What's New: CSS Product Updates—Q1 '24

Cloud Storage Security (CSS) is always working to improve our users’ experience and we’re excited to share the following noteworthy improvements to our antivirus and data loss prevention platform: support for Amazon FSx for OpenZFS as well as Lustre, API scanning for data loss prevention (DLP), DLP for pre-existing objects in S3 buckets, and more.

Support for Amazon FSx for OpenZFS and Lustre

Last December, when we released support for Amazon FSx for NetApp ONTAP, we promised that support for additional FSx file systems would be coming soon. We’re pleased to share that we now support virus scanning and data classification for Amazon FSx for OpenZFS and Lustre volumes.

Customers can view and scan Amazon FSx for OpenZFS and Lustre volumes that reside within the account in which the CSS console is deployed. Read the announcement for more information, including how to get started.

API Driven Scanning for Data Classification

Customers can now leverage an API agent to classify text-based documents and scan for PII and return a verdict before the file is written to Amazon S3.

To start using our API scanning model, navigate to Configuration > Classification Rule Sets in the CSS console, click the (Configure Classification) toggle and select the rule set(s) you want to use. From this point onward, any files sent to your API endpoint will be scanned and classified according to the rule sets you have selected.

Data Classification for Pre-Existing Objects in Amazon S3

Customers can now scan and classify all existing objects in an Amazon S3 bucket on demand with the click of a button. To utilize this functionality, simply select a bucket and click Scan Existing - DC through the Actions menu on the Bucket Protection page in the CSS console. 

Figure 1. Initiating data classification scan for existing objects in CSS console.

Data Classification for Pre-Existing Objects in Amazon EBS

CSS customers can now easily classify existing objects residing within Amazon EBS volumes with our scan existing functionality. To leverage this functionality, select a volume on the EBS Volumes page in the CSS console and click Scan Existing - DC to initiate a scan.

EBS and LFS Scanning Improvement

EBS scanning and large file scanning (LFS) are now performed via the new EBS on Fargate integration rather than an EC2 instance. These improvements can save CSS customers on infrastructure costs incurred while using our solution.

CSS Console Checker

During the deployment process, the CSS Management Console will now check your environment to ensure that the VPC, Subnets, CIDR range, and other parts of your infrastructure have been set properly and are compatible with the CSS deployment. These checks can greatly reduce the amount of time it takes to deploy.

Multi-Engine API Scanning

Customers can now validate the security of their data using multiple scanning engines while leveraging our API scanning model - use the default configuration you've set on the Scan Settings page in the CSS console or select specific engines.

Job Networking Improvements

Networking configuration for all jobs can now be managed centrally on the Configuration > Job Networking page within the CSS console.

Proactive Notifications for Data Consumed

Get notified when you are running low on prepaid data. The LowPrepaidData notification type can now be added and set for a multitude of intervals (50%, 25%, 0%) corresponding to the amount of prepaid data remaining. To create these notifications, navigate to Configuration > Proactive Notifications, click “Add Subscription”, and create a subscription using the LowPrepaidData notification type.

For additional information, reference our help docs or contact us with questions.