Inspector

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.

Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices.

• Runs assessments that check for security exposures and vulnerabilities in EC2 instances

• Can be configured to run on a schedule

• Agent must be installed on EC2 for host assessments

• Network assessments do not require an agent

Network Assessments

• Assessments: Network configuration analysis to check for ports reachable from outside the VPC

• If the Inspector Agent is installed on your EC2 instances, the assessment also finds processes reachable on port

• Price based on the number of instance assessments

Host Assessments

• Assessments: Vulnerable software (CVE), host hardening (CIS benchmarks), and security best practices

• Requires an agent (auto-install with SSM Run Command)

• Price based on the number of instance assessments