Security Cloud Courses About
imgs/hero.webp

AWS Re-launches Amazon Inspector To Find Software Vulnerabilities

AWS re-launches a dramatically improved Amazon Inspector, a software vulnerability discovery/management service.

The idea behind these types of services is to scan your servers and containers before they reach production to identify known vulnerabilities so that you are aware of them and can mitigate them appropriately.

Notice I said “mitigate” not “patch”. Patching is just one of many possible mitigations.

Amazon Inspector launched in 2015 and a lot has changed since then. This is a much needed upgrade to the service that should help builders identify these issues with the minimal amount of effort possible.

This πŸ‘‡ Twitter thread highlights some of the details of the launch…

Tweet 1/11 πŸ‘‡ Next tweet

at #reinvent, @awscloud has just re-launched Amazon Inspector

this is HUGE!

https://www.youtube.com/watch?v=wi1PDr9n67Y&feature=youtu.be

🧡☁️ #cloud #security

Tweet 2/11 πŸ‘‡ Next tweet πŸ‘† Start

re-launches are hard. @awscloud Macie is way, way better now but still doesn't have the traction it should (a/k/a everyone using it) because of a few years of brutal costs & #ux

Inspector has always been better, but now it’s a lot more user friendly

🧡☁️ #cloud #security

Tweet 3/11 πŸ‘‡ Next tweet πŸ‘† Start

1: assessments are now continual & automated

<< no more set time period assessments & super delayed results…if you remembered to scan at all

the service now just bubbles up findings == awesome

🧡☁️ #cloud #security

Tweet 4/11 πŸ‘‡ Next tweet πŸ‘† Start

2: Inspector uses "the" @awscloud agent (I think there's only one now) which means it's already there on AWS managed AMIs

the service leverages that to find EC2 instances as well as ECR repos

🧡☁️ #cloud #security

Tweet 5/11 πŸ‘‡ Next tweet πŸ‘† Start

3: containers!

🧡☁️ #cloud #security

Tweet 6/11 πŸ‘‡ Next tweet πŸ‘† Start

4: @awscloud Organizations support << about f--king time!

enabling Inspector was a pain. I ❀️ to be able to say that, “was”

critical improvement for adoption

🧡☁️ #cloud #security

Tweet 7/11 πŸ‘‡ Next tweet πŸ‘† Start

5: see no. 2 ... the custom Inspector agent is out the door. the @awscloud Systems Manager agentβ€”the one agent to rule them allβ€”is now used

<< again, that greatly simplifies adoption

🧡☁️ #cloud #security

Tweet 8/11 πŸ‘‡ Next tweet πŸ‘† Start

6: better risk scoring << we'll see about this one. assigning risk scores is tricky as there are layers involved

most vulnerability discovery/management services use the CVE/CVSS score to assess risk but that lacks context

it’s a start…but only a start

🧡☁️ #cloud #security

Tweet 9/11 πŸ‘‡ Next tweet πŸ‘† Start

7: integrates directly with @awscloud EventBridge

<< no more routing events through another service. I mean, it still happens behind the scenes but if it’s behind the scenes, I can safely ignore

🧡☁️ #cloud #security

Tweet 10/11 πŸ‘‡ Next tweet πŸ‘† Start

8: AWS Security Hub integration << need to dive into this one more. it's unclear what's changed here as there was some level of integration...at least if you consider dumping findings in the Hub "integrating"

🧡☁️ #cloud #security

Tweet 11/11 πŸ‘‡ Next tweet πŸ‘† Start

overall, this is a huge improvement to @awscloud Inspector. I'll take some time next week to dive in but so far, this is a big win for #cloud #security

this is GA now

the launch blog is up at https://aws.amazon.com/blogs/aws/improved-automated-vulnerability-management-for-cloud-workloads-with-a-new-amazon-inspector/

/ 🧡☁️