How Dig Security and CrowdStrike Join to Deliver the First DSPM with Malware Detection

table of contents

Organizations rely on the ability to upload large amounts of data to the cloud. Due to the explosion of data that is impacting public clouds and other cloud data environments, it is too easy for security professionals to lose track of what data is stored in the cloud and how it is being handled. Unmonitored and unsecured data can easily be infected by malware, and if not detected, it evolves into a ticking time bomb that threatens business processes and operations. A new approach that combines data security posture management (DSPM) with malware analysis can prevent this from happening.

Automated cloud data security with Malware Analysis: How it works

Dig's data security posture management (DSPM) platform is an agentless cloud-native solution that deploys in minutes and provides visibility and control with real-time monitoring into all the data that customers store and process in the cloud.

When combined with CrowdStrike’s Falcon Intelligence, upon the discovery of new cloud object storage, the joint solution automatically scans it for malware and issues a risk upon identification to ensure timely removal of the infected data.

The following diagram shows the integration as it works step-by-step:

Dig’s data security platform performs data discovery and classification of customer data anywhere across clouds environments, building a unified inventory of all the data
Dig identifies data issues that need attention such as sensitive data found in non-compliant locations, shadow data containing sensitive information and other executables that require analysis
Dig calls CrowdStrike’s Threat Intelligence API to perform analysis on the newly discovered data
CrowdStrike’s automated malware analysis scan the data to detect potential threats
If found, malware is reported in Dig’s dashboard as a risk and notification is sent to the team for immediate remediation

This integration protects cloud data assets from malicious content across all cloud storage types spanning today’s modern enterprises data landscape:

Cloud storage buckets, such as Amazon Simple Storage Service (Amazon S3), Azure Blob Storage, and Google Buckets;
FileStores and other unstructured data stores that live in the cloud;
Other IaaS, PaaS, and DBaaS providers, including Databricks, Oracle Cloud, and Snowflake.

The ultimate cloud data security: solution benefits

Deploying the integrated solution takes only a few minutes to unlock many benefits including:

Visibility into malware hidden in cloud object storage: understand where in the cloud you are vulnerable, gain full understanding of the content and the context of the infected data so you can replace it if needed and notify the right people to ensure business continuity.
Reduced data risk by eliminating file infection: file infection is a ticking bomb as it may remain dormant until it is accessed and then create damage or spread to other files and locations. Detecting malware and eliminating further infection dramatically reduces cloud data risk.
Immediate insights using an agentless cloud native solution: the ease of deployment ensures that results are produced in minutes rather than months, as offered by legacy solutions.
Better compliance and audit with industry standards: many regulations such as PCI, NIST and GDPR require malware detection to protect sensitive data in storage. Provide the necessary reports to your auditors for faster compliance.

From content upload to cloud hygiene and compliance: these are the use-cases

Following are examples of use-cases where the new integration is being used by modern organizations:

Use Case / Challenges	Solution Description
Automate malware identification in content uploaded to cloud storage	The combined integration scans the different cloud object storage for malware and issues a risk upon identification
Prevent malware from spreading through lateral movement in cloud	As cloud data continuously changing and moving, Dig + Crowdstrike joint solution ensures that security teams are notified of malware and can automate the response to remove it and prevent data from traveling and infecting more storage places
Comply with requirements to provide malware scanning from untrusted sources	When malware is detected and analyzed it will show as a risk in Dig’s dashboard for full audit and forensic records

Cloud data security best practices: a few notes to keep in mind

When deploying a cloud data security solution there are a few best practices to keep in mind:

Cloud data can be everywhere and since data constantly travels it is important to cover the entire data attack surface. This includes public cloud environments, PaaS and IaaS, as well as Database as service environments (DBaaS) such as Snowflake Databricks and Oracle cloud
Deploying agents in cloud environments is not feasible in PaaS and DBaaS environments and should not be considered for other environments for the complexity and heavy maintenance it demands. Look for an agentless cloud native solution.
Data should never leave the customer cloud for compliance and security reasons. If copied to the vendor's environment it is no longer controlled by the organization and could suffer from new threats as it extends its attack surface. Look for a solution that understands data security inside and out.

Interested in learning more? Contact us here

‍