Amazon Inspector - The vulnerability management service at scale

Transcript

1. Amazon Inspector - The vulnerability management service at scale BHUVANESH

   Data Engineer @CRED

2. Who am I…? THE DATA GUY Data Engineer by Job

   ++ DBA Blogger @TheDataGuy.in AWS Community Builder OpenSource Enthusiast @BhuviTheDataGuy @BhuviTheDataGuy /in/rbhuvanesh https://bhuvane.sh/ @BhuviTheDataGuy

3. Traditional way of vulnerability management Not Cloud Focused Hundreds of

   instances can be launched and terminated in a day. Traditional tools lagging to scan all of them only the fly. Agent Based Install and configure the Agent to collect the vulnerabilities and the network connections & permissions. Scheduled Scan Most of the traditional tools works on scheduled scan basis. We have to wait till the scheduled window to detect the vulnerabilities. Knowledge & Effort Additional learning and management overhead of the 3rd party tools and integrations with all other services.

4. Amazon Inspector Seamless Vulnerability Management Service at Scale Supports for

   EC2 and ECR

5. How Inspector solves the traditional problems in vulnerability management? One

   Click Enablement No additional agent Auto detection Near realtime scan Detect Patches Network reachability CVE Score Details & Remediation

6. How Inspector works Detect the new instance Continues scanning Collect

   package details Vulnerability database Consolidated Report Security Hub Event Bridge Custom Integration EC2 With SSM Role

7. How Inspector updates the vulnerability database • Snyk is a

   source of vulnerability intelligence for the Amazon Inspector service. • The Snyk Intel Vulnerability Database is maintained with hand-curated content and enriched meta-data, and identifies vulnerable functions as well as known exploit maturity with a Common Vulnerability Scoring System score and vector assigned to 100% of vulnerabilities.

8. CVSS vs Inspector score CVSS v3 (REDHAT_CVE) Inspector 9.8 8.4

   Metric CVSS Inspector Attack Vector Network Local Attack Complexity Low Low Privileges Required None None User Interaction None None Scope Unchanged Unchanged Confidentiality High High Integrity High High Availability High High • CVSS provides a numerical (0-10) representation of the severity of an information security vulnerability • Amazon Inspector calculates an Inspector risk score by correlating up-to-date CVE information with temporal and environmental factors such as network accessibility and exploitability information to add context to help prioritize your findings. Rating CVSS Score Low 0.1 - 3.9 Medium 4.0 - 6.9 High 7.0 - 8.9 Critical 9.0 - 10.0

9. Inspector Features Suppression Rules can skip the findings that is

   not relevant to you. Export the findings to S3 for historical data store. Account level control to enable or disable the features Projected cost usage on Inspector console to know. Integrated with Security Hub, Event Bridge for any workflow automation. Comprehensive Dashboard with near real-time reports

10. Uber’s interesting implementation SQS Listener Issue Processor Jira Ticket Creator

    Scan Scan Findings in CloudWatch Call GetFindings API Vulnerability Details to SQS Store Update Ticket Status Internal Service FROM AWS RE:INVENT 2021 VIDEO

11. It’s Showtime A QUICK DEMO

12. Thank You!! Q & A @BhuviTheDataGuy @BhuviTheDataGuy /in/rbhuvanesh @BhuviTheDataGuy