Data compliance & data risk management (CISO)
Data compliance refers to the adherence to laws, regulations, standards, and policies governing data collection, storage, use, and dissemination. It ensures that an organization handles and protects sensitive information per established guidelines, including personal data privacy laws, industry-specific regulations, and company policies. Data compliance aims to protect sensitive information, ensure data security, maintain the privacy of individuals, and reduce the risk of legal consequences in case of data breaches or misuse of information.
Regular malware scanning is integral to an overall data security strategy and can help improve an organization’s overall security posture by identifying and mitigating potential security risks.
Our customers use the following options to defend their data in real-time.
Quarantine infected files
A quarantine approach is a security technique to isolate potentially harmful data to prevent it from spreading and causing damage to users. To protect data using this approach, the following steps are needed:
- Data scanning: All incoming data is scanned for potential threats in real-time. All existing data is scanned regularly.
- Isolation: Infected data is moved to a separate, isolated location, known as a quarantine bucket, where it can be further analyzed and dealt with.
- Analysis: The isolated data is thoroughly analyzed to determine if it is malicious and how it can be neutralized or removed.
By using a quarantine approach, organizations can reduce the risk of malware infections and maintain the security and integrity of their data.
Setup
- Follow the Getting started guide (reporting part is optional).
- Install the Quarantine infected files Add-On.
Summary
| Pros | Cons |
|---|---|
| Thorough analysis and evaluation of the malware, leading to complete removal of the threat | Takes more time to complete |
| Ability to maintain a record of the malware for future reference or analysis | Requires staff trained to deal with infected files |
| Reduced risk of data loss caused by false positives |
Delete infected files
Deleting infected files as soon as detected is a low-effort approach.
Setup
Follow the Getting started guide (reporting part is optional).
Summary
| Pros | Cons |
|---|---|
| Quick removal of the threat, reducing the risk of further spread and damage | Possibility of false positives, leading to deletion of benign data |
| Minimal analysis and remediation time | Lack of a thorough analysis of the malware |
| Eases the process of ensuring compliance with security policies and regulations | Risk of data loss if the malware is deeply integrated into the data |
Reporting only
Instead of removing the threat, you can also minimize the impact by only observing the data using reporting capabilities of bucketAV.
Setup
- Follow the Getting started guide.
- Set the DeleteInfectedFiles configuration parameter to
false.
Summary
| Pros | Cons |
|---|---|
| Minimal impact on the data lake, reducing the risk of data loss or false positives | Does not remove the malware, leaving the data lake at risk of further spread and damage |
| Ability to track and analyze malware trends and patterns | Does not provide a thorough analysis of the malware, which can limit the understanding of the threat |
| Low resource requirements for maintaining the approach | May not comply with security policies and regulations requiring the removal of malware from the data lake. |