Amazon Inspector + Dynamic Endpoint Modeling = the Perfect Combination

What is Amazon Inspector? What does it do? Most importantly, what does our new integration mean for Observable clients?

Amazon recently announced the release of Amazon Inspector, an automated security assessment service that helps improve the security and compliance of applications deployed on Amazon Web Services (AWS.)

AWS developed Amazon Inspector as a better way to analyze the behavior of applications that run in increasingly complex environments and as a tool to improve users’ ability to identify potential security issues. It is clear that applications, and their underlying infrastructures, are becoming more complicated, which in turn makes it extremely challenging to detect potential security and compliance problems. Particularly challenging can be hybrid infrastructure designs that combine cloud and dedicated servers, storage, and network connectivity within a single application deployment and distributed infrastructures which include potentially many AWS resources. Additionally, many companies simply don’t have enough security staff to perform the required security checks on servers or other IT equipment.

Enter Amazon Inspector. With this new service, users deploy an agent onto the virtual servers they want to assess, select various tests they want to run, and execute the assessment. Amazon Inspector automatically assesses applications for vulnerabilities or deviations from best practices, including impacted networks, OS, and attached storage. Then, after performing a particular assessment, Amazon Inspector generates a detailed report of potential security issues along with prioritized recommendations for remediation.

Additional benefits of Amazon Inspector include the following:

  • An ability to identify security issues within applications
  • Enforcement of the organization’s security standards
  • Increased agility without compromising security
  • Application of AWS security expertise to applications
  • Streamlined security compliance

Download Closing Cloud Security Gaps: How to Achieve Comprehensive AWS Security ebook.

Download eBook

A natural combination

We were excited to hear the Amazon Inspector news because we view it as a perfect complement to endpoint modeling. Dynamic Endpoint Modeling maintains a model of each device on a network, enabling it to automatically detect and track each device’s role. This solution then alerts a human when a role change is significant. Another way to think about Observable’s Dynamic Endpoint Modeling is that it is a view of what the device does vs what it’s configuration might allow.

Observable has been “all in” with AWS since day one and uses VPC Flow Logs, AWS CloudTrail, and a growing number of diverse sources to monitor VPC traffic using AWS. But now Amazon Inspector is the next step in AWS security – an agent-based service that provides a user-initiated snapshot to report on the internal state of an AWS resource.

Why does Dynamic Endpoint Modeling work so well with Amazon Inspector? Our solution provides a continuous, always-on approach based on the network activity of an AWS resource. Dynamic Endpoint Modeling also provides stateful context for an individual AWS resource over time and automatically alerts IT staff to potential security issues in AWS resources, without the need for agents.

The Observable integration with Amazon Inspector

We are pleased to announce our new integration with Amazon Inspector, which is already available within Dynamic Endpoint Modeling. Now, users have access to views that show Inspector and non-Inspector resources with critical behavior-based information. Dynamic Endpoint Modeling also offers a wizard that guides users through a “Get Started with Inspector” workflow to suggest AWS resources most in need of Inspector. Dynamic Endpoint Modeling maintains an inventory of where Amazon Inspector is installed and where various findings are available. Users can schedule individual or recurring assessments, and when an AWS resources begins to act suspiciously, Dynamic Endpoint Modeling reports them as “observations” directly in the solution. Higher findings trigger Observable alerts for faster remediation.

This integration is really the perfect connection between two complementary services, and one that Observable clients can take advantage of now to continue to improve their security efforts. Stay tuned for more information on our Amazon Inspector integration as well as tips on using this new service. 

Experience Dynamic Endpoint Modeling on your own network

Protecting your public cloud infrastructure by identifying insider and external threats faster couldn't be easier. Sign up for a free, no-risk trial of Observable’s Endpoint Modeling solution, and change the way you see security.

Detect Threats Faster – Start Your Free, No-Risk Trial