AWS Partner Network (APN) Blog
Protect your Amazon S3 files with Menlo File Security
By: James A. Beasley, Vice President, Alliances – Menlo Security
By: Erick Dame, Sr. Solutions Architect – AWS
 |
| Menlo Security |
 |
Organizations store critical business data in Amazon Simple Storage Service (Amazon S3), ranging from customer records to financial documents. Although Amazon S3 provides robust security features for storage and access control, organizations often need additional layers of protection for file content validation. This is particularly important when files enter S3 through multiple channels such as customer portals, employee uploads, or automated processes.
In this post, we show how you can enhance your Amazon S3 security using Menlo’s File Security technology to proactively protect your files from both known and unknown threats.
Key benefits
The integration of Menlo with Amazon S3 provides three core advantages for your cloud storage security: enhanced threat protection, seamless Amazon Web Services (AWS) integration, and simplified compliance management.
To enhance threat protection, Menlo File Security technology processes files at the component level using Content Disarm and Reconstruction (CDR) to eliminate both known and unknown threats without generating false positives. CDR removes embedded malware while preserving file functionality and prevents threats from reaching your environment through proactive sanitization.
CDR integrates directly with Amazon S3, AWS Lambda, and Amazon API Gateway. It processes files automatically without affecting user workflows and scales dynamically with your AWS infrastructure.
Organizations can strengthen their regulatory compliance posture through automated file sanitization that aligns with Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and Payment Card Industry Data Security Standard (PCI DSS) requirements. CDR offers complete preservation of file functionality, including macros and formatting, and comprehensive audit trails of file processing activities.
Solution overview
The solution we discuss combines the enterprise-grade storage capabilities of Amazon S3 with Menlo’s File Security technology to create a comprehensive file security system. Here’s what we’ll cover:
1. How Menlo File Security integrates with AWS services to sanitize files
2. Real-world applications across different industries
3. Implementation benefits and considerations
The following graphic shows an overview of the solution.
Figure 1: Menlo File Security solution overview
Prerequisites
Before implementing this solution, you need:
• An AWS account with access to these services:
– Amazon S3
– AWS Lambda
– Amazon API Gateway
• Appropriate AWS Identity and Access Management (IAM) roles and permissions for these services
• A Menlo File Security license (contact Menlo for details)
How it works
Menlo’s solution integrates with your AWS infrastructure through built-in service integrations. When a file is uploaded, the following process occurs:
1. An end user application writes a file to an S3 bucket.
2. Amazon S3 creates an ObjectCreated event notification and sends to an Amazon Simple Storage Service (Amazon SQS) queue
3. Menlo to Amazon S3 connector polls SQS queue for messages
4. Events are pulled from queue and processed
5. File objects are retrieved from the S3 bucket and delivered to the Menlo File Security Positive Selection Engine
6. The Positive Selection Engine processes the original file and returns a sanitized version
7. The file is posted to the S3 bucket as a new version of the file with the tag Key:Menlo, Value:Sanitized
The following diagram illustrates the integration flow from Amazon S3 to Menlo.
Figure 2. Menlo to Amazon S3 integration technical flow
Real-world applications
Organizations across various sectors use this solution to protect their data. For example, a large healthcare network uses this integration to automatically sanitize incoming patient documents before they enter their Amazon S3 document management system. This helps them maintain HIPAA compliance while ensuring clinical teams can access files without delay. A global bank implemented the solution to process loan applications and supporting documents. They’ve maintained their rapid processing times while adding an essential security layer that protects against document-based threats.
Implementation benefits
When you implement this solution, you gain several advantages. Files are automatically sanitized without manual intervention, which saves time and effort. Processing occurs in milliseconds, preserving your workflow speed. The solution works seamlessly with your existing AWS services and helps meet various compliance requirements through comprehensive file sanitization.
Conclusion
By combining the storage capabilities of Amazon S3 with Menlo File Security, you can create a robust file security system that protects your organization from file-based threats while maintaining operational efficiency.
Menlo Security File Protection for Amazon S3 provides advanced Content Disarm and Reconstruction (CDR) and Data Detection and Response (DDR) capabilities to keep every file in your S3 environment safe and compliant.
Try Menlo File Security at no cost in AWS Marketplace.
.
Menlo Security – AWS Partner Spotlight
Menlo Security is an AWS Advamced Technology Partner that delivers cloud-based security that eliminates malware and phishing threats by isolating all web and email content in a secure cloud environment.