AWS re:Invent 2022
Detect Vulnerabilities in Aws Lambda Functions Using Amazon Inspector Sec217

Title

AWS re:Invent 2022 - Detect vulnerabilities in AWS Lambda functions using Amazon Inspector (SEC217)

Summary

  • Amazon Inspector is an automated vulnerability management service that scans workloads for software vulnerabilities and unintended network exposures.
  • The new Amazon Inspector, launched in 2021, is designed to be cloud-native, offering continuous scanning and low administrative overhead.
  • The service integrates with AWS Organizations for easy activation across accounts and provides a single pane of glass for visibility.
  • Amazon Inspector now supports EC2, containers, and Lambda functions, aiming to provide a unified tool for vulnerability management across different compute types.
  • The service prioritizes and contextualizes findings using the Amazon Inspector score, which considers severity, network accessibility, exploitability, and other factors.
  • Amazon Inspector automatically monitors for new resources and vulnerabilities, reassessing and updating findings in near real-time.
  • The service has been extended to support serverless functions, automatically scanning Lambda functions for vulnerabilities upon deployment or update.
  • Amazon Inspector supports Python, Node, and Java runtimes for Lambda functions, which covers 96% of Lambda usage.
  • The pricing model for Lambda function scanning is per function per month, prorated by the number of hours a function is monitored.
  • Integration with AWS Security Hub and Amazon EventBridge allows for automated ticketing and remediation workflows.

Insights

  • The new Amazon Inspector represents a significant shift from traditional, scheduled vulnerability scans to a continuous, real-time monitoring approach, reflecting the dynamic nature of cloud environments.
  • The integration with AWS Organizations and the ability to automatically enable new accounts for scanning simplifies the management of security posture across large, multi-account AWS environments.
  • The extension of Amazon Inspector to cover Lambda functions addresses the growing trend of serverless architecture adoption and the unique security challenges it presents.
  • The prioritization of vulnerabilities using the Amazon Inspector score and additional vulnerability intelligence, such as exploit availability, helps security teams focus on the most critical issues first.
  • The pricing model encourages widespread adoption by being cost-effective and predictable, which is crucial for organizations managing large numbers of Lambda functions.
  • The use of AWS Security Hub and Amazon EventBridge for automated remediation and ticketing demonstrates a move towards more automated and integrated security operations workflows.
Detect and Resolve Biases in Artificial Intelligence Com304Detecting Ssrf Events on Aws Using Splunk Prt325