Amazon Inspector

Amazon Inspector Services

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.

Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices.

After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity.

Amazon Inspector tests the network accessibility of your Amazon EC2 instances and the security state of your applications that run on those instances.

Amazon Inspector security assessments help you check for unintended network accessibility of your Amazon EC2 instances and for vulnerabilities on those EC2 instances.

After performing an assessment, Amazon Inspector produces a detailed list of security findings that is organized by level of severity.

These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API.

With Amazon Inspector, you can automate security vulnerability assessments throughout your development and deployment pipelines or for static production systems.

This allows you to make security testing a regular part of development and IT operations.

Benefits of Inspector

Configuration scanning and activity monitoring engine – Amazon Inspector provides an agent that analyzes system and resource configuration.

Built-in content library – Amazon Inspector includes a built-in library of rules and reports.

Automation through an API – Amazon Inspector can be fully automated through an API.

Amazon Inspector Agent

Amazon Inspector also offers predefined software called an agent that you can optionally install in the operating system of the EC2 instances that you want to assess.

The agent monitors the behavior of the EC2 instances, including network, file system, and process activity. It also collects a wide set of behavior and configuration data (telemetry).

Rules and Packages

You can use Amazon Inspector to assess your assessment targets (collections of AWS resources) for potential security issues and vulnerabilities.

Amazon Inspector compares the behavior and the security configuration of the assessment targets to selected security rules packages.

In the context of Amazon Inspector, a rule is a security check that Amazon Inspector performs during the assessment run.

Amazon Inspector assessments are offered to you as pre-defined rules packages mapped to common security best practices and vulnerability definitions.

Examples of built-in rules include checking for access to your EC2 instances from the internet, remote root login being enabled, or vulnerable software versions installed.

These rules are regularly updated by AWS security researchers.

An Amazon Inspector assessment can use any combination of the following rules packages:

Network assessments

Network Reachability – The rules in the Network Reachability package analyze your network configurations to find security vulnerabilities of your EC2 instances. The findings that Amazon Inspector generates also provide guidance about restricting access that is not secure.

Host assessments

Common vulnerabilities and exposures – The rules in this package help verify whether the EC2 instances in your assessment targets are exposed to common vulnerabilities and exposures (CVEs).

Center for Internet Security (CIS) Benchmarks – The CIS Security Benchmarks program provides well-defined, unbiased, consensus-based industry best practices to help organizations assess and improve their security.

Security best practices for Amazon Inspector – Use Amazon Inspector rules to help determine whether your systems are configured securely.

Related posts: