Organizations can now validate the security and compliance of their Amazon EBS and Amazon EFS volumes with in-tenant malware scanning and data classification.
October 10, 2023 – Amazon Web Services Partner Network member Cloud Storage Security (CSS) today announces data security support for Amazon Elastic Block Store (Amazon EBS) and Amazon Elastic File System (Amazon EFS). This is in addition to support for Amazon Simple Storage Service (Amazon S3) and Amazon WorkDocs. With CSS’s support for Amazon EBS and EFS, customers can now scan for malware and classify data that is used for and processed within their compute-based operations.
“As more organizations continue to fall victim to cyberattacks targeting storage in the cloud, we’re proud to extend ransomware detection and data classification functionality to Amazon EBS and Amazon EFS”, says CSS CEO Steven Hess. “Continuing our mission, we're dedicated to enhancing the security posture of organizations throughout all cloud storage platforms, AWS included.”
CSS is an AWS Public Sector Partner and AWS Marketplace seller that has an AWS qualified software offering, AWS security competency and an AWS Authority To Operate designation. The company helps customers prevent the spread of malware, classify sensitive data, and perform assessments for AWS storage services.
Amazon EBS is an easy-to-use, scalable, high-performance block-storage service designed for use with Amazon Elastic Compute Cloud (EC2). Amazon EBS volumes can be used to run relational or NoSQL databases, migrate mid-range, on-premises storage area network (SAN) workloads to the cloud, and more. Since launching over 15 years ago, Amazon EBS has transferred thousands of exabytes of data and delivered trillions of input/output operations. As of today, more than 390 million EBS volumes are created each and every day.
Amazon EFS is a serverless, fully elastic file storage system that allows users to create and configure shared file systems for AWS compute services without the need for provisioning, deploying, patching, or maintenance. Amazon EFS can be used to enhance CMS workloads, application development, and DevOps.
Solution Overview
Today, CSS subscribers can scan existing EBS and EFS volumes for malicious code or sensitive data on demand or via schedule using our retro scan model; EBS scanning supports Linux and Windows (FAT4, XFS, NTFS, exFAT. FileSystems). Scanning on demand is useful when an organization needs to baseline their data. Scanning at scheduled intervals helps meet compliance and audit requirements.
Once new users deploy, and existing users upgrade, to version 7.01.001 (or newer) of CSS’s console, all EBS and EFS volumes can be auto discovered and cataloged whether in one or multiple regions.
The EBS Volumes and EFS Volumes pages listed under Protection in the CSS console sidebar show the EBS or EFS volumes that are associated with the AWS account in which CSS has been deployed (aka the “primary” AWS Account). Antivirus and data classification scanning schedules can be created on these pages; once a schedule is created, existing volumes can be scanned on demand via “scan now” functionality. Alternatively, a schedule can be created from within the Schedules page. Following a simple-to-protect philosophy, protection can be turned on for individual volumes or by creating a schedule that includes a mixture of Amazon S3 buckets, EBS volumes and EFS volumes.
Figure 1: EBS Volumes report in CSS console
After a scan completes, results are:
-
listed in the problem files report (which can be exported) in the CSS console
-
logged in Amazon CloudWatch
-
shared via an Amazon SNS topic
Forthcoming enhancements to EBS and EFS scanning functionality will include event-based scanning, which allows customers to scan new data when it is written, as well as the ability to leverage API-driven scanning, which allows data to be scanned before it is written. The ability to protect multiple linked accounts from a singular CSS console is also in the works.
About Cloud Storage Security
Agencies and enterprises of all sizes turn to Cloud Storage Security (CSS) to extend data privacy, meet compliance requirements, and manage data security. Specifically, they turn to CSS to prevent the spread of malware, locate sensitive data and assess their storage environment. CSS solutions are used worldwide for applications and data lakes built on cloud storage because they fit into any workflow and data never leaves the customer’s account. Take advantage of a 30 day free trial or contact CSS for more information.