Dig Security on AWS

Cloud Data Security That Lets You Build with Confidence

Download Datasheet
aws marketplace

AWS is key to your continued innovation, but data sprawl can become risky.

Dig Security is a single tool to protect all your AWS data - at rest, in motion, or in use. Between S3 buckets, managed databases, and virtual machines, it’s easy to lose track of your most sensitive data assets. Dig Security unifies static and real-time data protection to harden your security posture, improve compliance, and detect breaches in your AWS environment the moment they occur (rather than three months later). Dig’s industry-leading threat model is based on meticulous investigation of previous breach incidents, in AWS and other public clouds, and is continuously updated as new attack verticals are discovered.

AWS Partner tagAWS Partner Amazon RDS Ready tagAWS Partner AWS Marketplace Seller tagAWS Qualifies Software tag

Dig Security is a certified AWS partner for Global Startup, RDS Service Ready, and Plug and Play. As part of the partnership, Dig Security & AWS teams are working according to the “Better Together” concept, providing both business and technology benefits to their mutual customers.

Data Security Posture Management (DSPM)

Get an up to date inventory and classification of all sensitive data in your AWS account and in other public clouds. Dig scans AWS data stores (such as S3, RDS, and Aurora); unmanaged databases (VMs on EC2); and 3rd party services (Snowflake). Find shadow data, understand data flows, and prioritize risks. Apply best practices or bespoke security policies.

Data Detection and Response (DDR)

Go beyond static risk analysis with dynamic monitoring that identifies breaches or severe risk incidents in real time. Get alerts when sensitive data is copied or exfiltrated from your AWS account and apply a unified threat model across hybrid and multi-cloud environments.

Technical integrations

Dig works across all major public clouds (AWS, Azure, GCP, Snowflake). Notifications and alerts can be sent via email, Slack, or webhooks. Connect to an existing IdP to provide a context layer for data access.

Security

Data never leaves your AWS account, and stays segregated. Data is scanned in the same AWS region and in the same PCI environment where it is hosted to respect data sovereignty rules.

Security Scenarios Dig Solves for Customers

Understand how Dig defuses common data security risks:

Shadow backups on S3

Security Risk

A database containing PII has been replicated to an unencrypted S3 bucket, which isn’t managed by the central engineering organization

Dig Security Solution

Dig automatically discovers the S3 bucket containing the shadow backup; classifies any sensitive data contained in the backup; determines the risk level (compliance violation); and alerts the security team.

Sensitive data on unmanaged data store

Security Risk

To test a new use case, a developer has spun up an EC2 machine, installed a PostgreSQL database on it, and loaded customer data into the database.

Dig Security Solution

Dig identifies any virtual machine that has a database installed on it; scans and classifies the data within the PostgreSQL instance; and alerts the security team that sensitive data is being stored in an unmanaged database.

Data exfiltration

Security Risk

An orphaned snapshot of an unused database, which has not been accessed for a long time, is now being shared with an unfamiliar account.

Dig Security Solution

Dig identifies the breach in real time and alerts security teams, which can take steps to contain the attacker and prevent further data loss.

Security Scenarios Dig Solves for Customers

Understand how Dig defuses common data security risks

Shadow backups on S3

Security Risk

A database containing PII has been replicated to an unencrypted S3 bucket, which isn’t managed by the central engineering organization

Dig Security Solution

Dig automatically discovers the S3 bucket containing the shadow backup; classifies any sensitive data contained in the backup; determines the risk level (compliance violation); and alerts the security team.

Sensitive data on unmanaged data store

Security Risk

To test a new use case, a developer has spun up an EC2 machine, installed a PostgreSQL database on it, and loaded customer data into the database.

Dig Security Solution

Dig identifies any virtual machine that has a database installed on it; scans and classifies the data within the PostgreSQL instance; and alerts the security team that sensitive data is being stored in an unmanaged database.

Data exfiltration

Security Risk

An orphaned snapshot of an unused database,
which has not been accessed for a long time, is now being shared with an unfamiliar account.

Dig Security Solution

Dig identifies the breach in real time and alerts security teams, which can take steps to contain the attacker and prevent further data loss.

How it Works

Dig Security can be set up in your cloud environment in minutes
Once running, Dig discovers and classifies sensitive data stored on both managed and unmanaged databases, or as files on S3, and suggests ways to reduce static risk to data.
Dig will continuously monitor data events in real time, and alert you to exfiltration attempts

Don’t become a cautionary tale.

Take the steps you need to protect your AWS account today, rather than waiting for an incident to happen. Schedule a call with a Dig Security expert - we’ll help you understand the current threat landscape and discuss ways to reduce the risk of a data breach.

Let’s Talk