Amazon this week released a preview of Amazon Inspector, a new tool designed to analyze the behavior of applications deployed on its Amazon Web Services (AWS) to help identify potential security issues.
AWS users can use the tool to discover security vulnerabilities and instances where developers do not follow best practices in their web applications. The solution was designed to work on an application-by-application basis, and allows users to define a collection of AWS resources that make up their app, after which they can create and run the application’s security assessment.
The AWS resources such as EC2 instances are identified by tags, and users can also define duration (minutes, hours, days) when creating the assessment, Jeff Barr, Chief Evangelist for the Amazon Web Services, explains in a blog post. The Inspector analyzes the compliance with various regulations and seeks for vulnerabilities within the application.
Barr also explains that, during the assessment, network, file system, and process activity are monitored by an Inspector Agent running on each EC2 instances or the application. The agent also gathers information on the communication with AWS services, use of secure channels, and network traffic between instances, to create a comprehensive overview of the application and its security or compliance flaws.
After collecting data, the Amazon Inspector analyzes and compares it to built-in security rules such as checks against best practices, common compliance standards, and vulnerabilities. According to Amazon, the database of security best practices and rules is constantly updated as new vulnerabilities and best practices are discovered.
Initially, the Amazon Inspector will include six rules, including Common Vulnerabilities and Exposures, Network Security Best Practices, Authentication Best Practices, Operating System Security Best Practices, Application Security Best Practices, and PCI DSS 3.0 Assessment.
The Inspector generates report of any vulnerability or compliance issues discovered during the assessment and prioritizes steps for remediation. Additionally, users are offered access to a knowledge base of rules on common security compliance standards and vulnerability definitions.
The Amazon Inspector preview is available through the AWS Management Console, AWS Command Line Interface (CLI), or APIs. The tool also is fully integrated with AWS CloudTrail, providing auditors with visibility into the performed tests and their results.
