AWS Storage Blog

How Trend Micro uses Amazon S3 Object Lambda to help keep sensitive data secure

Does your application handle data that is uploaded by hundreds of thousands of end users? Is that same underlying data then shared across the same magnitude of users? Being able to scan data for malware before it’s returned to an application helps keep sensitive data secure, provides protection regardless of when the data was initially uploaded, and removes the need to periodically rescan your data.

Security is job zero at AWS, and we work with AWS Security Competency Partners like Trend Micro to help customers enhance their security in the cloud.

Many customers have use cases where data is uploaded to Amazon Simple Storage Service (S3) by client applications that are not necessarily trusted. Therefore, these customers often require that uploads go through a malware scanning process before that data can be eventually used. In this blog post, we share how Trend Micro uses S3 Object Lambda to detect whether an object contains malware as it’s being retrieved and before it’s returned to an application. With S3 Object Lambda, Trend Micro is able to perform just-in-time scanning with the latest anti-malware protection on every read, even if the object was written to Amazon S3 long before it was known to be malicious.

About Trend Micro

Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, their cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. Trend Micro’s cybersecurity platform delivers a powerful range of advanced threat defense techniques optimized for AWS.

How Trend Micro uses Amazon S3 Object Lambda

File Storage Security helps keep your sensitive data secure, protecting all file sizes and types. It also maintains data sovereignty by keeping the files and data within your AWS account, avoiding data loss and enabling optimal compliance and mitigation of regulatory risks. File Storage Security was initially launched with the ability to scan objects written to Amazon S3 for malware and now, with S3 Object Lambda, it can scan objects as they’re being retrieved from Amazon S3 as well. With S3 Object Lambda, you can you can add your own code to S3 GET requests to process data before returning it to an application. S3 Object Lambda eliminates the need to create and store derivative copies of your data or to run expensive proxies, all with no changes required to your applications.

This additional functionality delivered by S3 Object Lambda provides File Storage Security with important benefits. The biggest benefit is that the object is scanned with the latest anti-malware protection on every read, even if the object was written to Amazon S3 long before it was known to be malicious. Once connected to File Storage Security, malicious objects are automatically detected when accessed by users, without needing to perform a full rescan of your data periodically. Now, the latest protection is performed automatically, saving you time and resources. Additionally, on the AWS Marketplace, File Storage Security is priced on the number of inspected files. By scanning objects as they’re retrieved from Amazon S3 without needing to rescan all existing objects, you can reduce your File Storage Security cost while improving your security posture.

Together with S3 Object Lambda, this new feature provides a benefit if you host documents for end users to download. If you want to make sure that users will not download malicious documents, potentially hurting an organization’s reputation, you can use this new capability on File Storage Security to block malicious files from being downloaded.

“We love the simplicity in getting started. By using S3 Object Lambda in our File Storage Security solution, we were able to complete a proof-of-concept in less than a day, with the first full version including integration into the existing plugin set finished a day later.”

 – Mike Milner, Director of Product Management, Trend Micro

How it works

File Storage Security’s architecture was built using AWS resources and is deployed in a customer’s AWS account, as illustrated in Figure 1. This allows File Storage Security to scale as your needs change and keeps data secure in your AWS account. With the existing write path, when a new object is uploaded to an Amazon S3 bucket, an Amazon SQS message is generated within your AWS account that triggers an AWS Lambda function. The Lambda function executes the malware scan and tags the object as malicious or clean, depending on the scan result. You can also connect plugins to perform additional actions; for example, as soon as the file is tagged as malicious, a plugin can move the tagged object to a specified quarantine S3 bucket.

Figure 1 - File Storage Security Flow Diagram

Figure 1: File Storage Security Flow Diagram

Now, with S3 Object Lambda, we use much of the same architecture for the read path, as illustrated in Figure 2. Upon read of the object through the S3 Object Lambda endpoint, a Lambda function is called to scan the object. Identical to the write path, if malware is detected, File Storage Security can prevent the object retrieval and trigger the same customizable plugins (that is, move the object to a quarantine S3 bucket). By unifying the plugins and scanning actions for both ingress and egress, you can simplify your malware monitoring and improve your security posture.

Figure 2 - Upon read of the object through the S3 Object Lambda endpoint, a Lambda function is called to scan the object. (1)

Figure 2

Conclusion

In this post, we shared how Trend Micro integrated with Amazon S3 Object Lambda to deliver malware scanning as objects are being retrieved from Amazon S3, and how you can use File Storage Security to detect, quarantine, and manage potential malware risk. With S3 Object Lambda, Trend Micro performs just-in-time scanning with the latest anti-malware protection on every read, even if the object was written to Amazon S3 long before it was known to be malicious, helping you keep sensitive data secure and save time and money on periodic data scans.

Trend Micro Cloud One File Storage Security is available on the AWS Marketplace with a 30-day free trial. You can use S3 Object Lambda with the AWS Management ConsoleAWS Command Line Interface (AWS CLI), and AWS SDKs. To learn more about S3 Object Lambda, visit the product detail page, getting started tutorial in the S3 User Guide, and the AWS News blog post.

Thanks for reading this blog post on S3 Object Lambda and Trend Micro, if you have any comments or questions, feel free to leave them in the comments section.

This post was co-written by AWS and Trend Micro, an AWS Independent Software Vendor Partner. 

Andrew Kutsy

Andrew Kutsy

Andrew is a Product Manager with Amazon S3. He joined Amazon in 2016 and loves talking to customers to learn about the innovative ways they use AWS. He obsesses over coffee, enjoys traveling, and is currently on a search for the best croissant in the world.

Brendan Johnson

Brendan Johnson

Brendan Johnson is a Senior Architect at Trend Micro, leading innovation in cloud native and hybrid cloud security. With 20 years of experience, he has worked with everything from cryptography, HPC, embedded to cloud. In his spare time, he likes to weightlift and experiment with homebrewing.

Lee Kear

Lee Kear

Lee Kear has been working in IT since she received her Master’s Degree in Computer Science from the Georgia Institute of Technology in 1999. She started working at AWS in 2012 as a systems engineer on the Amazon S3 team. She became the first Storage Specialist Solutions Architect specializing in S3 in 2016 and she still enjoys this role today. She loves to help customers use S3 in the most efficient, performant, and cost effective way possible for their use case. Outside of work, she enjoys traveling with her fiancée.