Many cloud customers operating in IaaS and PaaS are looking for a malware detection, av scanning of files, or storage av scanning solution with there Azure Storage accounts (Blobs and Files). This space is still early and there are options today that customers can adopt. Depending on your level of comfort and architecture needs they may move you into a solution. The great news is cloud allows you to adopt and prototype rapidly to fit your security business needs.
Start with asking a few questions as you approach a solution:
Do you have any architecture or diagrams to visualize the file flow ?
How large are the files (upper end) ?
How frequent are the files in a minute\hour ?
How do files initial ingest\land ?
How fast-responsive does the scan\determination need to be ?
Where do files need to go after determination ?
How comfortable are you with PowerAutomate\Logic Apps ? Comfortable on PowerShell\C# or other coding-scripting ?
Once you have answers to these questions and have a sense of how the business uses Azure Storage with applications, users, and processes you can proceed to identifying a solutions to bring antimalware to storage.
Some practical options to identify and explore:
Option 1: AV Storage Solution (Function, VM, Windows Defender AV)
Natively works with Azure Storage Blobs
Detection is active scan upon blob upload to a container, with a move path to quarantine container or if clean another container for active use by user\process\application
Solution protects one storage account and one container for AV scanning
Customization will be code level C#
Can scale and handle medium to large blobs and volumes of blobs
Cost can be low as a meters are compute, functions running
Option 2: Azure Storage for Defender (passive file hash analysis detection)
Natively works with Azure Storage Blobs and Files
Detection is passive using hash reputation analysis, detection may take a long time and is not immediate
Can utilize ASC workflow automation | Ask-Remove-MalwareBlob
Test version to handle Azure Files and Blobs:
Customization is no code - low code Logic App
Can scale and handle medium to large blobs\files and volumes of blobs\files
Cost can be low to medium using Azure Defender for Storage and Logic App
Option 3: Build your own Logic App
Natively works with Azure Storage Account Blobs and Files \ on-prem file share scenarios \ FTP \ SFTP \ SFTP - SSH
Detection is API driven via Logic App Connector
Customization is no code - low code Logic App
Limitations may apply for volume and file size due to API constraints
Cost can be low as the meters are Logic App
In the meantime do you desire to learn more #AzureSecurityCenter ? Subscribe to the Azure Security Center Wrap