re:Invent 2021: AWS Announces New Amazon Inspector

AWS Announces New Amazon Inspector at re:Invent 2021

Amazon Inspector is re-launched with a new architecture, features, and integrations.

During Re:Invent 2021 AWS re-launched Amazon Inspector, the software used to discover and manage vulnerabilities on EC2 instances

source: AWS Console

What is Amazon Inspector?

Originally introduced in 2015, Amazon Inspector simplified the effort of implementing a detection mechanism for both operating systems and applications on EC2 instances and container images residing in Amazon Elastic Container Registry (Amazon ECR).  Amazon Inspector automatically assesses for vulnerabilities and deviations to best practices. It provides a detailed report including steps for remediation after performing each assessment. 

This week we were introduced to a new Amazon Inspector replacing what is now called Amazon Inspector Classic. There are significant differences between the two, mostly related to automation, integration with other AWS services, and near real-time performance.  The Amazon Inspector is now available in 19 global regions. You can scan your environment to find vulnerabilities with a free 15-day trial.

What does the new Amazon Inspector do?

The first significant improvement for Amazon Inspector is that it uses the Systems Manager agent. The prior version used its own dedicated agent. The merging of agents simplifies provisioning and improves performance. The system manager agent is automatically installed on most Amazon Linux and AWS Windows AMIs. This agent is available on GitHub and is open-sourced. The merging of agents allows Amazon Inspector to integrate with other services and systems manager, allowing you to monitor network, file system, and process activity.

Amazon Inspector checks the operating system and all the installed applications. It includes a knowledge base with hundreds of rules about security compliance standards and vulnerability definitions. It provides severity scores checking with the security metrics that compose the National Vulnerability Database (NVD) and adjusts them to your environment. The score is in CVSS format and is compatible with Common Vulnerability Scoring System (CVSS) score provided by NVD.

You can always check if vulnerable software versions are installed on your fleet and take the required mitigation steps. If you mitigate a finding, Inspector detects the fix and closes the finding.

Amazon Inspector Findings

Amazon Inspector delivers a list of findings prioritized by severity. Findings are security issues that may have been discovered during Inspector’s assessment. These findings include a description of security issues as well as recommendations for resolution. Amazon Inspector publishes findings to Amazon EventBridge, which in turn, is able to send an SNS notification or activate a Lambda function. Amazon Inspector will also publish findings to Security Hub if it’s enabled in your account. Finally, you can manage your environment using a single account and operate across multiple accounts using AWS Organizations

The new Amazon Inspector dashboard gives you an overview of findings from your environment. The newly redesigned dashboard is streamlined to provide details about scan coverage, your most critical findings, and resources impacted the most. 

Amazon Inspector Automation

Another useful improvement with Amazon Inspector is automation. Inspector classic asked for you to run an assessment, and select the resources to be evaluated. This involved some manual setup at one point or another. The new Amazon Inspector performs continuous scanning for new resources and continuous scanning of resources discovered. This automation simplifies using amazon inspector even more. It continues to automatically scan resources when changes take place. 

AWS re:Invent 2021 re-launched Amazon Inspector with a consolidated agent with systems manager, automated discovery and scanning of resources, compatibility with AWS Organizations, and near real-time integration with Amazon EventBridge and Security Hub.  This represents a welcomed improvement on an old reliable and very useful security tool.  Looking forward to what else is announced at ReInvent 2021. 

To get started with the new Amazon Inspector, see the documentation here:

Cloud Academy