Security service automates vulnerability assessments for customers running applications on Amazon EC2.

April 19, 2016

6 Min Read

SEATTLE -- Amazon Web Services, Inc. (AWS) today announced that Amazon Inspector, an automated security assessment service, has completed its preview phase and is now generally available to all customers. Amazon Inspector helps customers improve the security and compliance of their applications running on Amazon Elastic Compute Cloud (Amazon EC2) by identifying potential security issues, vulnerabilities, or deviations from security standards. With no up-front costs or infrastructure to manage, Amazon Inspector is easy to deploy and can be integrated into the development lifecycle. With Amazon Inspector, customers pay only for the assessments they run, with the first 250 assessments free for a customer's first 90 days. To get started with Amazon Inspector, visit https://aws.amazon.com/inspector.

The flexibility and scale of the AWS Cloud make it possible for customers to build and deploy applications and services faster than ever before. However, the manual effort required to assess these applications for security risks – especially at scale – often slows down both application development and IT operations. While traditional vulnerability assessment solutions can automate assessments, they require customers to deploy and manage back-end infrastructure. As deployment and operations models become more agile, both developers and central security teams are looking for a way to more easily conduct security assessments and integrate them into the development and deployment lifecycle. Amazon Inspector makes this possible by providing a rich set of APIs that customers can use to automate security assessments of production systems, and also easily integrate security assessments directly into their existing application deployment processes. With a few clicks in the AWS Management Console, customers can use AWS tags to identify the Amazon EC2 instances they want to assess, specify the associated applications, select from a pre-built list of tests, and set a time duration. Amazon Inspector analyzes an application's configuration and activity, looking for a wide spectrum of possible vulnerabilities across Amazon EC2 instances, and collecting information such as how the application communicates with other AWS services, whether it uses secure channels, and the network traffic between instances. Amazon Inspector compares this information against AWS's extensive rules packages, which represent thousands of potential security vulnerabilities that AWS continuously updates with the latest threat intelligence. Once an assessment of the application's Amazon EC2 environment is completed, customers can view the findings, along with detailed recommendations for remediation, in the Amazon Inspector console.

"Customers have asked us if we could help them do the same rigorous security assessments on their applications that we do for our AWS services," said Stephen Schmidt, Chief Information Security Officer, AWS. "Amazon Inspector delivers key learnings from our world-class security team as a managed service, so customers benefit from our continuous implementation of best practices and threat intelligence. Companies of all sizes can now perform assessments of their applications in an automated way and proactively remediate vulnerabilities."

Amazon Inspector deploys on-host agents so customers get insight from inside Amazon EC2 instances and other AWS resources that make up an application environment. Amazon Inspector is also fully integrated with AWS CloudTrail, providing central logging of all security testing activity, giving auditors full visibility into what tests were performed and when, streamlining the process of demonstrating compliance in the development and operations lifecycle.

Flatiron Health is a healthcare IT company with a mission to fight cancer with organized, real-world oncology data. "Our company was founded with the vision of building a disruptive software platform to transform how cancer care is delivered," said Nicholas Arvanitis, Security Engineer, Flatiron Health. "Dealing with healthcare data of this nature requires us to maintain a high level of systems security while still rapidly innovating. We are excited about the prospect of integrating Amazon Inspector to further automate security assessments throughout our operations lifecycle to ensure that our security scales as quickly as our engineering efforts."

Betterment is one of the largest independent automated investing services, helping people to manage, protect, and grow their wealth through technology. "At Betterment, our customers are trusting us to help them achieve their financial goals," said Brandon Wu, Head of Privacy & Security, Betterment. "Making sure we are building security into every aspect of our offering is a key focus for us. The approach of Amazon Inspector as a cloud-based, API-driven security service that can easily be built right into the software development and deployment lifecycle is a scalable approach that resonates."

Coinbase is one of the most widely used bitcoin wallet and exchange companies. "If we deploy code with a known vulnerability, we've already opened up our platform to risk," said Rob Witoff, Director, Coinbase. "In the new world of continuous deployment and continuous integration, and deployment into immutable environments, we need security tooling that runs inline with our software development and deployment pipeline. Amazon Inspector is helping companies like ours embrace the immutable future and can pull our industry out of the security dark ages."

Established in 1842, the University of Notre Dame is one of the world's most prestigious universities. "As we work to place 80 percent of our IT resources in the cloud by 2017, we are taking full advantage of the rich security features available," said Mike Chapple, Senior Director of IT Service Delivery, University of Notre Dame. "As an information security professional, I'm excited at the opportunity the cloud provides. Amazon Inspector is a great example of how AWS is accelerating investment in security-focused services, and we like the approach of a highly-scalable, API-driven security as a service that we can place throughout our cloud operations."

The Center for Internet Security (CIS) mobilizes a broad community of stakeholders to contribute their knowledge, experience and expertise to identify, validate, promote and sustain the adoption of cybersecurity's best practices. "We are very excited to work with AWS to integrate our consensus-based security standards into Amazon Inspector," said Steve Spano, President and Chief Operating Officer, CIS. "Our hardened machine images can help organizations start secure and stay secure. Together with AWS security services, we can provide organizations with the added confidence to accelerate cloud adoption."

CapLinked is a platform for enterprises to securely manage and share documents and business transactions in the cloud. "At CapLinked, we are focused on accelerating sensitive financial transactions such as acquisitions, capital raises, audits, and other complex business transactions through a secure, cloud-based collaboration platform," said Edward Chen, Chief Infrastructure Security Engineer, CISSP. "Helping our customers understand what we do to ensure a high level of protection for their data is paramount. We like that Amazon Inspector is optimized for the cloud, with an approach that fits easily into agile deployment models such as continuous integration and continuous deployment and auto scaling—helping security fit into the advancements we have seen in DevOps."

Members of the AWS Partner Network (APN), including Alert Logic, Splunk, Sumo Logic, Observable Networks, Palerra, and CloudLock have integrated their security management solutions with Amazon Inspector, enabling customers to fully automate the remediation process. These partners further extend the functionality of Amazon Inspector with their broad set of security services optimized for AWS.

Amazon Inspector is now available as a fully managed service in the US East (N. Virginia), US West (Oregon), EU (Ireland), and Asia Pacific (Tokyo) Regions and will expand to additional Regions in the coming months.

Amazon.com Inc. (Nasdaq: AMZN)

Read more about:

AsiaEurope
Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like