Overview
Data Loss Prevention (DLP) for Amazon S3 and Amazon EC2 is a cloud-based in-tenant solution that leverages data classification to identify sensitive data at petabyte scale and quarantine objects / files across all S3 buckets and EC2 (EBS volumes). Knowing what PII exists and automatically protecting it enables you to proactively manage data privacy and protection as well as compliance with frameworks such as SOC 2, PCI DSS, and HIPAA.
HOW IT WORKS
We have harnessed three decades of DLP experience to give you an automated solution that:
- Deploys using an automated serverless architecture
- Provides real-time & on-demand DLP scanning
- Identifies hundreds of sensitive data types and PII
- Covers 11 regional localizations: USA, UK, France, Germany, Ireland, Spain, Australia, Canada, Japan, China, Global
- Allows you to tag and quarantine files identified as sensitive or that have PII
- Supports robust notifications & integrations - this solution integrates with third party ticketing, Slack, Microsoft Teams, Amazon Chime, SIEM, Amazon SNS, AWS Security Hub, AWS CloudTrail, AWS Control Tower, AWS Transfer Family, and more
DLP for Amazon S3 and EC2 scales automatically to efficiently scan the largest of datasets, with no file size limit. For the next 90 days we are offering this solution completely free. All we ask is that you share your product feedback with us at support@cloudstoragesec.com .
A streamlined installation via an AWS Fargate Container and deployment via an AWS CloudFormation template means you are up and running in about 15 minutes. From there, a few clicks is all it takes to initiate a DLP scan on demand or to schedule it later in the day, week, or month (scanning agents can be configured to meet a wide range of compliance requirements).
Once a scan is complete, a report of the files containing PII and sensitive data is generated, allowing you to see the type of data each file contains as well as the bucket in which it resides.
Additionally, you can identify bucket attributes such as whether it is publicly accessible or encrypted. Cross reference classification and bucket protection findings to determine whether a bucket containing sensitive data is exposed; when combined, data points such as these can be used to assess data risk and prioritize vulnerability management.
You will be alerted to findings via real-time notifications within the console or through AWS SNS. Findings can also be sent to AWS Security Hub, third party ticketing systems, SIEM solutions, Slack, Microsoft Teams, or Amazon Chime.
To further support security and performance, the solution runs in tenant, meaning your sensitive data remains in your AWS account.
EXTEND COMPLIANCE AND SECURITY WITH ADVANCED THREAT PROTECTION
In addition to data privacy and protection requirements, many compliance frameworks and regulations require organizations to implement procedures that protect against advanced threats. Specifically, by scanning for malware and PII. In line with the AWS Shared Responsibility Model, it is the responsibility of the organization using S3 and EC2 to do so.
Through our other solution Antivirus for Amazon S3 solution, Cloud Storage Security provides you with assurance that the files shared across their applications and data lakes are free from malware and risk of data breaches by scanning each item for advanced threats and PII. You can find Antivirus for Amazon S3 in AWS Marketplace at https://aws.amazon.com/marketplace/pp/prodview-q7oc4shdnpc4w .
If you would like to make a long-term purchase of this solution plus our Antivirus for Amazon S3, your organization is eligible to receive discounted pricing; contact us to learn more at support@cloudstoragesec.com .
Highlights
- To take advantage of the 30day free trial and scan up to 500GB of data at no charge.
- Identifies hundreds of sensitive data types across a variety of file types and 11 regional localizations; looks at bucket configurations
- Pinpoint Personally Identifiable Information (PII), financial data, health care information, government ID numbers and more, as well as where it resides, at scale
Details
Pricing
Dimension | Cost/GB |
|---|---|
Free Trial | $0.00 |
Monthly Subscription - includes 100 GB per month | $49.00 |
Scan 101-500 GB per month | $0.40 |
Scan 501-1500 GB per month | $0.35 |
Scan 1501-3000 GB per month | $0.30 |
Scan >=3001 GB per month | $0.25 |
Scan pre-existing objects | $0.00 |
Included GBs - used to track included GB scanning | $0.00 |
One Time Fees - used with special pricing offers | $0.00 |
Vendor refund policy
We do not currently support refunds, but you can cancel at any time.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Console Deployment and Permission Setup
- Amazon ECS
Container image
Containers are lightweight, portable execution environments that wrap server application software in a filesystem that includes everything it needs to run. Container applications run on supported container runtimes and orchestration services, such as Amazon Elastic Container Service (Amazon ECS) or Amazon Elastic Kubernetes Service (Amazon EKS). Both eliminate the need for you to install and operate your own container orchestration software by managing and scheduling containers on a scalable cluster of virtual machines.
Version release notes
Additional details
Usage instructions
Subscribing to this product will take you through the sign-up and deployment process. Deployment consists of launching a CloudFormation Template provided to you on the last configuration page of signup (also located in the Help Docs). Once Stack creation is completed, look to the Stack Outputs for the Console access URL and open that in your browser. Any additional deployment and management tasks are performed from within the Console.
For detailed steps on how to subscribe, deploy and use the product, please review: http://help.cloudstoragesec.com/getting-started/how-to-subscribe/
Support
Vendor support
If you need help during your 30-day free trial, we are happy to provide email support via support@cloudstoragesec.com . We respond to support requests via email during your 30-day free trial within 24 hours Monday through Friday. We can also provide more in-depth support via phone and web meetings for Proof of Concept (POC) engagements. If you would like more information about initiating a POC, please contact one of our experts at https://cloudstoragesec.com/contact . Cloud Storage Security also offers Premium Support and Professional Service plans for purchase in AWS Marketplace
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Customer reviews
Great product, great support
We're a small team with limited time so we needed something quick to deploy and simple to test/use. This was up and running in no time. The level of documentation and support that was provided by this team is impressive.
Up and classifying in no time
I was able to deploy and configure this tool in about 20 minutes to start testing it out. All you need to do is select your buckets, set your rules, and select the schedule you want it to run on. Really nice that it also deploys in GovCloud and you can bundle it with their Antivirus tool too.