Amazon Inspector Reviews

We use AWS services for a variety of clients, including banking and healthcare. We leverage GuardDuty for continuous threat detection, Inspector for vulnerability management, and Security Hub for CSPM (Cloud Security Posture Management).

For compliance, we primarily use Security Hub for our CSPM needs. Currently, both Inspector and GuardDuty are integrated with our SIEM tool, Sumo Logic. 

Any logs or data relevant to compliance are ingested into Sumo Logic. From there, we've configured alerts to be sent via email or Jira tickets.

We don't rely completely on Inspector for vulnerability identification. It's partially used, as we find third-party security tools to be more mature for that specific purpose.

The integration of Amazon Inspector with other AWS services has enhanced our security.

Security Hub is a major asset because it allows us to centralize data from various AWS services. We can integrate third-party tools as well. It is just a single-click option.  

If you're using AWS Organizations, it simplifies the process by allowing you to send logs from multiple accounts to a single designated AWS account. You can then monitor everything using a centralized dashboard within that account. This seamless integration of Inspector, GuardDuty, and other security services definitely improves our overall security posture.

I appreciate that Inspector presents vulnerabilities across different resources, like containers and servers, in a single consolidated view.

The most effective for automated security assessment is Security Hub. It encompasses multiple compliance standards – HIPAA, PCI, and CIS AWS Foundations Benchmark. 

One drawback is that we can't define custom compliance rules. So, we lean on Security Hub for both compliance management and, in some cases, it offers auto-remediation for certain controls.

There is room for improvement in the scanning capabilities. I'd like to see broader coverage in terms of the vulnerabilities detected. Right now, it's not as comprehensive as some of the third-party tools we use.

I have been using it for more than four years. 

I never had an issue with stability. I would rate the stability a ten out of ten. 

I would rate the scalability a seven out of ten. Inspector's scalability is primarily determined by the resources available in your AWS environment.

It is mainly utilized by development and security teams. We preferred tools like Qualys for more robust vulnerability management. 

We wouldn't give the development team full console access to Inspector. The security team would generally manage it, generate reports, and share those with the development team.

The customer service and support depend on the account. Whatever you have subscribed for. For example, if you have a premium account, the turn-around time will be quick. 

But even for a non-premium user, we got good support. 

Positive

The setup itself is very easy. It's essentially a one-click process at the account level. Anyone can do it. 

But the deployment time depends on your use case. For a single account, it's a matter of minutes. If you're managing multiple accounts and want centralized visibility, there's an additional setup to send data to a single, designated AWS account.

Overall, I would rate the solution a seven out of ten. I would recommend it, but that depends on the size of the account, their specific use cases, and overall requirements.