Securing your business and customers' data is more critical and difficult than ever. Not only is the amount of data growing exponentially, so is the number of locations that participate in data processing, transfer, and storage. Rather than being stored and processed in a single, monolithic data centre, data is distributed across various locations from personal computers to the cloud. Businesses also face the challenge of managing customer trust expectations and abiding by privacy regulations.
Cloud-based apps and services are now the norm. Applications based in the cloud require online storage for log files, data backup, customer file uploads, event-driven processes, and more. These stores require databases, identity services, file storage, as well as binary large object (BLOB) storage—and each type of storage has its own security vulnerabilities.
With a greater number of people and systems accessing online storage, it’s becoming harder for automated processes to check each file and manage identified risks without slowing the business workflow down. Additionally, an increase in uploads and access points leads to a greater risk of malicious files.
This article will focus on Amazon Web Services® (AWS) instances and discuss the options available to ensure your business is kept safe from malicious files.
What are Malicious Files?
Broadly defined, a malicious file is any file or software that can be harmful to the system's use.
Viruses, worms, spyware, ransomware, and other forms of malware are types of malicious apps or code that can enable bad actors to open back doors, acquire authentication for internal systems, steal data, or just generally disrupt your business. Bad actors are becoming more sophisticated with targeted attacks that use malware-infected files to gather insights into personal or sensitive information.
Malware can also slow down a system by consuming substantial compute resources. People sometimes upload files that, unbeknownst to them, can execute software such as cryptomining malware, resulting in the use of massive system resources.
Regardless of the intent, these are examples of how malicious software or actions can damage or disrupt business systems.
Ineffective File Storage Security Approaches
An increasing number of files are transmitted and programs are executed on your AWS cloud environment, and while AWS provides exceptional security, configuration, and protection for cloud infrastructure, you are responsible for what you put into the cloud as part of the shared responsibility model and a layered security approach. For example, files that contain malware and enter your downstream systems can leave your business at a greater risk. What architectures and strategies are available for your business to mitigate the problem of malicious files?
Malicious files are either known threats or undisclosed threats. But just because a threat is known, doesn't mean it’s harmless. It simply means that we know about it and protection to stop it exists.
Undisclosed vulnerabilities are weaknesses in software known only to a few people, usually security researchers, security vendors, and software vendors. Some solutions that scan for malicious files in storage services require ongoing maintenance to keep up with the latest attacks. In addition, many of these solutions were developed for specific purposes and systems environments; they lack the flexibility to provide a solution that grows with your business and new threat vectors.
Ultimately, these solutions create extra work for you, such as monitoring software, performing updates, and keeping up to the latest threats.
A more sustainable solution means choosing a trusted solution partner with the knowledge and expertise to stay on top of emerging cybersecurity issues, including the latest malware, and handle updates in the background for you. Trend Micro offers threat prevention services through its Digital Vaccine® threat intelligence service. Digital Vaccine (DV) preemptively updates your coverage, decreasing the gap between known and unknown vulnerabilities.
Organisations are collecting and storing large amounts of customer data, making data governance critical to a business reputation and trust. Customers are challenged with increasing privacy regulations such as HIPPA and ISO 27701, as well as the need to ensure that the flow of data is constant while remaining secure.
Effective File Storage Security Approaches
Evidently, patchwork efforts to piece together file storage security solutions result in more work for your team such as the added responsibility of scaling file security along with expansion of file storage, and integrating file security into ongoing development work for new automated workflows.
An effective, holistic file storage security solution adds a layer of protection to incoming files and helps downstream compliance requirements.
One mitigation strategy is to secure all systems connected to your upload file storage. For example, Amazon Elastic Compute Cloud® (Amazon EC2) instances running Microsoft® Windows® provide the ability to resize and configure your AWS infrastructures. While we don't think of these as being a source of file upload, Amazon EC2 might become infected by other activities on the Windows machine. You need to manage and continuously update and scan such instances to ensure no malicious activity is occurring that could penetrate your file storage.
Amazon® Simple Storage (Amazon S3) storage buckets are designed to interface with other AWS systems, making them potentially vulnerable to malware. One way to limit threats is to secure the storage bucket by ensuring access is limited to a few systems with the least privileges possible. While it’s tempting to configure buckets for broad access to reduce maintenance requests, it is dangerous to allow more access than necessary.
