Organizations can now scan volumes for malware and sensitive data
March 25, 2024 – Cloud Storage Security (CSS) announces antivirus scanning and data classification support for Amazon FSx for OpenZFS and Lustre file systems. Amazon FSx is a feature-rich, cost-effective and high-performance set of file systems that allow users to create and configure shared file systems without the need for provisioning, patching, or backups. Amazon FSx for OpenZFS is a fully managed shared storage service built on the popular and often utilized OpenZFS file system; it can be used to seamlessly migrate workloads to AWS, run fast and efficient data analytics workloads, host content management applications, and test development changes efficiently. Amazon FSx for Lustre provides fully managed shared storage with the scalability and performance of the Lustre file system; it can be used to accelerate machine learning (ML) training, power high performance computing (HPC) workloads, unlock big data analytics workflows, and improve media workload scalability.
In addition to recently added support for Amazon FSx for NetApp ONTAP, CSS enables customers to validate the security of data in Amazon Simple Storage Service (Amazon S3), Amazon Elastic Block Store (Amazon EBS), Amazon Elastic File System (Amazon EFS), and Amazon WorkDocs.
“When we first released support for Amazon FSx NetApp ONTAP at the end of 2023, we promised that we would continue to respond to customer requests and add functionality for other FSx file systems. We continue to deliver on that promise,” says CSS CEO Steven Hess.
As an AWS Public Sector Partner and AWS Marketplace seller that has an AWS qualified software offering, AWS security competency, and an AWS Authority To Operate designation, CSS helps customers inventory data, prevent the spread of malware, classify sensitive information, and perform assessments for AWS storage services.
Solution Overview
CSS customers can now easily detect and protect volumes of Amazon FSx for OpenZFS (via console and agent v7.06.000) and Amazon FSx for Lustre (via v7.07.000) that reside in the account in which CSS is deployed (“primary” AWS account) on demand or via schedule from within the CSS console using our retro scan model. Scanning on demand is useful when conducting a baseline scan to ensure the security of existing data the day the scan is run, while scanning on a scheduled basis is useful for continuous protection and meeting regulatory requirements for periodic rescanning.
In the CSS console, all Amazon FSx volumes residing within the primary AWS account will be listed on the Protection > FSx Volumes page. Along with protection status, this page also displays information about individual volumes such as volume ID, name, location, and size.
Consistent with the design of CSS’s data security platform, the scanning of FSx volumes is performed in a simple and lightweight manner. After a scan job has been created, an EC2 instance is spun up and the target FSx volume is mounted to the instance, where it is scanned in place. The results are written to DynamoDB and the Problem Files page in the CSS console. After the scan completes, the scanning resources are torn down and destroyed to conserve costs.
Figure 1. Retro scanning for Amazon FSx Volume
To initiate scanning, click on the “Actions” button at the top right of the Protection > FSx Volumes page and choose whether you would like to create an antivirus or data classification schedule. To create the schedule, you will need to specify a schedule name, scan period, and which files to scan (all files or just new files) as well as the day and time on which the scan should run.
Figure 2. Creation of a schedule that scans Amazon FSx volume in CSS console
After creating your schedule, navigate to the Schedules page to activate it and begin scanning. You can also create a schedule directly in the Schedules page.
As with all scanning activities within the CSS console, results are:
-
listed in the CSS console in the problem files report (which can be exported)
-
logged in Amazon CloudWatch
-
shared via an Amazon SNS topic
About Cloud Storage Security
Agencies and enterprises of all sizes turn to Cloud Storage Security (CSS) to extend data privacy, meet compliance requirements, and manage data security. Specifically, they turn to CSS to prevent the spread of malware, protect sensitive data, and assess their storage environment. CSS solutions are used worldwide because they fit into any workflow without disruption and data never leaves the subscriber’s account. Take advantage of a 30 day free trial or contact CSS for more information.