Automated Security Service – AWS Inspector | Improve the Security and Compliance of your AWS Applications

Introduction to AWS Inspector

AWS Inspector is a service to test the network accessibility of your Amazon EC2 instance(s) and the security state of your applications that run on those instances. It assesses the target EC2 instance(s) and checks for vulnerabilities and potential security threats. To leverage Amazon Inspector, you need to install an agent on the target EC2 instance (s).

Let us look at the newly revamped AWS Inspector. This vulnerability management service was first launched in 2015 and was fantastic. But over the years, it started to show its age, and it was breaking down under some new fundamental ways that we are using new services in the AWS cloud. It was completely revamped and relaunched last year as a brand-new modernized AWS Inspector.

Amazon Inspector’s agent will monitor the behavior of your EC2 instance(s) and collect telemetry information around the network, file system, and any processing activity. To perform an assessment, you need to create an assessment template and select rules depending on the test you would like to achieve.

Amazon Inspector can be fully automated through an API, allowing you to incorporate security testing into the development and design process.

Architecture Diagram of AWS Inspector

There are three main reasons the newer version is way better than the original version.

Top Features

• Easier to deploy:

  AWS inspector now leverages the AWS Systems Manager agent, commonly deployed on almost every AWS-managed AMI. It is also integrated with AWS Organizations to one-click deploy and enable AWS Inspector across all your accounts.

• Continuous scanning:
  

  In the traditional approach, there was a need to explicitly point out resources and workloads to include in the assessment. Also, they were 15 minutes or 30 minutes, or 24 hours long, after which the user was able to get the results of the findings from the assessment. This approach was time-taking and not efficient. But the modernized AWS Inspector automatically discovers the resources and starts scanning them continuously.

• Container Image scanning:
  

  Container images stored in Amazon ECR are scanned by Amazon Inspector for security vulnerabilities to generate Package Vulnerability findings. By using Amazon Inspector, you receive the benefit of vulnerability scanning at the registry level for both operating systems and programming languages.

Benefits of AWS Inspector

• It integrates security testing as a part of your development, deployment, and production processes
• Identify any security issues or threats that need attention and recommend corrective action(s)
• A near-real-time vulnerability finding service with automated discovery and continued scanning
• Establish a Delegated Administrator account for your organization to manage, configure, and view findings for all its accounts
• The Inspector risk score incorporates contextual and meaningful information for each finding, making it easier to set more precise response priorities
• A simple dashboard displays Amazon Inspector coverage metrics, including accounts, Elastic Container Registry repositories (ECR), and EC2 instances, which Amazon Inspector scans
• Automate workflows and ticket routing by integrating with AWS Security Hub and Amazon EventBridge

Pricing

The following table describes the pricing model for AWS Inspector in Mumbai region:

Source: https://aws.amazon.com/inspector/pricing/

Conclusion

In our discussion of AWS inspector so far, we have discussed its overview, working, features, and pricing model. There is still more to learn about the AWS Inspector service, so I encourage you to see the official documentation from AWS. If you have any doubts, or queries about AWS Inspector, security and compliance, or any other AWS services, then drop a note in the comment section and I will get back to you quickly. 

About CloudThat

CloudThat is the official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner and Microsoft gold partner, helping people develop knowledge of the cloud and help their businesses aim for higher goals using best in industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.

CloudThat is a house of All-Encompassing IT Services on the cloud offering Multi-cloud Security & Compliance, OTT-Video Tech Delivery Services, Cloud Enablement Services, Cloud-Native Application Development, and System Integration Services. Explore our consulting services here.

FAQs

1. How do I connect to other AWS services using Inspector?

Until the Inspector service-linked role is formed, some existing customers may be able to use an IAM role that was generated when they first started with Inspector to access other AWS services. The Inspector service-linked role can be created through the Inspector console’s dashboard page.

2. What are the necessary steps to migrate from Classic to the new version of AWS Inspector?

By removing all assessment templates in your account, you can turn off Amazon Inspector Classic. You can retrieve findings from previous assessment runs as reports or export them using the Amazon Inspector API. You may enable the new Amazon Inspector Inspector with a few clicks in the AWS Management Console or by using the new Amazon Inspector APIs.

WRITTEN BY Aishwarya Joshi

Aishwarya works as a Research Associate (AWS Media services) with CloudThat. She is an enthusiastic individual and a good team player. A positive attitude is her way of dealing with everything. She enjoys learning new technologies and exploring various ways of problem-solving. As of late, she has become proficient in cloud services and enjoys writing technical blogs.