of claim 17 wherein HSL action is one of a set of HSL measures that are organized into a series of hierarchical security levels (HSL) ranging from a highest level of security imposing most stringent I/O restrictions to a lowest level of security imposing least stringent I/O restrictions.