TABLE OF CONTENTS
1. Introduction to AWS Inspector2. Architecture Diagram for AWS Inspector3. Top Features AWS Inspector’s Benefits Pricing6. Conclusion7. CloudThat 8. FAQsIntroduction To AWS Inspector
AWS Inspector is a service that tests the network accessibility of your Amazon EC2 instances and the security status of your applications running on those instances. It checks for security vulnerabilities and potential threats and assesses the target EC2 instances. Install an agent on the target EC2 instances (s) to leverage Amazon Inspector.
Let’s take a look at the new AWS Inspector. This vulnerability management service was launched in 2015 and has been phenomenal. It began to age over time and was beginning to fail in some fundamental ways. We now use new services in AWS cloud. It was completely redesigned and relaunched last spring as an updated AWS Inspector.
Amazon Inspector’s agent will monitor your EC2 instances and collect telemetry information about the network, file system, processing activity, and other details. You will need to create an assessment template, select rules and choose the test you want to perform.
Amazon Inspector can be fully automated via an API. This allows you to integrate security testing into your development and design processes.
Architecture Diagram for AWS Inspector
The newer version is superior to the original version for three reasons.
Top Features
Easier to deploy:
AWS inspector now leverages AWS Systems Manager agent. This agent is commonly deployed on almost all AWS-managed AMIs. It can also be integrated with AWS Organizations, allowing you to deploy and enable AWS Inspector across your accounts in one click.
Continuous scanning:
The traditional approach required that resources and workloads be explicitly identified in order to include them in the assessment. They could take 15 minutes, 30 minutes, or 24 hour to complete. The user then had access to the assessment’s results. This method was slow and inefficient. The modernized AWS Inspector detects the resources and begins scanning them continuously.
Container Image scanning
Amazon Inspector scans container images stored in Amazon ECR for security vulnerabilities. This generates Package Vulnerability findings. Amazon Inspector allows you to scan the registry for vulnerabilities in both programming languages and operating systems.
AWS Inspector’s Benefits
It integrates security testing into your development, deployment, or production processes
Identify security threats and issues that require attention and recommend the corrective actions.
An automated vulnerability detection service that is near-real-time with continued scanning and discovery
To manage, configure, view, and report on all accounts of your organization, create a Delegated Administrator account
The Inspector risk score includes contextual and meaningful information about each finding. This makes it easier to prioritize responses.
A dashboard that displays Amazon Inspector coverage metrics shows accounts, Elastic Container Registry repositories, and EC2 instances. Amazon Inspector scans these items.
Integrate with AWS Security Hub or Amazon EventBridge to automate workflows and ticket routing
Pricing
The following table shows the pricing model for AWS Inspector Mumbai:
Source: https://aws.amazon.com/inspector/pricing/
Conclusion
We have covered AWS inspector’s overview, working, features and pricing model in our discussions so far. I encourage you to read the official documentation of AWS to learn more about the AWS inspector service. If you have any questions or doubts about AWS Inspector security and