Cloud Storage Security (CSS) is always working to improve our users’ experience and we’re excited to share the following noteworthy improvements to Antivirus for Amazon S3 (AVS3) and Data Classification for Amazon S3 (DCS3): Event-based scanning for data classification, improved scanning performance, improved archive handling and more.
Event-Based Scanning for Data Classification
Long-awaited and much-requested functionality for Data Classification for Amazon S3 is here! Users can now scan files for personally identifiable information (PII) in real time using event-based scanning.
To turn on event driven, rules-based classification of files, you can simply click the shield next to the desired bucket or use the multi-select functionality in the CSS console. From that point onward, whenever a file is uploaded to that protected bucket, it will be scanned.
If you already use Antivirus for Amazon S3 to protect your buckets from malware, you can pair AVS3 and DCS3 scanning together. One way to do this is by creating a three bucket system in which data is scanned for malware and viruses first, then classification is chained onto the clean files, and after that, only clean, non-sensitive files are promoted to a production bucket for consumption.
Improved Scanning Performance with Sophos
Throughput has substantially improved when using the Sophos scanning engine – customers now scan files three times faster than before on average! The Sophos engine's combination of speed and capacity make it a great choice for scanning large files, including those up to 5TB in size, quickly.
To choose Sophos as your scanning engine, navigate to the Scan Settings page in the CSS console and choose the “Sophos” option in the dropdown within the Scanning Engine section.
Archive Handling Enhancements
True archive file size is now evaluated before scanning can take place. This eliminates errors from occurring when the archive’s uncompressed file size is larger than the available disk capacity. If the true file size is found to be too large, the agent will either trigger the Extra Large File Scanning process, if enabled, or tag the file as unscannable - too large.
These improvements currently work with .zip, .7z, and .gz files. Contact us if there is a specific file type for which you would like functionality added.
New Console User Role: Read-Only
You can now create console users that have read-only permissions within the console. Users with this role cannot make changes to any functional aspect of the deployment, but are able to download Results, Usage and Problem Files reports.
Specify Your Own Security Groups Upon Deployment
At the request of current users, you can now use your existing security groups when deploying the console from the CloudFormation template.
API Endpoint UI Enhancements
You can now easily specify separate sets of subnets for the load balancer and scanning agent independently.