{"id":36476,"date":"2022-02-01T12:46:04","date_gmt":"2022-02-01T12:46:04","guid":{"rendered":"https:\/\/www.vmengine.net\/2022\/02\/01\/cloud-security-manage-vulnerabilities-automatically-with-aws\/"},"modified":"2025-05-23T17:32:49","modified_gmt":"2025-05-23T17:32:49","slug":"cloud-security-manage-vulnerabilities-automatically-with-aws","status":"publish","type":"post","link":"http:\/\/temp_new.vmenginelab.com\/en\/2022\/02\/01\/cloud-security-manage-vulnerabilities-automatically-with-aws\/","title":{"rendered":"Cloud & Security, Manage Vulnerabilities Automatically with AWS"},"content":{"rendered":"
\n
\n
\n
\n
\n

Have a service that can instantly discover and scan
\n Amazon Web Services<\/strong>
\n<\/a> workloads for software vulnerabilities and inadvertent network exposure with a single click. If you were thinking that it’s literally impossible, you’re very wrong. It’s called
\n Amazon Inspector<\/strong>
\n<\/a> , and it’s an AWS<\/strong> service that organizations of all sizes use to automate security assessment and management at scale<\/strong> to improve application security and compliance<\/strong>.
Originally introduced in 2015, Amazon Inspector<\/strong> has simplified the effort of implementing a detection mechanism for both operating systems and applications on EC2 instances<\/strong> <\/a>and container images that reside in Amazon Elastic Container Registry (Amazon ECR).<\/strong><\/p>\n

<\/a> Amazon Inspector automatically evaluates vulnerabilities and deviations from best practices. It provides a detailed report that includes the steps for repair after each assessment is performed.<\/p>\n<\/div><\/div>\n

\n

\t\t\t\t\"\"<\/span>\n\t\t\t<\/div>\n

\n
<\/div>\n
Network and security. AWS Best Practices and Services<\/a><\/div>\n<\/p><\/div>\n
\n
\n

We were recently introduced to a new Amazon Inspector<\/strong> that replaces what is now called
\n Amazon Inspector Classic<\/strong>
\n<\/a>. There are significant differences between the two, mainly related to automation<\/strong>, integration<\/strong> with other AWS services<\/strong> , and near real-time performance<\/strong>. Amazon Inspector is now
\n available in 19 global regions<\/strong>
\n<\/a>. You can scan your environment for vulnerabilities with a
\n 15-day free trial<\/strong>
\n<\/a>.<\/p>\n<\/div><\/div>\n

\n
\n

But what does it do specifically? Let’s figure it out together.<\/p>\n

The first significant enhancement to Amazon Inspector is that it uses
\n the Systems Manager agent<\/strong>
\n<\/a>. The previous version used its own dedicated agent. Merging agents simplifies provisioning<\/strong> and improves performance. The System Management Agent is automatically installed on most Amazon Linux and AWS Windows AMIs<\/strong>. This agent is available on
\n GitHub<\/strong>
\n<\/a> and is open source<\/strong>.
What’s really important is that merging agents<\/strong> allows Amazon Inspector<\/strong> to integrate with other services and system managers<\/strong>, allowing you to monitor your network<\/strong>, file system<\/strong> , and process activity<\/strong>.<\/p>\n

It also checks the operating system<\/strong> and all installed applications<\/strong>. It includes a knowledge base with hundreds of rules on security<\/strong> compliance standards and vulnerability definitions<\/strong>. It provides severity score<\/strong> control with the security metrics<\/strong> that make up the
\n National Vulnerability Database (ed. NVD<\/strong>
\n<\/a>) and adapts them to your environment. The score is in CVSS<\/strong> format and is compatible with the Common Vulnerability Scoring System<\/strong> score provided by the National Vulnerability Database. You can always check if your fleet has vulnerable software<\/strong> versions installed and take the required mitigation<\/strong> measures. If you dim a result, the Inspector<\/strong> detects the correction and closes the result.<\/p>\n<\/div><\/div>\n

\n
<\/div>\n
See also Secrets Manager<\/a><\/div>\n<\/p><\/div>\n
\n

\t\t\t\t\"\"<\/span>\n\t\t\t<\/div>\n

\n
\n

There are many web giants that rely on this feature. Starting with
\n Uber<\/strong>
\n<\/a>, the San Francisco-based company that provides the smartest private car transport service there is. “The new Amazon Inspector <\/em>,” said Oliver Szimmetat, Security Engineering Manager – Simplified the adoption of a cloud vulnerability<\/strong> management solution for our different AWS instances. Leveraging our existing Systems Manager agents with Inspector, we’ve automated ongoing remediation and<\/strong> streamlined operations with one-click onboarding, centralized controls<\/strong> , and operational visibility<\/strong>. In addition, Inspector’s auto-trigger<\/strong> capability identifies recommended patches in near real-time. After patching, Inspector automatically re-examines the instances, verifying that no new vulnerabilities have been introduced. The use of Inspector has dramatically reduced the mean time to repair for Uber<\/em>\u201d.<\/p>\n<\/div><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

Here are the web giants that have chosen Amazon Inspector.<\/p>\n","protected":false},"author":3,"featured_media":34562,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[97,2297,1374],"tags":[4798,3304,4799,133,4800,4801],"class_list":["post-36476","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-en","category-news-en","category-the-analysis","tag-amazon-inspector-en","tag-amazon-web-service-en","tag-automation-en","tag-aws-en","tag-cloud-vulnerabilities","tag-vulnerability-en"],"aioseo_notices":[],"jetpack_featured_media_url":"http:\/\/temp_new.vmenginelab.com\/wp-content\/uploads\/2022\/02\/automations-1.gif","amp_enabled":true,"_links":{"self":[{"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/posts\/36476","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/comments?post=36476"}],"version-history":[{"count":1,"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/posts\/36476\/revisions"}],"predecessor-version":[{"id":41688,"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/posts\/36476\/revisions\/41688"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/media\/34562"}],"wp:attachment":[{"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/media?parent=36476"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/categories?post=36476"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/tags?post=36476"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}