AWS Securlet scope and support for Amazon Elastic File System (EFS)
search cancel

AWS Securlet scope and support for Amazon Elastic File System (EFS)

book

Article ID: 265114

calendar_today

Updated On:

Products

CASB Securlet SAAS

Issue/Introduction

AWS Securlet scope and support for Amazon Elastic File System (EFS):

Evaluate applicable Policies to content inspection, network, and management events relating to EFS.

Environment

AWS Securlet

DLP Enforce (v15.8)

Amazon Elastic File System - testing in a Virtual Private Cloud for US-WEST-1 Region with two endpoints (one on Subnet us-west-1a and the other on us-west-1c).

Image below - both endpoints accessing the same file system containing documents containing PII and PCI.

 

Cause

Evaluate logging in CloudSOC Investigate with filter set to AWS Securlet:

Network events such as Security Group creation, launching of EC2 instances, attaching of Network Interface are included in the Securlet logging to Investigate.

Once the endpoint is mounted to the EFS, actions such as folder creation, file creation (upload/download) do not yield logging activity to the Securlet.

The creation (or deletion) of the Elastic File Systems (independent of the endpoints (EC2's) they are mounted only log network activity to the Securlet.

 

Resolution

Content Inspection is not supported at this time for Elastic File System.

The AWS Securlet Policy does support certain activities relating to the endpoints (EC2's), the Security events, network events, etc.; however, the EFS doesn't currently directly log activity.

 

Powered by Wolken Software