Products and Services PRODUCTS & SERVICES

Protecting Amazon S3 Buckets from Malicious Files

Amazon S3 buckets are popular for file storage in the AWS platform. Their serverless element requires an alternative approach to traditional endpoint protection for detecting malicious files.
Written by
August 30, 2023
Products & Services Sophos Cloud Sophos Cloud Native Security Sophos Cloud Optix

Amazon Simple Storage Service (S3) is among the most popular AWS services. Most AWS customers will use S3 buckets for short or long-term storage of files.

Often, malicious files and code are only considered dangerous when executed on a device as a part of an attack. However, with adversaries constantly looking for new ways to hide their activities from defenders, simply having malicious files in any storage mechanism – be it on a device, a file server, or an S3 bucket in AWS – is a major security risk. Organizations should not allow any file storage method, including Amazon S3 buckets, to be a mechanism for distributing malicious files.

Securing Amazon S3 Buckets

Using traditional endpoint or server protection to scan files in an S3 bucket or when uploaded to the S3 bucket is more complex than it sounds: an S3 bucket is a serverless element of the AWS platform, making installing a traditional endpoint or server protection product impossible.

Our new Serverless Storage Protection capability in Sophos Cloud Optix, part of Sophos Cloud Native Security, uses a serverless approach to detecting malware/malicious code in files stored in S3 buckets. It scans all files uploaded or changed for threats, with the option to also scan existing objects for malicious files.

With Serverless Storage Protection, all file types are supported for scanning, including all of the most popular file types stored in S3 buckets: executables, media, documents, etc. Files up to a maximum of 2.5TB can be scanned.

If a threat is found in a file in an S3 bucket, an automatic threat response will be taken, and an alert will be displayed in the management console. The automatic threat response can be configured to delete or quarantine the file. The file contents do not leave your cloud environment during scanning, alleviating privacy concerns.

Learn More and Get Started

Serverless Storage Protection is automatically available to all Cloud Optix customers and can be found in the Cloud Optix management web console. For more information, check out the online help.

Sophos Cloud Optix is a powerful cloud security and posture management tool that helps you quickly identify cloud resource vulnerabilities, ensure compliance, and respond to threats faster across multi-cloud provider environments. Learn more about how Sophos protects cloud environments or start a free trial of Cloud Optix today.

About the Author

Josh is Product Manager for Cloud Native Security at Sophos.

Read Similar Articles

Leave a Reply

Your email address will not be published. Required fields are marked *