Andy Jassy, Senior VP, AWS, delivered the keynote session on AWS re-Invent. It featured announcements about new services and enhancements to existing services. In this blog, I will be focusing on Amazon Inspector, one of the new services.
What is Amazon Inspector?
Amazon Inspector is an automated security inspection service that identifies potential security and compliance flaws in applications running on AWS. This is a good thing, as many organizations might not have the staff or personnel to identify security flaws or they may have been overlooked while testing.
Why is it necessary?
Organizations, whether they are using the cloud or moving to it, are concerned about security. Inspector is a tool that helps improve application security. It inspects applications while they are in production or being developed. It helps to adhere to security standards of an organization and uses AWS Security Expertise, where security best practices are continually being updated by AWS. This ensures that you get the best of both worlds.
How does it work?
Amazon Inspector conducts an assessment and generates steps for remediation. This service is only available to those who have defined the resources AWS that make up the application being tested. The security assessment for that application is then created and run. The assessment can be extended for as long as one day or up to eight hours. The Inspector Agent runs on the EC2 machines that host the application and monitors the file system, network, and process activity. After collecting all required data, it is compared to the security rules built into the application to identify compliance or security issues. These are the rules that will be used in the initial Inspector version:
Common Vulnerabilities, and Exposures
Network Security Best Practices
Authentication Best Practices
Best Practices in Operating System Security
Security best practices for application security
Assessment of PCI DSS 3.0
Image Source: AWS Website
Inspector can be accessed via the AWS Console API or CLI. You can sign up to the preview here. CloudThat blog will provide more information about Amazon Inspector and other services.