AWS Inspector has been re-launched with a new version that allows the integration with more AWS services and AWS Marketplace integrations than before. With so many services available to utilize, creating a secure environment and keeping on top of the ever-increasing security risks and vulnerabilities starts to get complex and time-consuming.
To help with managing the security and vulnerability scanning of clients AWS accounts, AWS launched AWS Inspector in 2015. AWS has updated and added additional features requested by account managers and clients to the point where now, the new AWS Inspector is a fully AWS managed, comprehensive security scanning solution that automatically detects resources and performs scans to detect any security vulnerability and provides the users reports. Recently AWS has added support for ECR as well meaning now, your container workloads also benefit from the security scanning performed by AWS inspector.
Some of the major ways in which AWS has improved the new Inspector is making it simpler to configure, easier to use and much more convenient to review detected issues.
Previously, clients would have to individually view what was set up on the account and whether it merited installing agents so AWS Inspector could run scans and provide insight.
Now AWS Inspector provides Automatic Resource Discovery to detect compute resources running on the AWS account as well as any ECR repositories. AWS Inspector now uses AWS System manager agents (which conveniently come preinstalled with AWS linux, Windows Server and MacOS AMI images) which removes the need to individually install agents on each system that you want to run the scan on (EC2 instances will need an instance profile that provides them enough IAM privileges to communicate with AWS System Manager).
As more and more Organizations head over to the cloud, it becomes a best practice to diversify and split the workloads into different AWS accounts. Companies now routinely have more than one account, each dealing with a specific portion of the responsibility.
It is simpler to split the Application environments (Dev, Staging, QA, Production) into each of their own accounts, while keeping logs and compliance separate. However with such a Multi Account setup, it was very complex to set up an AWS Inspector on each account and to consolidate the findings into a single, concise report.
However, with the recent updates, AWS Inspector now has support for AWS Organizations allowing you to enable and manage all accounts from the parent account in the organization.
Collaborating with third-party tools is also a must have when it comes to security and accountability, which is why AWS provided integration with AWS Eventbridge. AWS inspector can now seamlessly integrate with AWS Eventbridge, giving users the ability to create actionable workflows with third party tools such as jira or pagerduty.
This is perfect for creating automation around the security issues raised from AWS inspector.
For example, jira tickets can be automatically created after Scans so that your operations team are alerted and can take action on any detected issues, or leverage an incident management platform such as Pagerduty to automatically create incidents that help your On-call Support team stay monitoring any issues, now AWS Inspector provides the option to do so without creating custom scripts or any additional DevOps Workflows.
Setting AWS Inspector up is very simple. Simply go to the AWS Console and click Inspector as shown below;
In the Service menu, you will have the option to set up a 15-day free trial to use the service. Once you opt-in for the service, it will take some time for AWS to scan the environment to detect compute resources and run the initial scans automatically.
After the scans are executed, you will be greeted with the AWS Inspector dashboard which contains details of the AWS environment.
You can find details about the individual components that AWS Inspector scans. From EC2 instance Vulnerabilities.
The vulnerabilities page can let you know in detail which security risk are present and it also allows you to export the findings, making it easy to share the results with the concerned departments.
The easy set up and access method that AWS Inspector provides makes it a perfect choice for monitoring and vulnerability scanning. It’s no wonder that enterprise clients use it to streamline their accounts.
The new AWS Inspector has been upgraded to fit modern DevOps and cloud architecture needs. Simplified Scanning, Automated Discovery and concise, actionable reporting helps organizations to stay on top of their security in the cloud and allows you to be one step ahead in making reliable decisions for the safety in the cloud.