How Amazon Inspector Finds Compliance and Security Issues


Jul 26, 2017

Learn how Amazon Inspector automatically improves your organization’s security and compliance posture.

It’s a full-time job keeping up with the features of Amazon’s cloud computing platform. One of the most useful tools employed by Amazon Web Services (AWS) is Amazon Inspector, which is a bot service that looks for and identifies potential compliance and security vulnerabilities on cloud servers.

Why is Amazon Inspector so important in the cloud?

As cloud-based systems and configurations become more complex, detecting compliance and security threats becomes more difficult. And because many organizations simply don’t have the resources to adequately monitor individual servers, these vulnerabilities can be overlooked.

How does Amazon Inspector work?

Amazon Inspector analyzes the behavior of applications running on AWS to help proactively identify any security issues. Inspector works on an application basis, so users begin by defining the AWS resources that make up an application. After defining these resources, you can then create and run security assessments of the application itself.

During this assessment, what Amazon refers to as an Inspection Agent will automatically monitor the file system, network, and process activity of your application. The agent will also collect critical information surrounding any communication with AWS services, as well as the network traffic between instances, use of secure channels, and similar activity. This information helps to provide Amazon Inspector with a robust picture of the application itself and flagging any security or compliance issues.

Once the data has been collected, it’s analyzed and compared to a set of pre-vetted security rules. These rules include checks against common compliance standards, as well as best practices and security vulnerabilities that are defined by the Amazon security team. These AWS team members are constantly on the lookout for new threats, which build into new rules for Amazon Inspector. The system constantly adapts and automatically applies these rules to your application architecture.

Initial Rules Used in Amazon Inspector

  • Best practices related to security
  • Common vulnerabilities
  • Runtime behavior analysis
  • CIS operating system security benchmarks

Any issues that are unearthed by Amazon Inspector are collected and provided in a comprehensive report for the cloud customer.

Learn more about Amazon Inspector

Whether you want to learn about implementing Amazon Inspector into your existing AWS architecture, or you’re just getting started with cloud computing, don’t hesitate to reach out to CloudHesive today. We’ve been proud AWS partners for years and we are well-versed in the platform’s wide array of services. Feel free to contact our team today at 800-860-2040 or through our online contact form to learn more.

Related Blogs

  • active directory with amazon workspaces" alt="">
    Directory Services & User Authentication for Amazon WorkSpaces Deployment

    There are 6 common deployment scenarios for Active Directory Domain Services on AWS. Here’s how to handle each of them. Key Takeaways You can use an existing on-premises Microsoft Active Directory...

    Learn More
  • amazon workspaces monitoring and logging" alt="">
    Using Amazon CloudWatch to Monitor and Log Your Amazon WorkSpaces Deployment

    Use these best practices to monitor the health and connection status of individual Amazon WorkSpaces and deployments with Amazon CloudWatch Key Takeaways Organizations are increasingly using Amazon...

    Learn More
  • Amazon WorkSpaces Network and Virtual Private Cloud Configuration" alt="">
    Deploying Amazon WorkSpaces With the Right Network and VPC Configuration

    Know the network specifications and Amazon Virtual Private Cloud configurations you need to deploy Amazon WorkSpaces. Key Takeaways: Amazon WorkSpaces is a managed desktop cloud computing service...

    Learn More