AWS is key to your continued innovation, but data sprawl can become risky.
Dig Security is a single tool to protect all your AWS data - at rest, in motion, or in use. Between S3 buckets, managed databases, and virtual machines, it’s easy to lose track of your most sensitive data assets. Dig Security unifies static and real-time data protection to harden your security posture, improve compliance, and detect breaches in your AWS environment the moment they occur (rather than three months later). Dig’s industry-leading threat model is based on meticulous investigation of previous breach incidents, in AWS and other public clouds, and is continuously updated as new attack verticals are discovered.
Dig Security is a certified AWS partner for Global Startup, RDS Service Ready, and Plug and Play. As part of the partnership, Dig Security & AWS teams are working according to the “Better Together” concept, providing both business and technology benefits to their mutual customers.
Data Security Posture Management (DSPM)
Get an up to date inventory and classification of all sensitive data in your AWS account and in other public clouds. Dig scans AWS data stores (such as S3, RDS, and Aurora); unmanaged databases (VMs on EC2); and 3rd party services (Snowflake). Find shadow data, understand data flows, and prioritize risks. Apply best practices or bespoke security policies.
Data Detection and Response (DDR)
Go beyond static risk analysis with dynamic monitoring that identifies breaches or severe risk incidents in real time. Get alerts when sensitive data is copied or exfiltrated from your AWS account and apply a unified threat model across hybrid and multi-cloud environments.
Technical integrations
Dig works across all major public clouds (AWS, Azure, GCP, Snowflake). Notifications and alerts can be sent via email, Slack, or webhooks. Connect to an existing IdP to provide a context layer for data access.
Security
Data never leaves your AWS account, and stays segregated. Data is scanned in the same AWS region and in the same PCI environment where it is hosted to respect data sovereignty rules.
Security Scenarios Dig Solves for Customers
Understand how Dig defuses common data security risks
Shadow backups on S3
Security Risk
A database containing PII has been replicated to an unencrypted S3 bucket, which isn’t managed by the central engineering organization
Dig Security Solution
Dig automatically discovers the S3 bucket containing the shadow backup; classifies any sensitive data contained in the backup; determines the risk level (compliance violation); and alerts the security team.
Sensitive data on unmanaged data store
Security Risk
To test a new use case, a developer has spun up an EC2 machine, installed a PostgreSQL database on it, and loaded customer data into the database.
Dig Security Solution
Dig identifies any virtual machine that has a database installed on it; scans and classifies the data within the PostgreSQL instance; and alerts the security team that sensitive data is being stored in an unmanaged database.
Data exfiltration
Security Risk
An orphaned snapshot of an unused database,
which has not been accessed for a long time, is now being shared with an unfamiliar account.
Dig Security Solution
Dig identifies the breach in real time and alerts security teams, which can take steps to contain the attacker and prevent further data loss.
How it Works?
Don’t become a cautionary tale.
Take the steps you need to protect your AWS account today, rather than waiting for an incident to happen. Schedule a call with a Dig Security expert - we’ll help you understand the current threat landscape and discuss ways to reduce the risk of a data breach.
Let’s Talk