(SEC324) NEW! Introducing Amazon Inspector
-
Upload
amazon-web-services -
Category
Technology
-
view
4.822 -
download
3
Transcript of (SEC324) NEW! Introducing Amazon Inspector
![Page 1: (SEC324) NEW! Introducing Amazon Inspector](https://reader030.fdocuments.net/reader030/viewer/2022020314/588195361a28ab0d358b65df/html5/thumbnails/1.jpg)
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Alex Lucas, AWS Principal Security Engineer
October 2015
SEC324
Introducing Amazon Inspector:
Security Insight into Your
Application Deployments
![Page 2: (SEC324) NEW! Introducing Amazon Inspector](https://reader030.fdocuments.net/reader030/viewer/2022020314/588195361a28ab0d358b65df/html5/thumbnails/2.jpg)
Session overview
• What is Inspector?
• Concepts and overview
• Demos
• Automation
• Limited preview
![Page 3: (SEC324) NEW! Introducing Amazon Inspector](https://reader030.fdocuments.net/reader030/viewer/2022020314/588195361a28ab0d358b65df/html5/thumbnails/3.jpg)
What is Inspector?
• Application security assessment
• Selectable built-in rules
• Security findings
• Guidance and management
• Automatable via APIs
![Page 4: (SEC324) NEW! Introducing Amazon Inspector](https://reader030.fdocuments.net/reader030/viewer/2022020314/588195361a28ab0d358b65df/html5/thumbnails/4.jpg)
Why?
Securing infrastructure is often expensive and hard to do
effectively.
• Amazon Inspector is automated, repeatable, and designed to
reduce cost.
• Use AWS security knowledge to strengthen customer servers,
services, and infrastructure.
• Delivery of actionable findings that are carefully explained and
help their resolution.
![Page 5: (SEC324) NEW! Introducing Amazon Inspector](https://reader030.fdocuments.net/reader030/viewer/2022020314/588195361a28ab0d358b65df/html5/thumbnails/5.jpg)
How?
1. Install as a service on your Amazon EC2 instances.
2. Tag the instances with application-specific information.
3. Configure Amazon Inspector application and assessment.
4. Start Inspector.
5. Exercise and test your service.
6. Stop Amazon Inspector or wait for the configurable timeout.
7. Look at findings and fix as appropriate.
![Page 6: (SEC324) NEW! Introducing Amazon Inspector](https://reader030.fdocuments.net/reader030/viewer/2022020314/588195361a28ab0d358b65df/html5/thumbnails/6.jpg)
Concepts
• Agent
• Application
• Assessment
• Finding
• Rule packages/rule
• Telemetry
![Page 7: (SEC324) NEW! Introducing Amazon Inspector](https://reader030.fdocuments.net/reader030/viewer/2022020314/588195361a28ab0d358b65df/html5/thumbnails/7.jpg)
Rule packages
• CVE (common vulnerabilities and exposures)
• Network security best practices
• Authentication best practices
• Operating system security best practices
• Application security best practices
• PCI DSS 3.0 readiness
![Page 8: (SEC324) NEW! Introducing Amazon Inspector](https://reader030.fdocuments.net/reader030/viewer/2022020314/588195361a28ab0d358b65df/html5/thumbnails/8.jpg)
Demo – Walkthrough
![Page 9: (SEC324) NEW! Introducing Amazon Inspector](https://reader030.fdocuments.net/reader030/viewer/2022020314/588195361a28ab0d358b65df/html5/thumbnails/9.jpg)
![Page 10: (SEC324) NEW! Introducing Amazon Inspector](https://reader030.fdocuments.net/reader030/viewer/2022020314/588195361a28ab0d358b65df/html5/thumbnails/10.jpg)
Automation
EC2 UserData
AWS CloudFormation
• Install the agent easily into new instance
• Update existing stacks for instance support
