The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.
Use our online form to submit your review. It's quick and you can post anonymously.
I am still currently working with the Amazon Inspector solution, but not directly right now as I'm working on other things on AWS. It's based on the business requirements and what it currently needs to be implemented.
My experience with Amazon Inspector is actually recent, as I worked with it hands-on six months ago, and I was using it alongside the Security Hub, which is a part of AWS.
The assessment reports provided by Amazon Inspector have helped me in identifying security vulnerabilities in my cloud applications by giving us a nicely designed dashboard that provides all the security information we need to work on remediation. This is a valuable service from AWS.
Regarding the compliance aspect, Amazon Inspector's automated security assessments have improved the organization's compliance with industry security benchmarks. It undeniably improves compliance requirements and the CIS score by avoiding many security concerns that could lead to higher failures in the future, which is really important.
For Amazon Inspector, we have many EC2 or virtual machines deployed inside our AWS environment, and the problem is that the existing package deployed inside this EC2 instance has already outdated packages. As we progress with time, this package needs to be updated for security enhancement, which requires us to uninstall the package, install the new version, and then we should be fine. However, the challenge comes with how to scan all our EC2 instances for security vulnerabilities, which is currently managed by Amazon Inspector. Amazon Inspector can scan EC2 instances or ECR, which is the ECR registry where we can save artifacts Docker images. Amazon Inspector can also scan Docker images uploaded to ECR for Elastic Registry service, and it can scan databases and S3 based on the latest updates. I noticed this from a couple of months ago, and it provides huge benefits for security.
Regarding the best features of Amazon Inspector, it gives us a list of all existing outdated packages as part of a deployed package on EC2 instances or specific Python packages that are part of the Docker file and the Docker image itself, which are causing security concerns. Amazon Inspector can list these security concerns and offer guidance on how we can remediate it by updating the package to a specific upper version or something similar.
I would like to see improvements in Amazon Inspector, specifically the support for scanning attached EBS storage for existing malware or viruses, and I hope that they can include support for S3 and EFS. I think it would be beneficial, but I need to review this information since I'm not sure if this has already been deployed or if I'm updated on it.
I have been working with Amazon Inspector for around three years.
The most challenging aspect I faced with Amazon Inspector during integration was automating the remediation process. Amazon Inspector gives us a nice list of all existing vulnerabilities needing our attention, and while we can connect to an existing EC2 instance suffering from security vulnerabilities reported by Inspector, we can't manage that for 1,000 EC2 instances without wasting time. Thus, we need to automate the process from end to end to avoid wasting the DevOps team's time. AWS published a helpful article about this issue, clarifying steps on how we could integrate Amazon Inspector with the Security Hub, and a CloudFormation template already exists for deployment using Terraform, with the ability to run everything using Python. What I did was look at this AWS article and work on converting the manual process into an automated one using Python.
I rely on some specific metrics or data points during the evaluation process, including other tools such as SonarQube, which is a third-party tool that we can integrate with our CI/CD pipeline to scan deployed packages before pushing them to Docker images. However, SonarQube does not support scanning for EC2 instances. There may be other tools that can perform that function, but I'm not sure. I know that SonarQube provides benefits for scanning Docker images, which is also supported by Amazon Inspector for security scanning.
I advise other users looking into implementing Amazon Inspector to avoid just enabling it and looking at the nice list of security vulnerabilities. They would need to implement an automation solution to remediate the actual security vulnerabilities. Without this automation, Amazon Inspector only looks a nice dashboard providing a lot of information regarding security concerns that can't be resolved until action is taken, such as implementing a remediation solution. It should be automated, especially since you might have 1,000 EC2 instances, each with different security vulnerabilities or outdated packages that need remediation. Thus, implementing this process only once using infrastructure as code, perhaps with Python what I did, is worth it; this allows you to monitor the results and only intervene if necessary.
On a scale of 1-10, I rate Amazon Inspector a 9.
Regarding the compliance, risk, and governance tools, I am comfortable discussing the tools in the GRC category.
The specific module from ServiceNow is the ServiceNow Compliance, Risk, and Governance module, which I find very useful, but it's more suitable for larger companies.
The helpful features of RSA Archer include providing an integrated overview of the landscape in the company, which leads the user to use the same inventory and other components, sharing the same set of references and objects we are working on. This integration level is the most useful feature for managing compliance work, unlike using Excel, where agents may not work together
They keep the referential integrity, which is significant.
While it provides benefits in terms of security, the pricing is a bit higher than customers typically expect.
It would be helpful if RSA Archer had the capability for two-way integration because, in any information technology area, having the ability to provide feedback is beneficial.
It could facilitate the process back to the operational level.
Dashboards are usually effective, but while visibility from the dashboard level is good, drill-down details may be difficult to access, as they don't seem to have direct support for this drill-down.
Dashboards are not an issue, but navigating from the dashboard to details could be challenging.
Deployment is not complicated, as deployment itself is relatively easy for any application.
The most challenging aspect of implementation is managing the interfaces to the sources.
RSA's technical support has sufficient services in the market, though it depends on the knowledge of the people providing the support, and it's relatively not cheap but at an average level.
If I were to rate RSA technical support on a scale from one to ten, I would give it about four, as there is definitely room for improvement, but support is available.
The response time from RSA Archer's support team is not an issue; usually, there's no problem getting a timely response, but there could be more knowledgeable agents available.
Neutral
Compared to some competitors, RSA Archer is higher priced, but the comparison depends on what competitors you consider. I know RSA Archer and ServiceNow, whereas other modules such as SAP and Oracle are more dependent on their specific technologies and are not as general or open.
I have been in touch with about three companies who use RSA Archer actively in the compliance area.
These companies use RSA Archer for nearly all purposes, including governance, internal risk, and third-party risk management and inventory management.
RSA Archer doesn't have its own inventory; it operates differently compared to ServiceNow, which is built on its own inventory and service management. The advantage of ServiceNow is that the risk and compliance module is tied with this inventory.
Regarding integration, it's relatively easy to integrate RSA Archer with third-party tools since it's mostly about the import process. There is an open API or import by file, so it's not a problem.
Both RSA Archer and ServiceNow have good reporting capabilities, with general reports presented at a very good level, namely the executive overview of security and compliance. However, if specific reports are required, it can be complicated since these tools are at the end of the compliance process and may lack the ability to provide raw data back to the process.
It's one-way integration with RSA Archer, which is a feature by the design of RSA Archer to focus on providing executive-level information.
Using RSA Archer provides sufficient benefits, as it sets a bar for compliance, assuring the company that security and compliance are at an adequate level.
On a scale of one to ten, I rate RSA Archer a seven.
