Enhancements, Fixes and Known Issues 06/12/2024
The following enhancements, fixes, and known issues are found in this release, dated 06/12/2024.
Expanded Coverage
S3 Ransomware/Malware Protection Enhancements
With this enhancement, Elastio supports even larger sets of objects in S3 with its scale-out/scale-to-zero architecture. Elastio S3 ransomware and malware protection provides built-in base inspection of your data, followed by continuous incremental-forever inspection of new objects. It is designed to be affordable and cost-effective with unlimited inspections per month; license fees are tracked by storage/GB protected rather than the number of inspections. It requires a separate CFN that adds SQS queues to track new objects. Detailed instructions are available here.
AWS Backup Restore Test Integration
Elastio integrates fully with AWS Backup Restore Test, which optimizes real-time inspections for ransomware encryption and malware during the restore process. Results can be sent to the AWS Security Hub and AWS Backup console. Supported AWS services are EC2, EBS, EFS, and S3.
AWS Backup Logical Air Gap Vault Integration
Elastio integrates with AWS Backup Logical Air Gap Vault by inspecting AWS Backup recovery points stored in LAG vaults. Supported AWS services are EC2, EBS, EFS, S3.
Entropy Detection via Elastio CLI
Entropy Detection is a new add-on inspection that inspects file-level changes to detect newly non-ransomware encrypted files within a directory. It can run in foreground mode on Linux and in background mode on Linux and Windows. The inspection results generate a list of any newly non-ransomware encrypted files identified on the target storage.
Ransomware and Malware Protection for Azure via Elastio CLI
Azure VMs, Azure managed disks and snapshots as well as Azure recovery service and data protection recovery points, can now be inspected via Elastio CLI deployed on an Azure VM. In this release, the results of the inspection on Azure assets can be observed in Elastio CLI and not the Elastio tenant at this stage. Full support for Azure will be delivered in a future release.
Support for Asia Pacific (Singapore) ap-southeast-1 AWS region
Elastio functionality has been extended to the app-southeast-1 Asia Pacific (Singapore) AWS region.
Improved User Experience
Elastio Ransomware Model Ensemble Enhancements
Between releases, we verified an additional 1250 new ransomware variants. Our team identifies and tests against new ransomware variants daily, updating the model as necessary. The models are automatically updated on each ransomware inspection to ensure the most up-to-date information is used to protect against ransomware encryption.
Customized Inspection Types with Enhanced Tagging
Elastio now enables customers to select which type of inspection (ransomware encryption, malware, entropy) to run. The new tag “elastio:scans” should be added to a resource with one or several (space separated) value(s): “ransomware”, “malware”, “entropy”. Please note that this tag should be used together with “elastio:action=scan” or “elastio:action=ingest-and-scan”.
Ransomware and malware protection for AWS Marketplace instances
Most customers want ransomware and malware protection for AWS marketplace instances. With this new feature, customers who select the “All EC2” option in the policy automatically inspect all marketplace instances which includes many of the most popular infrastructure and cybersecurity software products.
Additional details in inspection results and reports
Elastio now displays additional information in reports and job results, including target asset tags, metadata, number and size of directories.
Filesystem check information rolled up at the VM level
Filesystem Check job data has been extended to include all scan targets including child assets that were included in the scan.
Update on how to grant Elastio permission to use customer-managed KMS keys
With 0.30, customer-managed KMS keys need to have a tag for Elastio to be able to use them in its operation. The tag is elastio:authorize and it must have a value true. If the key is not located in the same account as Elastio, the KMS key policy must be modified to allow the use of the key from the account where Elastio is deployed.
Bug Fixes
-
In rare cases, AWSB recovery point import would fail because the previous job did not clean up properly, leaving too many volumes attached. This issue was fixed by adding a check and cleanup step prior to starting an import job. Additionally, all temporary volumes created by Elastio are now automatically deleted when they are no longer needed.
-
EBS snapshot direct scans sometimes failed because they couldn’t resolve certain paths. We improved the path conversion logic to fix the issue.
-
When using AWS Recovery Testing, scans of S3 buckets from a different region sometimes failed because they couldn’t retrieve the tags for the original bucket. We fixed this issue.