What is File Storage Security?

Trend Micro Cloud One™ – File Storage Security provides anti-malware scanning on files in cloud storage services such as Amazon Web Services (AWS) and Azure.

How it works

When a user or program uploads a file to a designated cloud storage container, File Storage Security performs a scan. The scan is performed only on the added file, not on existing resources in the storage container. When the scan is complete, your custom plugins or Lambdas take the scan results and connect with your downstream workflow for further processing.

File Storage Security can detect all types of malware including viruses, trojans, spyware, and more.

Files never leave your environment.

Can any file be scanned?

Yes. Files of all types and sizes can be scanned.

How long do scans take?

Scan time depends on the file size and type, and can range from around 3 to 25 seconds. For details, see Performance metrics (scan times).

How does the solution scale?

Because the File Storage Security scanner is a Lambda function, it can handle multiple scans concurrently, and will scale up (or down) automatically in response to increases (or decreases) in load. For details, see Performance and scaling.

Stack contents

File Storage Security is deployed using AWS CloudFormation templates. You can review these templates to see what resources make up each stack.

The template files are available for review on GitHub, here:

https://github.com/trendmicro/cloudone-filestorage-deployment-templates

Internet connections in a scan flow

When the scanner communicates, it involves three kinds of connections to the Internet via HTTPS port 443:

  • Connection to Trend Micro Global Smart Protection Server (c1fss1.icrc.trendmicro.com)
  • Connection to various AWS services, such as S3, SQS, and SNS
  • Connection to File Storage Security telemetry service endpoint (filestorage.CLOUD_ONE_REGION.cloudone.trendmicro.com/api/telemetry)

    The CLOUD_ONE_REGION in the endpoint is decided according to the Cloud One Region parameter of the deployment templates

The scanner may access Smart Protection Server during a scan, and access AWS services during a scan (S3 and SQS) and after a scan (SNS). For flow detail, refer to Architecture.