Posted On: Nov 8, 2018
Amazon Inspector now offers agentless network assessments with the ‘Network Reachability’ rules package that identifies ports and services on your Amazon EC2 instances that are accessible from outside your VPC. With just a few clicks in the Inspector console, you can analyze the network configuration of your AWS account to identify the resources accessible from the internet or private networks like VPN, Direct Connect, or a peered VPC.
An Amazon Inspector assessment using the network reachability rules package helps you validate that your AWS network configurations are working as you expect. Assessments generate detailed findings that show you accessible ports on your EC2 instances along with the network configurations that allow access to these ports, to help you easily restrict access as originally intended. The network reachability rules package uses the latest technology from AWS’s Provable Security initiative, which is a suite of AWS technologies that uses automated reasoning. The agentless assessment analyzes your AWS network configurations including Amazon Virtual Private Clouds (VPCs), security groups, network access control lists (ACLs), and route tables, to find accessible ports.
You can install the Inspector Agent on your EC2 instances to get additional information when using the network reachability rules package. Findings are enhanced with information that identifies the processes listening on accessible ports. By using an Inspector host assessment rules package, like Common Vulnerabilities and Exposures (CVE), you will also get information about vulnerabilities on the Amazon EC2 instances. This creates a more complete view of potential security risks by showing possible access paths to the EC2 instances that host your applications as well as vulnerabilities and insecure configurations in those instances.
Amazon Inspector is available in the following eleven regions: US East (Northern Virginia), US East (Ohio), US West (Northern California), US West (Oregon), EU (Frankfurt), EU (Ireland), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Sydney), Asia Pacific (Tokyo), and AWS GovCloud (US). The network reachability rules package for Inspector assessments is available in all of these regions except AWS GovCloud (US).
To learn more about Amazon Inspector or to start your free trial, please visit Amazon Inspector.