Protect your most important data assets. Reduce the risk of Azure migration and adoption
Moving to the cloud shouldn’t jeopardize your data security.
Learn How Dig Security protects your Azure data - at rest, in motion, and in real time
The cloud is a strategic priority for the enterprise. But rapid adoption carries risks, and cloud-native security tools don’t offer the same visibility and control as their on-prem counterparts. Sensitive data finds its way to shadow data stores, blob storage, and virtual machines – leading to significant security and compliance risks.
Dig is the enterprise-grade security solution you need to map all the sensitive data that moves through your Azure environment, detect incidents in real-time, and respond to policy violations.
Data Security Posture Management (DSPM)
Gain instant visibility into data flows and business context for your Azure deployment – ETL pipelines, managed and unmanaged SQL databases, and containers on Data Lake Storage Gen2.
Dig discovers and classifies sensitive data records in every data store, creating an up-to-date inventory that will form the basis for your policy checks. It then informs you of any data asset that poses a risk for compliance violation or a security vulnerability.
Data Detection and Response (DDR)
Respond to potential data breaches to protect your organization from reputational, legal, and financial risk.
Dig’s proprietary threat detection engine provides near real-time alerts, identifying high-risk incidents related to sensitive data (such as PII being copied into a public container on Azure Blob Storage) – and allowing security teams to remediate before the damage is done.
Deployment
Dig provides a fully automated solution that is deployed in your Azure account in minutes, with minimal configuration and zero interference with production environments. Dig operates out of band so that no database connections are required.
Since Dig supports all major public clouds (AWS, Azure, GCP, Snowflake), you can deploy a single threat model in hybrid and multi-cloud environments – the same policy applies uniformly across all data assets.
Security Scenarios Dig Solves for Customers
Understand how Dig defuses common data security risks in Azure:
Shadow backups on Blob Storage
Security Risk
SQL Server makes it very easy to create backups to ADLS – which can lead to sensitive data being replicated into an unencrypted or publicly-accessible container.
Dig Security Solution
Dig automatically discovers all Blob containers that store sensitive data; classifies the sensitive data (PII, PCI, HIPAA, etc.); determines the risk level; and alerts the security team
Risky data flows
Security Risk
PII records collected through a web app are stored in CosmosDB, backed up to ADLS, enriched and loaded into Synapse and Azure SQL. The business lacks visibility into the security posture of each service and the principals who have access.
Dig Security Solution
Dig maps the flow of data between services and storage locations, and highlights the resources that pose a security risk - for example, due to overly-permissive access rules or data duplication jobs.
Data leak from an unmanaged database
Security Risk
As part of an on-premise database migration, a production database is duplicated into a Windows VM. The security team is unaware that this VM is running a database, and is also unaware when a snapshot of this database is shared with a third party.
Dig Security Solution
Dig identifies that the VM is running a database, and that the database contains sensitive data. When the snapshot is taken and shared, it alerts the SOC team in real-time so that they can take steps to prevent the exfiltration.
Security Scenarios Dig Solves for Customers
Understand how Dig defuses common data security risks
Shadow backups on S3
Security Risk
A database containing PII has been replicated to an unencrypted S3 bucket, which isn’t managed by the central engineering organization
Dig Security Solution
Dig automatically discovers the S3 bucket containing the shadow backup; classifies any sensitive data contained in the backup; determines the risk level (compliance violation); and alerts the security team.
Sensitive data on unmanaged data store
Security Risk
To test a new use case, a developer has spun up an EC2 machine, installed a PostgreSQL database on it, and loaded customer data into the database.
Dig Security Solution
Dig identifies any virtual machine that has a database installed on it; scans and classifies the data within the PostgreSQL instance; and alerts the security team that sensitive data is being stored in an unmanaged database.
Data exfiltration
Security Risk
An orphaned snapshot of an unused database,
which has not been accessed for a long time, is now being shared with an unfamiliar account.
Dig Security Solution
Dig identifies the breach in real time and alerts security teams, which can take steps to contain the attacker and prevent further data loss.
How it Works
Install in minutes
Data discovery and classification
Dynamic monitoring
Make data security an integral component of your cloud strategy.
Take the steps you need to protect your Azure account today, rather than waiting for an incident to happen. Schedule a call with a Dig Security expert - we’ll help you understand the current threat landscape and discuss ways to reduce the risk of a data breach.
Let’s Talk