Dig Security on Azure

Protect your most important data assets. Reduce the risk of Azure migration and adoption

Download Datasheet
Azure Marketplace

Moving to the cloud shouldn’t jeopardize your data security.

Learn How Dig Security protects your Azure data - at rest, in motion, and in real time

The cloud is a strategic priority for the enterprise. But rapid adoption carries risks, and cloud-native security tools don’t offer the same visibility and control as their on-prem counterparts. Sensitive data finds its way to shadow data stores, blob storage, and virtual machines – leading to significant security and compliance risks.

Dig is the enterprise-grade security solution you need to map all the sensitive data that moves through your Azure environment, detect incidents in real-time, and respond to policy violations.

Data Security Posture Management (DSPM)

Gain instant visibility into data flows and business context for your Azure deployment – ETL pipelines, managed and unmanaged SQL databases, and containers on Data Lake Storage Gen2.

Dig discovers and classifies sensitive data records in every data store, creating an up-to-date inventory that will form the basis for your policy checks. It then informs you of any data asset that poses a risk for compliance violation or a security vulnerability.

Data Detection and Response (DDR)

Respond to potential data breaches to protect your organization from reputational, legal, and financial risk.

Dig’s proprietary threat detection engine provides near real-time alerts, identifying high-risk incidents related to sensitive data (such as PII being copied into a public container on Azure Blob Storage) – and allowing security teams to remediate before the damage is done.


Dig provides a fully automated solution that is deployed in your Azure account in minutes, with minimal configuration and zero interference with production environments. Dig operates out of band so that no database connections are required.

Since Dig supports all major public clouds (AWS, Azure, GCP, Snowflake), you can deploy a single threat model in hybrid and multi-cloud environments – the same policy applies uniformly across all data assets.

Security Scenarios Dig Solves for Customers

Understand how Dig defuses common data security risks in Azure:

Shadow backups on Blob Storage

Security Risk

SQL Server makes it very easy to create backups to ADLS – which can lead to sensitive data being replicated into an unencrypted or publicly-accessible container.

Dig Security Solution

Dig automatically discovers all Blob containers that store sensitive data; classifies the sensitive data (PII, PCI, HIPAA, etc.); determines the risk level; and alerts the security team

Risky data flows

Security Risk

PII records collected through a web app are stored in CosmosDB, backed up to ADLS, enriched and loaded into Synapse and Azure SQL. The business lacks visibility into the security posture of each service and the principals who have access.

Dig Security Solution

Dig maps the flow of data between services and storage locations, and highlights the resources that pose a security risk - for example, due to overly-permissive access rules or data duplication jobs.

Data leak from an unmanaged database

Security Risk

As part of an on-premise database migration, a production database is duplicated into a Windows VM. The security team is unaware that this VM is running a database, and is also unaware when a snapshot of this database is shared with a third party.

Dig Security Solution

Dig identifies that the VM is running a database, and that the database contains sensitive data. When the snapshot is taken and shared, it alerts the SOC team in real-time so that they can take steps to prevent the exfiltration.

Security Scenarios Dig Solves for Customers

Understand how Dig defuses common data security risks

Shadow backups on S3

Security Risk

A database containing PII has been replicated to an unencrypted S3 bucket, which isn’t managed by the central engineering organization

Dig Security Solution

Dig automatically discovers the S3 bucket containing the shadow backup; classifies any sensitive data contained in the backup; determines the risk level (compliance violation); and alerts the security team.

Sensitive data on unmanaged data store

Security Risk

To test a new use case, a developer has spun up an EC2 machine, installed a PostgreSQL database on it, and loaded customer data into the database.

Dig Security Solution

Dig identifies any virtual machine that has a database installed on it; scans and classifies the data within the PostgreSQL instance; and alerts the security team that sensitive data is being stored in an unmanaged database.

Data exfiltration

Security Risk

An orphaned snapshot of an unused database,
which has not been accessed for a long time, is now being shared with an unfamiliar account.

Dig Security Solution

Dig identifies the breach in real time and alerts security teams, which can take steps to contain the attacker and prevent further data loss.

How it Works

Install in minutes

Dig Security is agentless and can be set up in your Azure environment in a few simple steps.

Data discovery and classification

Once running, Dig discovers and classifies sensitive data stored anywhere in your Azure account. It highlights relevant policies and suggests ways to reduce static risk to data.

Dynamic monitoring

Dig continuously monitors data events by parsing and analyzing Azure logs; it then applies an expert-built threat model to determine risk and alert SOC teams on potential data leak events, in real time.

Make data security an integral component of your cloud strategy.

Take the steps you need to protect your Azure account today, rather than waiting for an incident to happen. Schedule a call with a Dig Security expert - we’ll help you understand the current threat landscape and discuss ways to reduce the risk of a data breach.

Let’s Talk