As the computing world becomes more complex, detecting potential security and compliance issues can be channelling. In news earlier this week the popular Linux OS Ubuntu forums were hacked affecting over 2 million user’s credentials. Ubuntu’s is Linux’s most popular distribution systems and it suffered a common SQL injection attack used by hackers, since an SQL injection vulnerability could possibly affect any website or web application that makes use of an SQL-based database, the vulnerability is one of the oldest, most prevalent and most dangerous of web application vulnerabilities.
These variety of attacks require patching, monitoring and updating regularly to try and avoid these problems. AWS announced in October 2015 the launch of the Amazon Inspector, where vulnerabilities can be detected and dealt with accordingly. This automated security assessment service that works on an application by application basic strives to keep AWS ahead of a fast and complex infrastructure.
So, what is the Amazon Inspector?
Amazon Inspector is an automated security assessment service that helps you test the security state of your applications running on Amazon EC2 and requires you to use Amazon EC2 instance tags in order to run an assessment. Enabling the customer to analyse the behaviour of your AWS resources, identify potential security and vulnerability issues with a detailed list of security findings produced and prioritised by levels of severity. With a knowledge base of hundreds of rules mapped to common security best practises, and vulnerability definitions, which are regularly updated. These built-in rules are checked of remote root login being enabled, or vulnerable software version-installed.
Amazon Inspector is hosted in the below AWS regions
- US West (Oregon)
- US East (N. Virginia)
- EU (Ireland)
- Asia Pacific (Tokyo)
- Asia Pacific (Sydney)
Amazon Inspector is hosted within AWS regions behind a public endpoint. All regions are isolated from each other, and the telemetry and findings for all assessments performed within a region remain in that region and are not distributed by the service to other Amazon Inspector locations. Using Amazon Inspector, you can define a collection of AWS resources that you want to include in an assessment target. You can then create an assessment template and launch a security assessment run of this target.
Assessment Targets and Tagging
Assessment Targets are a collection of AWS resources. To create an assessment target for Amazon Inspector to assess, you start by tagging the EC2 instances that you want to include in your target. Tags are words or phrases that act as metadata for identifying and organizing your instances and other AWS resources. Amazon Inspector uses the tags that you create to identify the instances that belong to your target. Every AWS tag consists of a key and value pair of your choice. After you tag your instances, you use the Amazon Inspector console to add the instances to your assessment target. It is not necessary that any instance matches more than one tag key-value pair.
When you tag your EC2 instances to build assessment targets for Amazon Inspector to assess, you can create your own custom tag keys or use tag keys created by others in the same AWS account. You also can use the tag keys that AWS automatically creates, for example, the Name tag key that is automatically created for the EC2 instances that you launch. You can add tags to EC2 instances when you create them or add, change, or remove those tags one at a time within each EC2 instance’s console page. You can also add tags to multiple EC2 instances at once using the Tag Editor.
Why use Amazon Inspector?
Amazon Inspector helps you identify security vulnerabilities as well as deviations from security best practices in applications before they are developed and while they are running in a production environment. It is an agent-based, APi driver, delivered -as-a-service. This expertise simplifies the process of establishing and enforcing best practices within AWS environment. Allowing security teams and auditors visibility into the security testing, streamlining validation, demonstrating that security compliance standards and best practices are being followed. This proactive management of security issues can cut down on problems before they have an impact on your production applications allowing organisations to move quickly and stay secure.
CloudRanger offer a simple DevOps automation solution to make it easy to manage backups & servers on AWS cloud. Using CloudRanger, you can easily backup your RDS and EC2 instances with snapshots and AMIs.
With an easy to use interface, managing your routine AWS tasks is simple and effective. CloudRanger saves your team time and hassle, making the day-to-day management of your AWS resources easier and more automated. CloudRanger can also help you save on your EC2 costs by starting/stopping non-production instances automatically when you need them.
Start a 14-Day Free Trial, so you can try out our range of AWS features and benefits for yourselves.