Frequently Asked Questions -
CWP for Storage - Azure

1. Will I get access to both Azure and AWS S3 if I subscribe to CWP for Storage Anti-malware ?
Yes. If you subscribe to
Cloud Workload Protection for Storage
Anti-Malware subscription, then you can scan both AWS S3 buckets and Azure blob store.
2.Where is the data scanned? Does it leave the boundary of my network?
Cloud Workload Protection for Storage
is designed in such a way that data does not leave the organizational boundary for scanning. The
Cloud Workload Protection for Storage
Controller Unit along with the Protection Unit gets installed in the VPC or Virtual Network of your cloud environment. The data is downloaded and scanned on the Protection Unit. The result of the scan is in the form of an event that is passed to the
Cloud Workload Protection for Storage
console. However, the data remains within the organization's boundary and is promptly destroyed after scanning.
3. How can I be assured that data is being scanned in secure environment?
The
Cloud Workload Protection for Storage
Controller Unit and Protection Unit are secured by the Network security groups to guard against any unauthorized access. You can choose to deploy
Cloud Workload Protection for Storage
using your existing network that has a Network security group that you control.
Additionally you can choose to protect the Protection Unit virtual machines, where data is processed, using the Azure Disk Encryption functionality.
You can also configure the deployment to work with proxy server, however make sure that Azure services are accessible to
CWP for Storage - Azure
Azure application.
4.Is there any way I can consume result of a file scan from
Cloud Workload Protection for Storage
in our custom application ?
Cloud Workload Protection for Storage
application provides you option to publish scan logging to your storage queue.
5. How the proxy works in case of CWP for Storage - Azure Blob?
When you deploy Blob in
CWP for Storage - Azure
Proxy, only Symantec Cloud Connection and definitions updates are routed through proxy server. Rest all requests to Azure services are expected to be routed through the Azure environment by configuring the Network security group using Azure service tags.