Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

AWS December 2015 Webinar Series - Introducing Amazon Inspector

Amazon Inspector is a new service from AWS that helps you identify security issues in the applications that you deploy and run on AWS. Use Amazon Inspector to assess the security posture of the Amazon EC2 instances running your applications, in order to identify areas that can be improved before you expose them to a production threat environment.

This webinar will cover getting started with Amazon Inspector, how to automate the process, how to manage and act on findings, and additional ways you can enhance your development and release lifecycle using Amazon Inspector.
Learning Objectives:
Understand the basics of Amazon Inspector
Learn how to assess your security posture and identify areas that can be improved
Who Should Attend:
Security professionals, people who are responsible for host or application security, and anyone interested in standards compliance

AWS December 2015 Webinar Series - Introducing Amazon Inspector

  1. 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Eric Fitzgerald, AWS Security December 8, 2015 Introducing Amazon Inspector
  2. 2. Agenda Inspector concepts What is Inspector? How do I get started? Workflow Demo Resources Contacting the Inspector team Questions
  3. 3. Inspector concepts Application • Something of yours that you want Inspector to assess • A set of EC2 instances, defined by tags, that accomplishes a business goal Assessment • An instruction to analyze an application for security vulnerabilities Rules Package • A set of security checks (“rules”) • Rules are grouped into packages to address common security goals Finding • A potential security issue in your application • Results when telemetry gathered during an assessment matches a rule • Contains a detailed description, context, and remediation steps
  4. 4. What is Inspector? Inspector is a service to help secure the applications that you run on top of AWS. • Inspector does NOT change the shared responsibility model; it helps you reduce your effort. Inspector is designed to run during a continuous integration (CI) deployment pipeline. • Inspector is NOT designed to run continuously. We intended Inspector to be used against test environments. Inspector uses sensors that are in an on-host agent.
  5. 5. Is Inspector point-in-time or continuous? Inspector is a hybrid of these models • At the beginning of an assessment it collects configuration type telemetry • For the rest of the duration of the assessment it collects behavioral telemetry You get the most security value from Inspector when you assess an application that is being exercised, for example during an integration test.
  6. 6. How do I get started? Try it yourself: https://docs.aws.amazon.com/inspector/latest/userguide/inspector_quickstart.html 1. Launch or locate some EC2 instances (in Oregon) • Preferably ones that are doing something • Tag the instances so that you can target Inspector at them, ex: • Key=“Application”, Value=“InspectorApp” (you can use whatever you want for either) • Install the Inspector agent on the instances • wget https://s3-us-west-2.amazonaws.com/inspector.agent.us-west-2/latest/install • sudo bash install
  7. 7. How do I get started (continued) Next, in the Inspector console: 2. Create an application • Use the tag key and value that you used to tag the instances from the last step 3. Create an assessment • Pick an application and some rules packages 4. Run the assessment 5. Review your findings
  8. 8. Workflow Findings in Inspector have attributes • Attributes are like tags • You can set the initial value of an attribute from the assessment • Ex: Key=“AssignedTo”, Value=“Triage” • Ex: Key=“Status”, Value=“New” • You can add/change/remove attributes on findings after they’re generated
  9. 9. Demo
  10. 10. Resources Documentation https://aws.amazon.com/documentation/inspector Programming Inspector Everything in the Inspector console can be accomplished via our API • Included in latest SDK: https://aws.amazon.com/tools • Java: https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ser vices/inspector/AmazonInspector.html • Python: https://boto3.readthedocs.org/en/latest/reference/services/inspector.html • CLI: https://docs.aws.amazon.com/cli/latest/reference/inspector/index.html • API documentation: https://docs.aws.amazon.com/inspector/latest/APIReference/Welcome.html
  11. 11. Talk to us Support • Forum: https://forums.aws.amazon.com/forum.jspa?forumID=205 • AWS Premier support • Support FAQ: During the preview, agent support for new Linux kernels is slow Feedback • mailto:inspector-feedback@amazon.com (not for support)
  12. 12. Questions FAQ - these are all subject to change When is general availability (GA/launch)? Early Q2 CY2016 Regions for Preview? US-West-2 (Oregon) only Regions for GA? United States, Europe, Asia-Pacific – more detail later Can I point an agent in one region against the service in another? No. Pricing? Preview is free. GA prices are not determined yet. In general, pay-as-you-go, usage-based, price related to value of rules package(s) Windows agent support? Yes, at GA Linux support? Amazon Linux & Ubuntu LTS (now); RedHat & CentOS (GA)
  13. 13. More Questions FAQ - these are all subject to change Does running Inspector make me PCI compliant? No. Are you a PCI ASV? Not at the current time. Can I write my own rules packages? Not for GA; we’re investigating. Can I view the collected telemetry? Not for GA. How can I sign up for the preview? Next slide
  14. 14. How do I get access to the preview? Fill out the form here: https://aws.amazon.com/inspector/preview • Make sure to enter your AWS account number accurately - this is what gets access • 12 decimal digits with no punctuation • Make sure to enter your email address correctly Access usually takes 1 business day • We grant access once per day • No access grants around the holidays If you fill out the request form before midnight, the specific account ID(s) that you requested usually get access by 1pm US EST the next business day.
  15. 15. What’s coming for GA? Note: everything is subject to change More regions Windows support RedHat & CentOS support More comprehensive rules packages Reporting Auditing (CloudTrail) Multiple runs per assessment SNS support (which brings SQS & Lambda support)
  16. 16. Thank you! The Inspector team really appreciates the time you took to hear about our service. Please try out the preview and let us know if you have any feedback (problems, suggestions, or requests)

    Be the first to comment

    Login to see the comments

  • bgiorgini

    Dec. 16, 2015
  • jameskbsung

    Dec. 16, 2015
  • fasoulas

    Dec. 16, 2015
  • davdunc

    Dec. 16, 2015
  • pahudnet

    Jan. 18, 2016

Amazon Inspector is a new service from AWS that helps you identify security issues in the applications that you deploy and run on AWS. Use Amazon Inspector to assess the security posture of the Amazon EC2 instances running your applications, in order to identify areas that can be improved before you expose them to a production threat environment. This webinar will cover getting started with Amazon Inspector, how to automate the process, how to manage and act on findings, and additional ways you can enhance your development and release lifecycle using Amazon Inspector. Learning Objectives: Understand the basics of Amazon Inspector Learn how to assess your security posture and identify areas that can be improved Who Should Attend: Security professionals, people who are responsible for host or application security, and anyone interested in standards compliance

Views

Total views

4,065

On Slideshare

0

From embeds

0

Number of embeds

6

Actions

Downloads

46

Shares

0

Comments

0

Likes

5

×