Shifting Left Securely with Amazon Inspector

Shifting Left Securely with Amazon Inspector

There were lots of really cool announcements that came out of #reInvent2023.? One of my favorites was the release of three new capabilities for Amazon Inspector. These feature releases broaden what’s possible when it comes to scanning for software vulnerabilities in cloud code.

Cloud native is becoming the new normal.? A report from the Cloud Native Computing Foundation shows that 30% of companies are using cloud native solutions.

There are projections that the Infrastructure as Code market is projected to reach more than $2 billion in 2027

If you are building Infrastructure as code in AWS, you are probably familiar with Inspector. Amazon Inspector is a vulnerability management service that continually scans your AWS workloads for known software vulnerabilities and unintended network exposure. Amazon Inspector automatically discovers and scans running EC2 instances, container images in?Amazon Elastic Container Registry (Amazon ECR) and within your CI/CD tools, and Lambda functions.

Three New Amazon Inspector Capabilities

First—There is a new set of open source plugins as well as an API that allows for assessment of container images for software vulnerabilities right at the time of build and right from the CI/CD pipeline?

Let’s get to the plugins first which are for Jenkins and JetBrain’s TeamCity with more to follow. The new API is accessible through both an AWS SDK and the AWS Command Line Interface (AWS CLI).? The API allows for the incorporation of Amazon Inspector into your CI/CD pipeline

Second—Inspector use GenAI and automated reasoning to provide code assisted remediation for AWS Lambda

Third—Continuous monitoring—Inspector will monitor EC2 instances without installing an agent or additional software.? This feature is in preview

Scanning Lambda code just got easier.

AWS Lambda is a preferred choice for many developers. Many organizations use Lambda to build serverless API backends using Amazon API Gateway. Another common use case is Chatbots and NLP.? File and data processing as well as image and video processing are a couple other use cases.? There are some market estimates that indicate that 50% of AWS customers use Lambda.?

Amazon Inspector offers two types of scanning for Lambda. These scan types look for different types of vulnerabilities.

Amazon Inspector Lambda standard scanning--This is the default Lambda scan type. Lambda standard scanning scans application dependencies within a Lambda function and its layers for package vulnerabilities

Amazon Inspector Lambda code scanning--This scan type scans the custom application code in your functions and layers for?code vulnerabilities.

The automated reason and code assisted remediation comes in the form of in-context code patches for vulnerabilities detected during the scan.? Inspector is looking for security issues like data leaks, missing encryption, injection flaws etc.?

Inspector discovers the vulnerabilities and includes code snippets and remediation suggestions.

If we think about why this matters, its because it allows teams to prioritize security on the front end of the process instead of needing to choose between security and a tight release deadline.?

Inspector provides Continuous Monitoring for CI/CD pipelines

Did you know that a business today can spend an average of 250 days to remediate a high severity risk? ?It’s really crucial to identify a potential security issue early in the development lifecycle.? This practice prevents the risk being deployed in a prod environment

But this addition isn’t just about reducing vulnerability backlogs, its really about increasing productivity and bettering time to market via automation.? It also creates more of a partnership between the Dev team and the Security team. The security team establishes threshold limits for the scans.? This approach ensures that all container images meet a set of predefined criteria before moving to the next phase of deployment.? The Dev team knows what the parameters are early and can adjust the workflow to better meet expectations ahead of time instead of redoing work.

Inspector’s recommendations actually streamline the security review process.? Developers are automatically integrating security into their CI/CD pipelines. It allows for a proactive approach that enables the developer to deliver secure software.?

This approach is also cost effective. AWS charges $0.03 per image scanned using their CI/CD solution.? Because the cost is on demand, security teams can align expense with actual usage.? This model provides costs that actually represent developer activity.

cc: Al Sadowski | Mary McCahon

#cloud #cloudsecurity #aisecurity

https://aws.amazon.com/inspector/features/

www.cncf.io/reports/cncf-annual-survey-2022/

https://securityintelligence.com/news/news-vulnerabilities-25-days-remediate/

https://siliconangle.com/2023/12/12/maturing-infrastructure-code-market-changed-path-software-development/#:~:text=Infrastructure%20as%20code%2C%20the%20practice,growing%20pains%20as%20it%20matures.

Mujabdeen Sirajudeen

Every Minute We Deliver Proactive IT & Security For Finance and Hospitality Ensuring Your Business Remains Protected & Confidential 24/7.

1 年

These new Amazon Inspector capabilities are game-changers for cloud security!

David Linthicum

Internationally Known AI and Cloud Computing Thought Leader and Influencer, Enterprise Technology Innovator, Educator, Best Selling Author, Speaker, GenAI Architecture Mentor, Over the Hill Mountain Biker.

1 年

I’ve watched the evolution of this service, and it’s clearly moving in more valuable and meaningful directions.

要查看或添加评论,请登录

Jo Peterson的更多文章

  • Wiz, a Lucky Security Charm for Google Cloud?

    Wiz, a Lucky Security Charm for Google Cloud?

    On the heels of St Patrick’s Day, Alphabet (Google’s parent company) announced the acquisition of Wiz. The deal is…

    4 条评论
  • Partners for Your Protection: How IBM+AWS Deliver Cloud Security

    Partners for Your Protection: How IBM+AWS Deliver Cloud Security

    During this year’s AWS re:Invent conference in Las Vegas, AI is probably the buzzword of the conference and IBM is all…

    9 条评论
  • Multi Cloud Networking—A Must Have

    Multi Cloud Networking—A Must Have

    We’re just a few short weeks away from AWS reInvent. The 2024 AWS re:Invent conference is expected to have around…

    6 条评论
  • Unpacking the AI Junk Drawer

    Unpacking the AI Junk Drawer

    Unpacking the AI Junk Drawer According to Wikipedia, a junk drawer is a drawer that stores small, miscellaneous items…

    12 条评论
  • Microsoft Copilot for Azure—Your AI Key to Letting the Light In

    Microsoft Copilot for Azure—Your AI Key to Letting the Light In

    In IT we love acronyms. An oldie but a goodie is KTLO or Keeping the Lights On.

    1 条评论
  • Microsoft Defender for Cloud--A Holistic View

    Microsoft Defender for Cloud--A Holistic View

    Gartner forecasts spending on cloud security to grow 24% in 2024, making it the highest growth of all segments in the…

    11 条评论
  • Continued Innovation with Azure VMware Solution

    Continued Innovation with Azure VMware Solution

    Over the past four years, Microsoft and VMware have worked together closely to deliver Azure VMware Solution (AVS) to…

    11 条评论
  • Microsoft Fabric--Connecting the Dots

    Microsoft Fabric--Connecting the Dots

    Did you know that Microsoft released the first version of SQL Server, known as SQL Server 1.0, in 1989 for the OS/2…

    7 条评论
  • AI’s Role in Identity

    AI’s Role in Identity

    Due to the widespread adoption of multi cloud strategies and the growing utilization of AI related programs like Large…

    11 条评论
  • Responsible AI in an Evolving Regulatory Environment

    Responsible AI in an Evolving Regulatory Environment

    Generative AI is expected to be a $200 billion industry by 2032. The pace of its growth underscores the need to address…

    8 条评论

社区洞察

其他会员也浏览了