Archive · · 3 min read

AWS Re-launches Amazon Inspector To Find Software Vulnerabilities

AWS re-launches a dramatically improved Amazon Inspector, a software vulnerability discovery/management service.

AWS Re-launches Amazon Inspector To Find Software Vulnerabilities

AWS re-launches a dramatically improved Amazon Inspector, a software vulnerability discovery/management service.

The idea behind these types of services is to scan your servers and containers before they reach production to identify known vulnerabilities so that you are aware of them and can mitigate them appropriately.

Notice I said “mitigate” not “patch”. Patching is just one of many possible mitigations.

Amazon Inspector launched in 2015 and a lot has changed since then. This is a much needed upgrade to the service that should help builders identify these issues with the minimal amount of effort possible.

This 👇 Twitter thread highlights some of the details of the launch…

Tweet 1/11 👇 Next tweet

at #reinvent, @awscloud has just re-launched Amazon Inspector this is HUGE! https://www.youtube.com/watch?v=wi1PDr9n67Y&feature=youtu.be 🧵☁️ #cloud #security

Tweet 2/11 👇 Next tweet 👆 Start

re-launches are hard. @awscloud Macie is way, way better now but still doesn't have the traction it should (a/k/a everyone using it) because of a few years of brutal costs & #ux Inspector has always been better, but now it's a lot more user friendly 🧵☁️ #cloud #security

Tweet 3/11 👇 Next tweet 👆 Start

1: assessments are now continual & automated << no more set time period assessments & super delayed results...if you remembered to scan at all the service now just bubbles up findings == awesome 🧵☁️ #cloud #security

Tweet 4/11 👇 Next tweet 👆 Start

2: Inspector uses "the" @awscloud agent (I think there's only one now) which means it's already there on AWS managed AMIs the service leverages that to find EC2 instances as well as ECR repos 🧵☁️ #cloud #security

Tweet 5/11 👇 Next tweet 👆 Start

3: containers! 🧵☁️ #cloud #security

Tweet 6/11 👇 Next tweet 👆 Start

4: @awscloud Organizations support << about f--king time! enabling Inspector was a pain. I ❤️ to be able to say that, "was" critical improvement for adoption 🧵☁️ #cloud #security

Tweet 7/11 👇 Next tweet 👆 Start

5: see no. 2 ... the custom Inspector agent is out the door. the @awscloud Systems Manager agent—the one agent to rule them all—is now used << again, that greatly simplifies adoption 🧵☁️ #cloud #security

Tweet 8/11 👇 Next tweet 👆 Start

6: better risk scoring << we'll see about this one. assigning risk scores is tricky as there are layers involved most vulnerability discovery/management services use the CVE/CVSS score to assess risk but that lacks context it's a start...but only a start 🧵☁️ #cloud #security

Tweet 9/11 👇 Next tweet 👆 Start

7: integrates directly with @awscloud EventBridge << no more routing events through another service. I mean, it still happens behind the scenes but if it's behind the scenes, I can safely ignore 🧵☁️ #cloud #security

Tweet 10/11 👇 Next tweet 👆 Start

8: AWS Security Hub integration << need to dive into this one more. it's unclear what's changed here as there was some level of integration...at least if you consider dumping findings in the Hub "integrating" 🧵☁️ #cloud #security

Tweet 11/11 👇 Next tweet 👆 Start

overall, this is a huge improvement to @awscloud Inspector. I'll take some time next week to dive in but so far, this is a big win for #cloud #security this is GA now the launch blog is up at https://aws.amazon.com/blogs/aws/improved-automated-vulnerability-management-for-cloud-workloads-with-a-new-amazon-inspector/ / 🧵☁️

Read next