Other DevOps tools: Ansible, Chef, Puppet, Salt
• Install and change existing infrastructure
APIs overview
![Page 11: (SEC324) NEW! Introducing Amazon Inspector](https://reader030.fdocuments.net/reader030/viewer/2022020314/588195361a28ab0d358b65df/html5/thumbnails/11.jpg)
Demo – CloudFormation
![Page 12: (SEC324) NEW! Introducing Amazon Inspector](https://reader030.fdocuments.net/reader030/viewer/2022020314/588195361a28ab0d358b65df/html5/thumbnails/12.jpg)
![Page 13: (SEC324) NEW! Introducing Amazon Inspector](https://reader030.fdocuments.net/reader030/viewer/2022020314/588195361a28ab0d358b65df/html5/thumbnails/13.jpg)
Demo – Automation
![Page 14: (SEC324) NEW! Introducing Amazon Inspector](https://reader030.fdocuments.net/reader030/viewer/2022020314/588195361a28ab0d358b65df/html5/thumbnails/14.jpg)
![Page 15: (SEC324) NEW! Introducing Amazon Inspector](https://reader030.fdocuments.net/reader030/viewer/2022020314/588195361a28ab0d358b65df/html5/thumbnails/15.jpg)
Demo – Automating Deployment
![Page 16: (SEC324) NEW! Introducing Amazon Inspector](https://reader030.fdocuments.net/reader030/viewer/2022020314/588195361a28ab0d358b65df/html5/thumbnails/16.jpg)
![Page 17: (SEC324) NEW! Introducing Amazon Inspector](https://reader030.fdocuments.net/reader030/viewer/2022020314/588195361a28ab0d358b65df/html5/thumbnails/17.jpg)
Limited preview
FREE during the limited preview.
Limitations
• Applications: 50
• Assessments: 500
• Agents: 500
• Linux only (AL2015+, Ubuntu 14.04+)
• us-west-2 region (US West [Oregon])
![Page 18: (SEC324) NEW! Introducing Amazon Inspector](https://reader030.fdocuments.net/reader030/viewer/2022020314/588195361a28ab0d358b65df/html5/thumbnails/18.jpg)
Next steps
• Path to general availability
• More rules and packages
• Further integration
• Implement feedback
![Page 19: (SEC324) NEW! Introducing Amazon Inspector](https://reader030.fdocuments.net/reader030/viewer/2022020314/588195361a28ab0d358b65df/html5/thumbnails/19.jpg)
AWS Security and Compliance
AWS Trusted Advisor
AWS Config Rules
Amazon Inspector
Best practices for performance, reliability, and security
Create rules that govern configuration of your resources
Security insights into your applications
AWS Compliance AWS: Security of the cloud
Customer: Security in the cloud
![Page 20: (SEC324) NEW! Introducing Amazon Inspector](https://reader030.fdocuments.net/reader030/viewer/2022020314/588195361a28ab0d358b65df/html5/thumbnails/20.jpg)
Partners
![Page 21: (SEC324) NEW! Introducing Amazon Inspector](https://reader030.fdocuments.net/reader030/viewer/2022020314/588195361a28ab0d358b65df/html5/thumbnails/21.jpg)
Please…
…sign up for our limited preview.
• Look for Amazon Inspector on the AWS Management Console.
…provide feedback about this session.
…provide feedback about Amazon Inspector.
• Via AWS forums.
![Page 22: (SEC324) NEW! Introducing Amazon Inspector](https://reader030.fdocuments.net/reader030/viewer/2022020314/588195361a28ab0d358b65df/html5/thumbnails/22.jpg)
Questions?
• Find me outside the room after this session.
![Page 23: (SEC324) NEW! Introducing Amazon Inspector](https://reader030.fdocuments.net/reader030/viewer/2022020314/588195361a28ab0d358b65df/html5/thumbnails/23.jpg)
Remember to complete
your evaluations!
![Page 24: (SEC324) NEW! Introducing Amazon Inspector](https://reader030.fdocuments.net/reader030/viewer/2022020314/588195361a28ab0d358b65df/html5/thumbnails/24.jpg)
Thank you!