1
00:00:00,670 --> 00:00:03,210
Hi, let's talk about Amazon Inspector.

2
00:00:03,210 --> 00:00:05,689
So Amazon Inspector allows you to do automated

3
00:00:05,689 --> 00:00:10,010
security assessments for your AWS infrastructure.

4
00:00:10,010 --> 00:00:11,760
That means it's going to look at two things.

5
00:00:11,760 --> 00:00:14,270
Number one is EC2 instances.

6
00:00:14,270 --> 00:00:16,920
And for these EC2 instances it's going to run

7
00:00:16,920 --> 00:00:20,450
in the backend the AWS systems manager agent

8
00:00:20,450 --> 00:00:22,530
and then it's going to analyze

9
00:00:22,530 --> 00:00:25,350
against unintended network accessibility, number one.

10
00:00:25,350 --> 00:00:27,130
And number two, it's going to analyze

11
00:00:27,130 --> 00:00:31,170
the running operating system against non vulnerabilities.

12
00:00:31,170 --> 00:00:33,460
That means that automatically you're going to detect

13
00:00:33,460 --> 00:00:36,610
if you have issues on your EC2 instances.

14
00:00:36,610 --> 00:00:38,600
And then the second type of workload

15
00:00:38,600 --> 00:00:40,950
that is supported by Amazon Inspector

16
00:00:40,950 --> 00:00:44,910
is to analyze containers that are being pushed to Amazon ECR

17
00:00:44,910 --> 00:00:48,230
and Amazon ECR stands for Elastic Container Registry.

18
00:00:48,230 --> 00:00:51,090
This is where you store your container images.

19
00:00:51,090 --> 00:00:53,760
So you're going to get assessments of containers

20
00:00:53,760 --> 00:00:56,970
as they are being pushed into Amazon ECR.

21
00:00:56,970 --> 00:00:59,260
Now, all these reports are going to be delivered

22
00:00:59,260 --> 00:01:02,300
into the AWS security hub

23
00:01:02,300 --> 00:01:04,209
and these findings are going to be sent

24
00:01:04,209 --> 00:01:06,590
to Amazon EventBridge as well.

25
00:01:06,590 --> 00:01:07,423
So to summarize

26
00:01:07,423 --> 00:01:11,770
we have an EC2 instance example, running the SSM agent.

27
00:01:11,770 --> 00:01:14,680
And then the inspector service is going to run

28
00:01:14,680 --> 00:01:17,750
assessments continuously and automatically.

29
00:01:17,750 --> 00:01:20,470
The findings are going to be sent to security hub

30
00:01:20,470 --> 00:01:23,083
and also Amazon EventBridge.

31
00:01:23,970 --> 00:01:27,940
So what does AWS Inspector evaluate?

32
00:01:27,940 --> 00:01:29,400
Well, first of all, you have to remember

33
00:01:29,400 --> 00:01:34,400
it's only for EC2 instances and container infrastructure

34
00:01:34,420 --> 00:01:36,530
and you're going to get continuous scanning

35
00:01:36,530 --> 00:01:39,640
of the infrastructure, but only when needed.

36
00:01:39,640 --> 00:01:42,290
You're going to look at package vulnerabilities.

37
00:01:42,290 --> 00:01:44,420
So you're going to compare your packages

38
00:01:44,420 --> 00:01:47,950
on your EC2 instances and your containers on ECR

39
00:01:47,950 --> 00:01:49,860
against a known database

40
00:01:49,860 --> 00:01:53,690
of vulnerabilities called the database of CVE.

41
00:01:53,690 --> 00:01:56,170
And then on EC2 you're also going to get

42
00:01:56,170 --> 00:01:58,510
network reachability assessments.

43
00:01:58,510 --> 00:02:00,810
After that you're going to get a risk score

44
00:02:00,810 --> 00:02:03,420
that is going to be associated with all the vulnerabilities

45
00:02:03,420 --> 00:02:06,270
and you're going to have to prioritize for them.

46
00:02:06,270 --> 00:02:09,680
Okay, that's all for Amazon Inspector, I hope you liked it.

47
00:02:09,680 --> 00:02:11,630
And I will see you in the next lecture.