{"id":13003,"date":"2022-06-23T15:14:31","date_gmt":"2022-06-23T15:14:31","guid":{"rendered":"https:\/\/blog.cloudthat.com\/?p=13003"},"modified":"2024-06-25T10:58:05","modified_gmt":"2024-06-25T10:58:05","slug":"automated-security-service-aws-inspector-improve-the-security-and-compliance-of-your-aws-applications","status":"publish","type":"blog","link":"https:\/\/www.cloudthat.com\/resources\/blog\/automated-security-service-aws-inspector-improve-the-security-and-compliance-of-your-aws-applications","title":{"rendered":"Automated Security Service &#8211; AWS Inspector | Improve the Security and Compliance of your AWS Applications"},"content":{"rendered":"<table style=\"height: 232px;\" border=\"0\" width=\"360\">\n<tbody>\n<tr>\n<td>\n<h2><span style=\"color: #000080;\"><strong>TABLE OF CONTENT<\/strong><\/span><\/h2>\n<\/td>\n<\/tr>\n<tr>\n<td><a style=\"margin-left: 20px;\" href=\"#introduction\">1. Introduction to AWS Inspector<\/a><\/td>\n<\/tr>\n<tr>\n<td><a style=\"margin-left: 20px;\" href=\"#architecturediagram\">2. Architecture Diagram of AWS Inspector<\/a><\/td>\n<\/tr>\n<tr>\n<td><a style=\"margin-left: 20px;\" href=\"#topfeatures\">3. Top Features<\/a><\/td>\n<\/tr>\n<tr>\n<td><a style=\"margin-left: 20px;\" href=\"#benefits\">4. Benefits of AWS Inspector<\/a><\/td>\n<\/tr>\n<tr>\n<td><a style=\"margin-left: 20px;\" href=\"#pricing\">5. Pricing<\/a><\/td>\n<\/tr>\n<tr>\n<td><a style=\"margin-left: 20px;\" href=\"#conclusion\">6. Conclusion<\/a><\/td>\n<\/tr>\n<tr>\n<td><a style=\"margin-left: 20px;\" href=\"#aboutcloudthat\">7. About CloudThat <\/a><\/td>\n<\/tr>\n<tr>\n<td><a style=\"margin-left: 20px;\" href=\"#faqs\">8. FAQs<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2 id=\"introduction\"><strong>Introduction to AWS Inspector<\/strong><\/h2>\n<p><span style=\"color: #000000;\">AWS Inspector is a service to test the network accessibility of your Amazon EC2 instance(s) and the security state of your applications that run on those instances. It assesses the target EC2 instance(s) and checks for vulnerabilities and potential security threats. To leverage Amazon Inspector, you need to install an agent on the target EC2 instance (s).<\/span><\/p>\n<p><span style=\"color: #000000;\">Let us look at the newly revamped AWS Inspector. This vulnerability management service was first launched in 2015 and was fantastic. But over the years, it started to show its age, and it was breaking down under some new fundamental ways that we are using new services in the AWS cloud. It was completely revamped and relaunched last year as a brand-new modernized AWS Inspector.<\/span><\/p>\n<p><span style=\"color: #000000;\">Amazon Inspector&#8217;s agent will monitor the behavior of your EC2 instance(s) and collect telemetry information around the network, file system, and any processing activity. To perform an assessment, you need to create an assessment template and select rules depending on the test you would like to achieve.<\/span><\/p>\n<p><span style=\"color: #000000;\">Amazon Inspector can be fully automated through an API, allowing you to incorporate security testing into the development and design process.<\/span><\/p>\n<h2 id=\"architecturediagram\"><strong>Architecture Diagram of AWS Inspector<\/strong><\/h2>\n<p><a href=\"https:\/\/d1f7lmxeo98xps.cloudfront.net\/resources\/wp-content\/uploads\/2022\/11\/inspectorarchitecture.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-13005\" src=\"https:\/\/d1f7lmxeo98xps.cloudfront.net\/resources\/wp-content\/uploads\/2022\/11\/inspectorarchitecture.png\" alt=\"AWS inspector architecture\" width=\"628\" height=\"202\" \/><\/a><\/p>\n<p><span style=\"color: #000000;\">There are three main reasons the newer version is way better than the original version.<\/span><\/p>\n<h2 id=\"topfeatures\"><strong>Top Features<\/strong><\/h2>\n<ul>\n<li>\n<h4><span style=\"color: #000000;\"><strong>Easier to deploy:<\/strong><\/span><\/h4>\n<p><span style=\"color: #000000;\">AWS inspector now leverages the AWS Systems Manager agent, commonly deployed on almost every AWS-managed AMI. It is also integrated with AWS Organizations to one-click deploy and enable AWS Inspector across all your accounts.