An effective strategy is to utilise Trend Micro Cloud One™ – File Storage Security, a lightweight and flexible serverless solution that provides easy cloud-deployment integration for event-triggered file-scanning with customisable post-scan actions for your Amazon S3 buckets and protection of your downstream workflows.
File Storage Security helps cloud operations and security teams reduce the risk of malware and vulnerabilities as cloud native architectures increase the use of web storage systems.
An additional key strategy is to implement a quarantine system: files are first stored in an isolated area, scanned, and then moved to the primary storage. This system can be housed within the cloud and managed using parallel scanning of storage buckets to minimise file-availability latency.
Many companies need post-scan actions, such as placing files into a quarantine bucket and deleting them appropriately. In addition, notifications can be an affective mechanism for relaying critical outcomes from file scanning results for downstream remediation or sharing outcomes to key stakeholders or customers.
Below is a list of requirements for an effective file storage security product:
- Executing scans locally in your AWS account
- Maintaining data sovereignty by keeping files from crossing in and out of external tools
- Deploying File Storage Security in your own AWS region
- Posting scan actions to allow infected files to be quarantined in separate buckets or deleted if required
- Complements Amazon Macie data privacy service that protects sensitive data
- Providing programmatical events to allow notifications at different stages of the workflow
Tools That Help Mitigation Efforts
Security is a shared responsibility between the cloud provider and your organisation. Thus, whether your journey to the cloud may be just beginning, or you are advanced in containerised infrastructure and microservices architectures, layered security is critical to reduce risk in existing gaps. Tools like Trend Micro Cloud One™ – Conformity increase protection by checking cloud architecture misconfigurations and providing remediation direction. Conformity delivers continuous security scans of Amazon S3 buckets and limits files to as few systems with the least privileges possible.
You can preemptively protect your file storage by implementing a solution that continually scans files in motion for malicious or inappropriate content. Runtime protection using Trend Micro Cloud One™ – Application Security defends against zero-day threats as well as common OWASP top 10 vulnerabilities as they try to infiltrate your runtime applications, including serverless containers and functions.
File Storage Security is a considerably more effective solution for your business because of its architecture and ease of deployment systems. It delivers a comprehensive and flexible solution that grows with your storage and digital workflows. For your developers, it provides simple deployment using AWS CloudFormation templates, integration with your CICD pipeline, and concurrent file storage scanning.
File Storage Security offers:
- Simple integration using cloud native architecture and event-driven design
- Deployment of File Storage Security functions such as scanning of storage stacks for easy management by centralised security teams
- Deployment of an all-in-one security stack using an AWS CloudFormation template
- Automated scanning with the latest threat coverage from Trend Micro Research
- Scans files of all types and sizes (including large GB files), minimising concerns of missing scans or impacted performance
- Easy consumption billing on the AWS Marketplace, as well as annual pricing options
Trend Micro is a trusted and leading security partner with AWS. Trend Micro Cloud One™ delivers a complete cloud security platform offered in the AWS Marketplace, including File Storage Security for easy integration with your existing AWS cloud architecture.
Ensuring your hosted applications and data are secure is paramount to your business. It is important to use solutions that integrate with your hosted environment out of the box. Ultimately, a combination of methods and security at all potential attack points, is the best solution.
When thinking about implementing protection, always consider the price in terms of the cost of installation, maintenance, and risk, in addition to the cost of the software. Security threats evolve daily, so it is critical to ensure that the method you choose to protect your business grows and adapts to suit these threats.
Trend Micro Cloud One is an AWS Marketplace service that seamlessly integrates with your hosted installations and protects your systems and business from malicious uploads. As data, storage and the speed of application development and deployment increases, securing your data can become more critical. Systems that safeguard all vulnerability points while continually providing the latest protection instill confidence across the organisation and its customers. To experience how Trend Micro Cloud One effectively protects your systems from malicious files, try it for free today.
If you are interested in learning more about protecting malicious files in Amazon S3 buckets, take a look at our blog: Cloud Storage Security Keeping You Up at Night?