Amazon Web Services Makes Amazon Inspector Available to All Customers Security service automates vulnerability assessments for customers running applications on Amazon EC2
Betterment, CapLinked, Coinbase, Flatiron Health, and University of Notre Dame among the many customers using Amazon Inspector for more agile security
SEATTLE--(BUSINESS WIRE)--Apr. 19, 2016-- Amazon Web Services, Inc. (AWS), an Amazon.com company (NASDAQ:AMZN), today announced that Amazon Inspector, an automated security assessment service, has completed its preview phase and is now generally available to all customers. Amazon Inspector helps customers improve the security and compliance of their applications running on Amazon Elastic Compute Cloud (Amazon EC2) by identifying potential security issues, vulnerabilities, or deviations from security standards. With no up-front costs or infrastructure to manage, Amazon Inspector is easy to deploy and can be integrated into the development lifecycle. With Amazon Inspector, customers pay only for the assessments they run, with the first 250 assessments free for a customer's first 90 days. To get started with Amazon Inspector, visit https://aws.amazon.com/inspector.
The flexibility and scale of the AWS Cloud make it possible for customers to build and deploy applications and services faster than ever before. However, the manual effort required to assess these applications for security risks - especially at scale - often slows down both application development and IT operations. While traditional vulnerability assessment solutions can automate assessments, they require customers to deploy and manage back-end infrastructure. As deployment and operations models become more agile, both developers and central security teams are looking for a way to more easily conduct security assessments and integrate them into the development and deployment lifecycle. Amazon Inspector makes this possible by providing a rich set of APIs that customers can use to automate security assessments of production systems, and also easily integrate security assessments directly into their existing application deployment processes. With a few clicks in the AWS Management Console, customers can use AWS tags to identify the Amazon EC2 instances they want to assess, specify the associated applications, select from a pre-built list of tests, and set a time duration. Amazon Inspector analyzes an application's configuration and activity, looking for a wide spectrum of possible vulnerabilities across Amazon EC2 instances, and collecting information such as how the application communicates with other AWS services, whether it uses secure channels, and the network traffic between instances. Amazon Inspector compares this information against AWS's extensive rules packages, which represent thousands of potential security vulnerabilities that AWS continuously updates with the latest threat intelligence. Once an assessment of the application's Amazon EC2 environment is completed, customers can view the findings, along with detailed recommendations for remediation, in the Amazon Inspector console.
Customers have asked us if we could help them do the same rigorous security assessments on their applications that we do for our AWS services, said Stephen Schmidt, Chief Information Security Officer, AWS. Amazon Inspector delivers key learnings from our world-class security team as a managed service, so customers benefit from our continuous implementation of best practices and threat intelligence. Companies of all sizes can now perform assessments of their applications in an automated way and proactively remediate vulnerabilities.
Amazon Inspector deploys on-host agents so customers get insight from inside Amazon EC2 instances and other AWS resources that make up an application environment. Amazon Inspector is also fully integrated with AWS CloudTrail, providing central logging of all security testing activity, giving auditors full visibility into what tests were performed and when, streamlining the process of demonstrating compliance in the development and operations lifecycle.
Flatiron Health is a healthcare IT company with a mission to fight cancer with organized, real-world oncology data. Our company was founded with the vision of building a disruptive software platform to transform how cancer care is delivered, said Nicholas Arvanitis, Security Engineer, Flatiron Health. Dealing with healthcare data of this nature requires us to maintain a high level of systems security while still rapidly innovating. We are excited about the prospect of integrating Amazon Inspector to further automate security assessments throughout our operations lifecycle to ensure that our security scales as quickly as our engineering efforts.
Betterment is one of the largest independent automated investing services, helping people to manage, protect, and grow their wealth through technology. At Betterment, our customers are trusting us to help them achieve their financial goals, said Brandon Wu, Head of Privacy & Security, Betterment. Making sure we are building security into every aspect of our offering is a key focus for us. The approach of Amazon Inspector as a cloud-based, API-driven security service that can easily be built right into the software development and deployment lifecycle is a scalable approach that resonates.
Coinbase is one of the most widely used bitcoin wallet and exchange companies. If we deploy code with a known vulnerability, we've already opened up our platform to risk, said Rob Witoff, Director, Coinbase. In the new world of continuous deployment and continuous integration, and deployment into immutable environments, we need security tooling that runs inline with our software development and deployment pipeline. Amazon Inspector is helping companies like ours embrace the im