<\/span><\/li>\n<li>\n<h4><span style=\"color: #000000;\"><strong>Continuous scanning:<br \/>\n<\/strong><\/span><\/h4>\n<p><span style=\"color: #000000;\">In the traditional approach, there was a need to explicitly point out resources and workloads to include in the assessment. Also, they were 15 minutes or 30 minutes, or 24 hours long, after which the user was able to get the results of the findings from the assessment. This approach was time-taking and not efficient. But the modernized AWS Inspector automatically discovers the resources and starts scanning them continuously.<\/span><\/li>\n<li>\n<h4><span style=\"color: #000000;\"><strong>Container Image scanning:<br \/>\n<\/strong><\/span><\/h4>\n<p><span style=\"color: #000000;\">Container images stored in Amazon ECR are scanned by Amazon Inspector for security vulnerabilities to generate Package Vulnerability findings. By using Amazon Inspector, you receive the benefit of vulnerability scanning at the registry level for both operating systems and programming languages.<\/span><\/li>\n<\/ul>\n<h2 id=\"benefits\"><strong>Benefits of AWS Inspector<\/strong><\/h2>\n<ul>\n<li><span style=\"color: #000000;\">It integrates security testing as a part of your development, deployment, and production processes<\/span><\/li>\n<li><span style=\"color: #000000;\">Identify any security issues or threats that need attention and recommend corrective action(s)<\/span><\/li>\n<li><span style=\"color: #000000;\">A near-real-time vulnerability finding service with automated discovery and continued scanning<\/span><\/li>\n<li><span style=\"color: #000000;\">Establish a Delegated Administrator account for your organization to manage, configure, and view findings for all its accounts<\/span><\/li>\n<li><span style=\"color: #000000;\">The Inspector risk score incorporates contextual and meaningful information for each finding, making it easier to set more precise response priorities<\/span><\/li>\n<li><span style=\"color: #000000;\">A simple dashboard displays Amazon Inspector coverage metrics, including accounts, Elastic Container Registry repositories (ECR), and EC2 instances, which Amazon Inspector scans<\/span><\/li>\n<li><span style=\"color: #000000;\">Automate workflows and ticket routing by integrating with AWS Security Hub and Amazon EventBridge<\/span><\/li>\n<\/ul>\n<h2 id=\"pricing\"><strong>Pricing<\/strong><\/h2>\n<p><span style=\"color: #000000;\">The following table describes the pricing model for AWS Inspector in Mumbai region:<\/span><\/p>\n<p><a href=\"https:\/\/d1f7lmxeo98xps.cloudfront.net\/resources\/wp-content\/uploads\/2022\/11\/inspectorpricing.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-13004\" src=\"https:\/\/d1f7lmxeo98xps.cloudfront.net\/resources\/wp-content\/uploads\/2022\/11\/inspectorpricing.jpg\" alt=\"AWS Inspector Pricing\" width=\"578\" height=\"175\" \/><\/a><\/p>\n<p>Source:\u00a0<a href=\"https:\/\/aws.amazon.com\/inspector\/pricing\/\" target=\"_blank\" rel=\"noopener\">https:\/\/aws.amazon.com\/inspector\/pricing\/<\/a><\/p>\n<h3 id=\"conclusion\"><strong>Conclusion<\/strong><\/h3>\n<p><span style=\"color: #000000;\">In our discussion of AWS inspector so far, we have discussed its overview, working, features, and pricing model. There is still more to learn about the AWS Inspector service, so I encourage you to see the official documentation from AWS. If you have any doubts, or queries about AWS Inspector, security and compliance, or any other AWS services, then drop a note in the comment section and I will get back to you quickly.\u00a0<\/span><\/p>\n<h3 id=\"aboutcloudthat\"><strong>About CloudThat<\/strong><\/h3>\n<p id=\"About CloudThat\"><a href=\"https:\/\/www.cloudthat.com\/\" target=\"_blank\" rel=\"noopener\"><strong>CloudThat<\/strong><\/a><span style=\"color: #000000;\">\u00a0is\u00a0the official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner and Microsoft gold partner, helping people develop knowledge of the cloud and help their businesses aim for higher goals using best in industry cloud computing practices and expertise. We are on a mission to build\u00a0a robust\u00a0cloud computing ecosystem by disseminating\u00a0knowledge on technological intricacies within the cloud space.