Data Loss Prevention (DLP) for Amazon S3 & EC2 is an in-tenant solution that leverages data classification to identify sensitive data at petabyte scale. You can then automatically quarantine objects / files across all S3 buckets or tag sensitive data stored in EC2 (EBS volumes), EFS, and FSx to ensure you're protected against data breaches. Knowing where PII exists in your applications and automatically protecting that data enables you to proactively manage data privacy and meet compliance frameworks like SOC 2, PCI DSS, and HIPAA.

HOW THIS SOLUTION IS DIFFERENT We have harnessed three decades of DLP experience to give you an automated solution with:

• Multiple Scanning Models
• Custom RegEx Policy Creation
• Configuration Intelligence
• Simplified Setup
• Security First Approach with In-Tenant Scanning

Scanning Models This solution offers three flexible scanning options that integrate seamlessly into your workflow:

• Event - scan new data in real time when dropped into storage (easy to integrate into workflows because minimal code changes are needed)
• Retro - scan existing data on demand or via schedule (use to baseline data and for compliance audits)
• API - scan data in real time via a REST-based API before they are written (useful for workflows where the scan dictates whether a file should be stored/used based on scan verdict)

Custom RegEx Write custom regular expression (RegEx) policies with the help of our Amazon Bedrock integration. All you need to do is enter a simple text prompt to identify patterns or text and the exact value you need for the rule will be created within the console. The solution also comes with predefined policies for common personally identifiable information items like social security numbers or credit card numbers.

Configurations Quickly gain visibility into misconfigurations including publicly accessible buckets as well as encryption status via a single unified dashboard.

Setup Deploy via AWS CloudFormation or HashiCorp Terraform in less than 10 minutes. Initial scanning setup takes less than 5 minutes with just a few clicks of the mouse. Follow the Getting Started Guide: https://help.cloudstoragesec.com/getting-started/summary/ .

Security First This solution installs and runs in your AWS account, so data never leaves your environment or region. Additional ways to further enhance security include centralized security services account deployment with linked accounts and a private VPC endpoint deployment option.

CUSTOMER-FAVORITE FEATURES

• Automated serverless architecture
• Real-time, scheduled & on-demand scanning
• Easy management console, built-in dashboards & detailed reporting
• Automatic data discovery & scaling across multiple accounts & regions
• XL file scanning
• Problem file remediation (automatic Quarantine, Tag, Delete)
• Robust notifications & integrations - this solution integrates with third party ticketing, Slack, Microsoft Teams, Amazon Chime, SIEM, Amazon SNS, AWS Security Hub, AWS CloudTrail, AWS Control Tower, AWS Transfer Family, and more

ONLY PAY FOR WHAT YOU SCAN Pricing at payment terms that fit with your procurement process. We offer pay-as-you-go pricing, prepaid discounts, and private offers. Contact us at https://cloudstoragesec.com/contact  to discuss the best pricing option for you.

EXTEND COMPLIANCE AND SECURITY WITH ADVANCED THREAT PROTECTION In addition to data privacy and protection requirements, many compliance frameworks and regulations require organizations to implement procedures that protect against advanced threats such as ransomware. This solution also offers malware detection and prevention. Identify malicious code at petabyte scale by leveraging the power of Sophos, CrowdStrike, or ClamAV®. Engines may be used individually or simultaneously to optimize accuracy and performance.