What's New: CSS Product Updates—Q2 '24

Cloud Storage Security (CSS) is always working to improve our users’ experience and we’re excited to share the following noteworthy improvements to our antivirus and data loss prevention solutions:

Custom Classification Rules via RegEx

Effective data classification requires policies and rule sets that are written for a particular type of information. Yet, crafting regular expression (RegEx) policies is often challenging because the syntax can be complex and dense. Our new integration with Amazon Bedrock simplifies this process by leveraging the power of artificial intelligence (AI). All you need to do is enter a simple text prompt to identify patterns or text and the exact value you need for the rule will be created. 

To get started, you’ll need to enable Amazon Bedrock via the most recent CloudFormation Template. Then you can navigate to Configuration in the main menu of the CSS console and click on Classification Custom Rules. From there, click the “Create Rule” button. In the popup, enter a name and description, then click on “Create expression using Amazon Bedrock” to have the RegEx built for you.

For example, to create a RegEx rule that identifies certain credit card numbers, enter the Prompt “create a regular expression that discovers all American Express credit card numbers”. Then select Send Prompt to generate a RegEx rule that can be used. Each response is accompanied by an explanation of the RegEx. Click “save”.

Figure 1. Animated gif displaying how to use Amazon Bedrock to write regular expressions in CSS console.

If you’re a RegEx pro, custom classification rules can be created without the assistance of Bedrock—simply enter the regular expression, add a name plus description, and hit “save” to create the rule.

Figure 2. Classification custom rule creation popup in CSS console.

CSS also provides predefined classification rule sets for common sensitive data types and personally identifiable information (PII) such as social security numbers or credit card numbers. Individual rules from different sets can be bundled together to build a rule set based on specific frameworks and the data on which you need to classify.

World Threat Map & S3 Storage Map

Figure 3. World threat map in CSS console.

On the Dashboard page in the main menu of the CSS console, customers are now able to view Amazon Simple Storage Service (Amazon S3) bucket size as well as malware and classification findings by region; switch between the different views using the “Select map type” button at the top left of the chart.

When viewing the “Threats by Region” map, yellow circles indicate classification findings in that region, red circles indicate malicious code has been detected in that region, and green circles indicate that there are no findings in that region.

When viewing the “S3 Storage by Region” map, the purple circles are sized differently according to the volume of data residing in all of the buckets within that certain region.

These charts provide CSS customers with the ability to gain a consolidated view of the security posture of the data they store in Amazon S3.

Figure 4. S3 storage by region chart in CSS console.

AI-Powered Malware Forensics & Remediation Steps

Suspicious or malicious files can be cryptic, requiring additional analysis to understand what the malware does and its level of impact. Yet, using tools like Google search or VirusTotal to get that additional context can slow down an investigation, require data transfers, or increase potential for manual error.

Now, customers can “Ask Bedrock” by utilizing our integration with Amazon Bedrock to analyze found malware and obtain risk mitigation strategies in just a few seconds. No need to worry about data that’s transferred over the public internet or sent to a third party because the Bedrock instance runs in your account. Malware forensics includes, but is not limited to, information about:

• What strain of malware has been detected
• If executed, what actions that piece of malware could take
• What to do to properly remediate the threat

To access this information, the Bedrock parameter in the CloudFormation Template must be enabled. To use this new feature, navigate to the Findings page in the main menu of the CSS console, click the three dots on the right side of any finding and select “Show Amazon Bedrock Analysis”.

Security Hub Improvements

CSS customers can now have findings from linked accounts sent to AWS Security Hub, which allows them to leverage a centralized view of security findings across all of their CSS-protected accounts alongside findings from other security services.

To access these enhancements (and more) requires console version v7.10.000, agent version v7.10.000, and CFT version v7.10.000 or higher.  For additional information, reference our help docs or contact us with questions.