\u00a0Our blogs, webinars,\u00a0case studies, and white papers\u00a0enable all the stakeholders in the cloud computing sphere.<\/span><\/p>\n<p><a href=\"https:\/\/www.cloudthat.com\/\" target=\"_blank\" rel=\"noopener\"><strong>CloudThat<\/strong>\u00a0<\/a><span style=\"color: #000000;\">is a\u00a0<\/span><span class=\"TextRun BCX0 SCXP93070984\" lang=\"EN-IN\" xml:lang=\"EN-IN\" data-usefontface=\"true\" data-contrast=\"none\"><span class=\"NormalTextRun BCX0 SCXP93070984\"><span style=\"color: #000000;\">house\u00a0of\u00a0All-Encompassing\u00a0IT\u00a0Services\u00a0on the cloud offering\u00a0<span class=\"TextRun BCX0 SCXP59000031\" lang=\"EN-IN\" xml:lang=\"EN-IN\" data-usefontface=\"true\" data-contrast=\"none\"><span class=\"NormalTextRun BCX0 SCXP59000031\">Multi-cloud Security &amp; Compliance, OTT-Video Tech Delivery Services, Cloud Enablement Services, Cloud-Native Application Development, and System Integration Services.\u00a0<\/span><\/span><\/span><span class=\"TextRun BCX0 SCXP59000031\" lang=\"EN-IN\" xml:lang=\"EN-IN\" data-usefontface=\"true\" data-contrast=\"none\"><span class=\"NormalTextRun BCX0 SCXP59000031\"><span class=\"EOP SCXP258354852 BCX0\"><span class=\"EOP SCXP66056781 BCX0\"><span class=\"EOP SCXP242272637 BCX0\"><span class=\"TextRun SCXP239778695 BCX0\" lang=\"EN-IN\" xml:lang=\"EN-IN\" data-usefontface=\"true\" data-contrast=\"none\"><span class=\"NormalTextRun SCXP239778695 BCX0\"><span style=\"color: #000000;\">Explore our\u00a0<\/span><strong><a href=\"https:\/\/www.cloudthat.com\/consulting\/\" target=\"_blank\" rel=\"noopener\">consulting services here<\/a>.<\/strong><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<h3 id=\"faqs\"><strong>FAQs<\/strong><\/h3>\n<ol>\n<li><span style=\"text-decoration: underline; color: #000000;\"><strong>How do I connect to other AWS services using Inspector?<\/strong><\/span><\/li>\n<\/ol>\n<p><span style=\"color: #000000;\">Until the Inspector service-linked role is formed, some existing customers may be able to use an IAM role that was generated when they first started with Inspector to access other AWS services. The Inspector service-linked role can be created through the Inspector console&#8217;s dashboard page.<\/span><\/p>\n<ol start=\"2\">\n<li><span style=\"text-decoration: underline; color: #000000;\"><strong>What are the necessary steps to migrate from Classic to the new version of AWS Inspector?<\/strong><\/span><\/li>\n<\/ol>\n<p><span style=\"color: #000000;\">By removing all assessment templates in your account, you can turn off Amazon Inspector Classic. You can retrieve findings from previous assessment runs as reports or export them using the Amazon Inspector API. You may enable the new Amazon Inspector Inspector with a few clicks in the AWS Management Console or by using the new Amazon Inspector APIs.<\/span><\/p>\n","protected":false},"author":250,"featured_media":13044,"parent":0,"comment_status":"open","ping_status":"open","template":"","blog_category":[3606,3607],"user_email":"aishwaryaj@cloudthat.com","published_by":"324","primary-authors":"","secondary-authors":"","acf":[],"_links":{"self":[{"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog\/13003"}],"collection":[{"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/users\/250"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/comments?post=13003"}],"version-history":[{"count":1,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog\/13003\/revisions"}],"predecessor-version":[{"id":45761,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog\/13003\/revisions\/45761"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/media?parent=13003"}],"wp:term":[{"taxonomy":"blog_category","embeddable":true,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog_category?post=13003"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}