Cyber Threats
Importance of Scanning Files on Uploader Applications
Delve into the crucial practise of file scanning within uploader applications, and learn defensive measures to safeguards against malicious threats like malware.
In the digital age, the ability to upload files is a common feature in many applications, as it allows users to share and store various types of content. With this convenience, however, comes the risk of security threats, such as malware and malicious files. To mitigate these risks, it is crucial to scan files before processing or saving them.
It is inevitable that we upload documents to public or internal organisational applications. Countless files are uploaded to multiple types of applications every day across functionalities, from car and health insurance to finance, homestead requests, job applications, and more. This results in a massive number of files collectively being uploaded to cloud and hybrid cloud systems. However, even if your applications are optimally configured for security and privacy, how can you be sure that you’re protecting the files that you receive?
The Open Worldwide Application Security Project (OWASP) and many compliance frameworks—including the National Institute of Standards and Technology (NIST), Health Insurance Portability and Accountability Act (HIPAA), and General Data Protection Regulation (GDPR)—emphasise the importance of data protection and security measures. Implementing malware scanning at the point of upload demonstrates a commitment to security controls, which can help organisations remain compliant and, subsequently, avoid penalties or legal repercussions. A resource to consider in this regard is the OWASP file upload “cheat sheet,” which functions as a guide to making your applications more secure.
Why scan files on uploader applications?
By implementing security layers throughout your applications’ architecture, you are helping to decrease the risk of attackers utilising those weak spots for future cyberattacks.
File scanning using a software development kit (SDK) implemented into your applications is one strategy to ensure that every file uploaded to your applications—public-facing or not—is scanned against threats. Solutions such as Trend Vision One™ – File Security help to minimise any potential infection, malware, botnet, ransomware, exploit, or data breach that could start with a simple file upload.
Many industries and regions have their own specific data security compliance requirements. Scanning files on a user’s uploader application of choice helps to ensure the application used complies with these regulations, reducing the risk of potential legal issues. In addition, implementing file scanning measures demonstrates your commitment to cybersecurity, building trust and confidence amongst your users. It shows that you take their data security and privacy seriously, which helps to enhance the user experience.
Example architecture
As shown in the example above, File Security SDK supports multiple programming languages, enabling simplicity and flexibility for the customer when integrating. This includes integration with a cloud storage system such as Amazon simple storage service (Amazon S3), Microsoft Azure Blob Storage, or Google Cloud Storage™ service.
In many cases like these, after the application receives the file, it is then stored for the next step of the application workflow. As part of this integration, any uploaded file can be scanned and tagged as malicious if malware is found. This demonstrates the flexible capability of File Security to help protect files anywhere in your application workflow where users upload files.
Other available SDKs include:
In addition, consider consulting this guide to deploying File Security with the command line interface (CLI).
Additional use cases via File Security SDK usage
Hybrid application
A hybrid application running in an on-premise environment with files that contain personally identifiable information (PII) and HIPAA information, which are highly regulated, needs to scan for malware before encrypting the file and uploading it to cloud storage. In this architecture, we have an Amazon S3 bucket that stores the files and the AWS Lambda application processes additional steps as part of the application workflow. In this case, the customer can implement File Security SDK inside the on-premise application to scan files before they are encrypted.
Cloud storage (Amazon FSx)
An organisation that uploads a massive number of files to Amazon FSx needs to scan for malware weekly for internal compliance purposes. In this case, the customer can use File Security SDK on Amazon Elastic Compute Cloud (Amazon EC2) to connect with Amazon FSx and scan the stored files for malware. The results would be pushed to the Amazon Simple Notification Service (Amazon SNS) to notify the development, security, and operations team for cloud security automation.
How to start using File Security
Sign up for a free 30-day trial to get started on the Trend Vision One platform. Once you’re able to access the platform, set up File Security which you can access and deploy by following the steps below.
Get ready to deploy File Security
Before you begin, ensure your administrator has completed the following:
- Created a custom role with File Security scanner permissions (see our User roles resource for more information)
- Created an application programming interface (API) key and assigned it to the custom role (see our API keys resource for details)
Deploy the SDK
Trend Micro provides scanner SDKs for various programming languages. The instructions for installing and authenticating the SDK vary depending on the programming language you select. We host these SDKs on GitHub.
To access an SDK, please visit the appropriate repository:
Start scanning files
Follow the instructions for scanning files, including code examples, on the corresponding repository listed above.
Review detections
Once you start scanning files, you can review malware detections within File Security. Based on the scan results, you may prefer to automatically send notifications and quarantine or promote files.
Conclusion
Scanning files before processing or saving them is a critical step in ensuring the security of your uploader application. By implementing file scanning measures and following best practises, you can protect your application and its users from security threats and build trust and confidence with your customers.
Learn more about File Security via the resources below: