Why Vulnerability Management is Important

How Alert Logic with Amazon Inspector Are Delivering the Security Strategy You Need

Vulnerability management is challenging for every corporate IT team I have ever worked with. With the limited staff and resources, most IT teams wait until Patch Tuesday or for an announcement in the media regarding a new or emerging vulnerability, to act. This leaves many gaps in a company’s vulnerability management strategy. There is an average of 1,182 vulnerabilities released every month according to Risk Based Security’s 2015 Vulnerability DB QuickView Report. These statistics demonstrate how difficult it is to track and research all vulnerabilities to determine which ones affect your environments. It requires an in-depth knowledge of vulnerability analysis and exploit development to determine the actual risk that a discovered vulnerability may introduce.

To help customers tackle this challenge, Amazon Web Services (AWS) has introduced Amazon Inspector, an automated security assessment service.  Amazon Inspector helps customers identify potential security issues, vulnerabilities, and deviations from security best practices using pre-built rules packages.  These rules-packages are updated regularly by AWS to ensure customers are conducting assessments against the latest known vulnerabilities and exploits.  Amazon Inspector uses a kernel-level agent that can be deployed on Amazon Elastic Compute Cloud (Amazon EC2) instances to scan for known high severity vulnerabilities.  The AWS agent also collects information on application communication with other AWS services, records whether secure communications channels are being used, and best practices on network and OS configurations are in place. The data collected from the AWS agent is securely transferred to the Amazon Inspector service that analyzes it against thousands of known security vulnerabilities. The results are delivered in the form of "findings" in the Amazon Inspector console.  Amazon Inspector is best used as part of your application deployment chain to identify potential security issues early in the application life cycle.

AWS Inspector

Alert Logic Cloud Insight is an automatic vulnerability and configuration management solution for workloads running on AWS. Cloud Insight is designed with tight integration into the AWS API and AWS CloudTrail data, enabling auto discovery of your workloads and continuous monitoring of those environments. Cloud Insight automatically tracks changes in your AWS environment allowing it to identify and prioritize the remediation actions for both your Amazon EC2 instances and AWS services layers to reduce your exposure to vulnerabilities that may lead to a potential security incident. The remediation instructions are designed to provide actionable data for your teams to drive a consistent approach to vulnerability management across your AWS workloads.

AWS Inspector with Cloud Insight

Alert Logic Cloud Insight works with Amazon Inspector to enable customers to consume all vulnerability findings from both Amazon Inspector and Cloud Insight in a single view. When the data is correlated and reported, it provides customers the ability to perform pre-production application security analysis and continuous security monitoring in production. Cloud Insight gives you a single view of your security posture for your AWS workloads by incorporating data from Amazon Inspector findings and AWS Config Rules checks. This data, in combination with Alert Logic’s AWS configuration checks, Guest OS checks and IAM role analysis checks, will provide you a solid vulnerability management foundation for your AWS workloads, and is easily integrate it into your current business vulnerability response process.

AWS Inspector with Cloud Insight

If you are asking yourself, “How do I get my hands on this?” Well let me help you out, first check out our Cloud Insight product page.

To learn more about Cloud Insight and create an account then go to our Integrations page to see the installation instructions and to download the AWS Lambda function. 

About the Author

Stephen Coty - Chief Security Evangelist at Alert Logic

Stephen Coty

Stephen Coty originally joined Alert Logic as the head of the Threat Research team, where he led the effort to build threat content and deliver threat intelligence. He later became the Chief Security Evangelist for the company. Prior to joining Alert Logic, Coty was the Manager of Cyber Security for Rackspace Hosting, and has held IT positions at multiple companies, including Wells Fargo Bank, Applied Materials, Stanford Medical Center and The Netigy Corporation. He has been in the Information Technology field since 1993. Research has been his primary focus since 2007.

@StephenCoty | More Posts by Stephen Coty