Share your experience using Amazon Inspector

We use AWS services for a variety of clients, including banking and healthcare. We leverage GuardDuty for continuous threat detection, Inspector for vulnerability management, and Security Hub for CSPM (Cloud Security Posture Management).

For compliance, we primarily use Security Hub for our CSPM needs. Currently, both Inspector and GuardDuty are integrated with our SIEM tool, Sumo Logic. 

Any logs or data relevant to compliance are ingested into Sumo Logic. From there, we've configured alerts to be sent via email or Jira tickets.

We don't rely completely on Inspector for vulnerability identification. It's partially used, as we find third-party security tools to be more mature for that specific purpose.

The integration of Amazon Inspector with other AWS services has enhanced our security.

Security Hub is a major asset because it allows us to centralize data from various AWS services. We can integrate third-party tools as well. It is just a single-click option.  

If you're using AWS Organizations, it simplifies the process by allowing you to send logs from multiple accounts to a single designated AWS account. You can then monitor everything using a centralized dashboard within that account. This seamless integration of Inspector, GuardDuty, and other security services definitely improves our overall security posture.

I appreciate that Inspector presents vulnerabilities across different resources, like containers and servers, in a single consolidated view.

The most effective for automated security assessment is Security Hub. It encompasses multiple compliance standards – HIPAA, PCI, and CIS AWS Foundations Benchmark. 

One drawback is that we can't define custom compliance rules. So, we lean on Security Hub for both compliance management and, in some cases, it offers auto-remediation for certain controls.

There is room for improvement in the scanning capabilities. I'd like to see broader coverage in terms of the vulnerabilities detected. Right now, it's not as comprehensive as some of the third-party tools we use.

I have been using it for more than four years. 

I never had an issue with stability. I would rate the stability a ten out of ten. 

I would rate the scalability a seven out of ten. Inspector's scalability is primarily determined by the resources available in your AWS environment.

It is mainly utilized by development and security teams. We preferred tools like Qualys for more robust vulnerability management. 

We wouldn't give the development team full console access to Inspector. The security team would generally manage it, generate reports, and share those with the development team.

The customer service and support depend on the account. Whatever you have subscribed for. For example, if you have a premium account, the turn-around time will be quick. 

But even for a non-premium user, we got good support. 

Positive

The setup itself is very easy. It's essentially a one-click process at the account level. Anyone can do it. 

But the deployment time depends on your use case. For a single account, it's a matter of minutes. If you're managing multiple accounts and want centralized visibility, there's an additional setup to send data to a single, designated AWS account.

Overall, I would rate the solution a seven out of ten. I would recommend it, but that depends on the size of the account, their specific use cases, and overall requirements.

Amazon Inspector is configured by a team member to pull all vulnerability details into our environment, allowing us to access all the vulnerability findings.

We're in the initial phase and don't have any regulatory obligations yet. We're still building up the environment. However, we can run the CIS Benchmark scan across the entire environment. 

Security best practices were another reason I looked into Inspector, as it also performs CIS compliance for configuration. We're just getting started with the compliance aspect.

Amazon Inspector simplifies our vulnerability assessment process. It is one key feature I was looking for. Amazon Inspector supports the CIS Benchmarks. We had a homegrown tool to do that earlier, and now we are looking forward to using Amazon Inspector for it.

So, the automated scanning feature has positively impacted our security posture.

It offers capabilities around compliance and vulnerability management for EC2 instances, including OS compliance checks and vulnerabilities within EC2 OS images.

The findings dashboards are neat and easy to understand, offering clear demarcations for different types of findings and detailed insights into specific vulnerabilities and their associated instances. It is not a place where everything is dumped together. It is easy to understand the layout. It very precisely does what it talks about. When a vulnerability is identified, it tells me which instance has it and what operating system image it's using. This helps me correlate and understand, "Okay, this vulnerability is likely due to the OS I'm running. Maybe switching to a more secure option will help remediate these issues."

Overall, the dashboards effectively convey what they're designed to do. They tell you about vulnerabilities within your runtime environment, whether it's containers, EC2 instances, or even Lambdas (though I don't have experience with those). For EC2 instances, that's how we primarily use it.

The vulnerability scan feature is crucial for identifying vulnerabilities on my EC2 instances. Additionally, Amazon Inspector supports the CIS benchmark, which is a significant advantage.

One major area for improvement is remediation. My team works on remediating findings over time, likely using available patches. However, easier integration with Amazon's patching services would be very helpful. I'm sure there's a way to automate patching within the platform. While patching capabilities might exist, directly from Inspector, as a user, I don't have upfront information on how to remediate findings.

However, suppression rules are a valuable feature. They allow me to suppress false positives and exceptions. That aspect is handled very well. The next step would be a clear path to addressing identified findings.

We have been using Amazon Inspector for almost six months.

It's stable. I haven't experienced any downtime; the service is always available.

It is scalable.

The customer service and support are very good, overall. 

Positive

I would rate my experience with the initial setup a ten out of ten, with ten being easy to deploy. 

It's incredibly easy. There's practically one button. You just enable Amazon Inspector, and that's it.

It's very easy to maintain. There's no operational overhead. It's a limited service from Amazon, so the experience is similar to using other native Amazon services. They do a great job of keeping the user experience consistent across all services. It's a very smooth experience.

The pricing is very transparent and clear, so I don't have any challenges with it. It's good.

Just try it once and find your path forward because it's very easy to set up. If you're just starting, the native tools are the best way to start. Only when there are some advanced use cases should you look for anything beyond AWS. 

So, if you're already starting something in AWS, it's best to get started with the native tools.

Overall, I would rate the solution a ten out of ten.