Amazon Inspector: How to Get The Most Benefit Out of it
In this article, you will learn:
- What is Amazon Inspector?
- Benefits of Amazon Inspector
- How does Amazon Inspector work?
- Amazon Inspector agent installation
- Amazon Inspector pricing
- Amazon Inspector vs. Amazon GuardDuty
- Integration with AWS Security Hub
As the threat of attacks on the integrity, confidentiality, and availability of data within an organization continues to increase, finding an easy way to monitor and improve the security in the AWS (Amazon Web Services) environment is key.
AWS provides a wide range of security services to help you achieve the best level of security possible in your environment, and the Amazon Inspector service is just one of the services that can help.
This blog post will introduce what Amazon Inspector Classic is, how it works, its benefits, and also how to install the Amazon Inspector agent which is necessary for some of its features and enables you to get the most benefit out of it.
This blog post is about Amazon Inspector Classic, there is a new version available from November 2021. Amazon Inspector has been completely rearchitected to automate vulnerability management and deliver near real-time findings to minimize the time to discover new vulnerabilities.
What is Amazon Inspector?
Amazon Inspector is an AWS automated service that collects vulnerabilities in your AWS environment and provides you with security findings reports. Currently, it is mainly based on protecting your Amazon EC2 instance. It checks your EC2 instances for unexpected network accessibility and against a library of best practices, common compliance standards, and public libraries of known vulnerabilities.
It then prioritizes these issues into security findings by severity level and describes how to resolve issues to protect your AWS environment. The severity levels are high, medium, and low. All of these indicate the existence of security issues that may lead to compromised confidentiality, integrity, and availability of information in EC2 instances.
Every security finding includes useful information about the issue, but also recommendations on how to solve it.
Benefits of Amazon Inspector
- Easy to integrate automated security: easily implement Amazon Inspector to EC2 instances and use it for forensics, troubleshooting, or auditing purposes. Run security checks during the development process, or run them in a stable production environment.
- Deeply analyze Amazon EC2 instances: stay informed about the activity and configuration data of your instances. Reduce risk by checking security issues as soon as they appear.
- Find application security issues and solve them: develop and iterate on new applications quickly, and assess compliance with best practices and policies. Proactively manage your security issues before they impact your applications or your production websites.
Achieve unrivaled security and compliance with the StormIT Cloud Check-Up. We perform a gap analysis with more than 600 Best Practice Checks to reduce risk, identify security vulnerabilities, and remediate compliance breaks in your AWS environment.Get a cloud check-up
How does Amazon Inspector work?
Amazon Inspector performs and generates a findings report containing steps to keep the AWS environment safe. To use it, you need to define the EC2 instances that you want to check and for proper function, install the Amazon Inspector agent. You can also set the scheduled checks against your EC2 instances which can vary from 15 minutes to 12 hours and recur after a chosen number of days.
After collecting all the required data, it is compared with the built-in security rules packages to identify security or compliance issues.
Amazon Inspector rules packages
The main part of the Amazon Inspector is assessments/rules packages which are prepared by AWS security specialists for your use. Every rules package is focused on a different set of rules that your EC2 instance should meet.
Network assessment/rule package (Amazon Inspector agent is not required):
- Network Reachability: The rules in the Network Reachability package analyze your network configurations to find security vulnerabilities in your EC2 instances.
Host assessments/rules package (Amazon Inspector agent is required):
- Common vulnerabilities and exposures: The rules in this package help verify whether the EC2 instances are exposed to common vulnerabilities and exposures (CVEs). For more information, see https://cve.mitre.org/.
- Center for Internet Security (CIS) Benchmarks: The CIS Security Benchmarks program provides industry best practices to help organizations improve their security.
- Security best practices for Amazon Inspector: Specific set of best practices in the AWS environment.
Amazon Inspector agent installation and getting started
To get started with Amazon Inspector and the host assessments/rules package, you need to install an Amazon Inspector agent that enables access to your Amazon EC2 instances and applications running on them.
If you simply go through the steps in the Amazon Inspector console, you should be able to install this agent automatically by using AWS System Manager Run Command. Just start by clicking “Get started” and go through the steps.
If you need to install an agent manually, here are some basic steps to install an Amazon Inspector agent on multiple types of operating systems.
1. Installing the Amazon Inspector agent on Amazon EC2 instance with Linux
To install the agent on a EC2 instance with Linux:
1. Sign in/connect to your EC2 instance running a Linux-based operating system where you want to install the Amazon Inspector agent.
2. Download the agent installation script by running the following command:
sudo bash install4. You should see the confirmation in the console
2. Installing the Amazon Inspector agent on Amazon EC2 instance with Windows
To install the agent on a Windows-based EC2 instance
1. Sign in to your EC2 instance with Windows where you want to install the agent.
Download the following .exe file from the official AWS repository: AWSAgentInstall
2. Run this file as an administrator or open a command prompt window as admin and run the file to install the agent.
3. After successful installation of the Amazon Inspector agent you can start using the host assessments/rules package; just open the Amazon Inspector console and get started.
Amazon Inspector pricing
Amazon Inspector pricing is based on a number of Amazon EC2 instances included in each check and depends on the rules packages you select for assessments.
If you have never run an Amazon Inspector, you are eligible for 250 runs with a host and network rules packages at no cost during the first 90 days. This means you can run Amazon Inspector checks ten times against 25 instances (250 runs) for free.
Pricing example for those without the free tier:
In this example, all of your Amazon Inspector runs include both host rules packages and the network reachability rules package. Additionally, all of your EC2 instances have the Amazon Inspector agent on them.
So we assume five runs against 15 instances. You would therefore be charged for 75 host and network reachability instance assessments.
The Amazon Inspector charges for your account for this billing period would be:
Adding up all the above, the total Amazon Inspector cost per billing period would be $33.75. If you still have the free tier available, the above would be free.
Visit the Amazon Inspector pricing page if you need more information.
Amazon Inspector vs. Amazon GuardDuty
Both Amazon Inspector and Amazon GuardDuty are services that enhance the security of your AWS environment.
Amazon Inspector provides you with security checks of your AWS environment and it only covers Amazon EC2. There is an Amazon Inspector agent that you need to install to do a wider set of security checks.
In contrast, Amazon GuardDuty helps with analyzing the entire AWS account, can be quickly enabled, and monitors unusual account usage using a variety of sources like AWS CloudTrail logs, DNS logs, and other sources. Read more about it in our blog post: What is Amazon GuardDuty? Definition, Pricing & Comparison
Integration with AWS Security Hub
Amazon Inspector can be used with the AWS Security Hub. Security Hub provides a single place in the AWS environment to aggregate, organize, and prioritize security alerts and discoveries from multiple AWS security services. Learn more in our blog post: What is AWS Security Hub?