Information Security Engineer at a financial services firm with 10,001+ employees
Real User
Top 20
2024-03-27T15:55:38Z
Mar 27, 2024
There is room for improvement in the scanning capabilities. I'd like to see broader coverage in terms of the vulnerabilities detected. Right now, it's not as comprehensive as some of the third-party tools we use.
Developer at a sports company with 501-1,000 employees
Real User
Top 5
2024-03-05T06:38:15Z
Mar 5, 2024
One major area for improvement is remediation. My team works on remediating findings over time, likely using available patches. However, easier integration with Amazon's patching services would be very helpful. I'm sure there's a way to automate patching within the platform. While patching capabilities might exist, directly from Inspector, as a user, I don't have upfront information on how to remediate findings. However, suppression rules are a valuable feature. They allow me to suppress false positives and exceptions. That aspect is handled very well. The next step would be a clear path to addressing identified findings.
It has a limited scope. So, AWS Inspector primarily focuses on the security of the EC2 instance. So, if your architecture includes other AWS services, then you may need to use additional tools for your comprehensive security assessment. So that is one con. Another is, like, we have a dependency on agents. So other is dependency on agents, like, Inspector relies on agents installed on instances for deeper assessment. So managing these agents can be additional overhead. So these kinds of things. It does not even provide real-time protection. So, Inspector provides point-in-time assessment rather than continuous monitoring. So these are all cons. When it comes to false positives, it is there for most security tools as of now. I would not consider false positives a major concern. So, these are the major concerns that I found: dependency on agents, limited scope, and no real-time protection.
There isn't too much to improve right now. Scanning on demand or as a part of the pipeline versus a post pipeline solution would be good, but it is not a deal breaker by any means. Other than that, it is really about them just keeping up the pace with all the vulnerabilities out there. The vulnerability databases are growing on a daily basis. So, just making sure that they are on top of that is the key thing that I'm looking for.
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings can be reviewed directly or as part of detailed assessment reports which are available via...
There is room for improvement in the scanning capabilities. I'd like to see broader coverage in terms of the vulnerabilities detected. Right now, it's not as comprehensive as some of the third-party tools we use.
One major area for improvement is remediation. My team works on remediating findings over time, likely using available patches. However, easier integration with Amazon's patching services would be very helpful. I'm sure there's a way to automate patching within the platform. While patching capabilities might exist, directly from Inspector, as a user, I don't have upfront information on how to remediate findings. However, suppression rules are a valuable feature. They allow me to suppress false positives and exceptions. That aspect is handled very well. The next step would be a clear path to addressing identified findings.
It has a limited scope. So, AWS Inspector primarily focuses on the security of the EC2 instance. So, if your architecture includes other AWS services, then you may need to use additional tools for your comprehensive security assessment. So that is one con. Another is, like, we have a dependency on agents. So other is dependency on agents, like, Inspector relies on agents installed on instances for deeper assessment. So managing these agents can be additional overhead. So these kinds of things. It does not even provide real-time protection. So, Inspector provides point-in-time assessment rather than continuous monitoring. So these are all cons. When it comes to false positives, it is there for most security tools as of now. I would not consider false positives a major concern. So, these are the major concerns that I found: dependency on agents, limited scope, and no real-time protection.
There isn't too much to improve right now. Scanning on demand or as a part of the pipeline versus a post pipeline solution would be good, but it is not a deal breaker by any means. Other than that, it is really about them just keeping up the pace with all the vulnerabilities out there. The vulnerability databases are growing on a daily basis. So, just making sure that they are on top of that is the key thing that I'm looking for.