Discovering and Remediating Security Risks by Utilizing Amazon Inspector

March 09 2018
image

The Challenge

With a security requirements landscape constantly changing due to new regulations or in response to online threats and infiltration activities from third parties, maintaining a strict security stance is a necessity for any company operating in modern times. From online account hacking and data intercepts to malicious software or unsecured Wi-Fi, or to more severe cases of Denial-of-Service (DDOS) attacks or global online espionage attempts, securing networks, applications and data stores is of paramount concern.

The Solution: Amazon Inspector

The challenge, however, is that a company has to not only devote significant resources to maintaining, identifying, and remediating exposed security holes in their operations, but to also stay abreast of the latest regulatory or industry trends that will allow them to alter their security stance in response. Like many other Amazon Web Services that have been built for a particular business or operational need, Amazon Inspector solves this conundrum by offering a security service that can be configured to routinely monitor applications and architectures deployed to AWS Cloud, identify weaknesses, provide reporting that details out the severity of issues, and integrate directly into the development process to catch security issues before they make it to production.

Moreover, Amazon Inspector has a dedicated team of data scientists actively working to identify threats, alter algorithms to address changes in the regulatory space, and roll out changes to the Inspector service that beneficially impact all clients that have implemented it.

In this way, any organization, regardless of size or industry footprint, can leverage the skills and techniques that top security experts require to maintain scalable and secure architectures without the added expense to have them on-staff.

How ClearScale Applied Amazon Inspector to Three Different Use Cases

With varied security concerns in mind, ClearScale, an AWS Certified Premier Partner, was approached by three different clients. As seen below, each had their own unique concerns that needed to be addressed. However, despite their differences in their needs, ClearScale was able to formulate solutions for each using Amazon Inspector.

alt

Client Use Case #1: The Need for Security Controls

The first client to ask for an evaluation came to ClearScale with a need to confirm that the security requirements that they were being requested to enact per a customer mandate were, in fact, being adhered to in their system.

Upon evaluation of their requirements, ClearScale determined that Amazon Inspector would provide the appropriate level of security assessment and worked with the client to enable regularly scheduled vulnerability scan audits. The findings that Inspector found were bundled up and prioritized by level of severity. This allowed the client to determine how best to approach the areas of security concerns and build a plan to remediate the issues.

The client continues to use Amazon Inspector for staying on top of the requirements they were asked to comply with, ultimately giving them a much more secure application that was deployed on AWS.

Client Use Case #2: Conforming to Industry Best Practices Around Security

This next client came from the financial sector. Like all organizations in this space, there are a dizzying number of regulations enacted by governments, both at a local and national level, that can be challenging to identify, let alone determine the best way to identify and address security concerns. This client asked ClearScale to determine if there was a way they could find a solution that would allow them to say with confidence that they were adhering to the industry best practices and regulatory requirements.

After an extensive evaluation process, ClearScale determined that creating a security baseline with Amazon Inspector would allow them to see where they were at in regards to the regulatory environment. After developing a Proof-of-Concept (PoC) using the Center for Internet Security (CIS) Certified rules package, ClearScale was able to demonstrate that using AWS Inspector for this approach would automate a testing regimen that could identify areas of concern before they became a problem. This approach also would allow the client to integrate the solution into their development operations processes that already existed and provide results against a predefined baseline that could help engineers spot threats before they made it into their production instances.

Client Use Case #3: Auditing the Architecture for Common Vulnerability Detection

The last client had deployed a robust architecture a few years prior that they felt needed to be audited for security vulnerabilities. They asked ClearScale to evaluate the system configurations to determine if any vulnerabilities existed. Leveraging the Amazon Inspector Rules Packages, ClearScale used Amazon Inspector to run these collection of security tests to identify Common Vulnerabilities and Exposures (CVEs) and to determine if the architecture and associated configurations fell within the security industry’s best practices.

By installing Inspector on the client’s EC2 instances, the assessment was run and 806 items were identified that were of concern. The prioritization report that Inspector provided determined that of the 806 issues, 524 of them were deemed high risk, 124 of them were found to be of medium urgency, and 158 of them were considered low, or informational, in nature. ClearScale then reviewed these issues directly with the client, who in turn determined an approach to remediate the most severe issues and quickly insure that their architecture was secure from vulnerabilities that could impact their customer base.

The ClearScale Approach to Inspector Implementations

In each case, ClearScale was able to demonstrate and realize the potential of AWS Inspector. Each client had unique concerns and challenges that were impacting their operations, architecture, or applications. With an extensive review of requirements and a robust and scalable implementation of Amazon Inspector, ClearScale was able to leverage the same service in different patterns resulting in more secure and compliant clientele instances.

ClearScale has shown repeatedly since its founding in 2011 that its methodical approach to evaluation and design, along with development, implementation, testing and training, provides a fulfilling experience to each client. Our highly skilled team of analysts, developers and support teams who have expertise in all aspects of the AWS Service Architecture have shown repeatedly, regardless of complexity of requirements from clients, that solutions can be designed and delivered that scale and are easily maintainable. By working with ClearScale, companies can find a partner who is dedicated to their success.

Get in touch today to speak with a cloud expert and discuss how we can help:

Call us at 1-800-591-0442
Send us an email at sales@clearscale.com
Fill out a Contact Form
Read our Customer Case Studies

San Francisco

Headquarters

71 Stevenson St.

Suite 400

San Francisco, CA 94105

O: 1-800-591-0442

F: 1-415-655-6601

San Jose

5450 Thornwood Dr

Suite #L

San Jose, CA 95123

Denver

1400 16th Street,

Suite 400

Denver, CO 80202

O: 1-720-932-8028

Phoenix

2942 N 24th Street,

Suite 114

Phoenix, AZ 85016

O: 1-602-560-1198

New York

165 Broadway, 23rd Floor

New York City, NY 10006

O: 1-646-759-3656

Houston

11757 Katy Freeway

Suite 1300

Houston, Texas 77079

O: 1-281-854-2088

Toronto

100 King Street West

Suite 5600

Toronto, Ontario, M5X 1C9

O: 1-416-479-5447

About Us  |  Careers  |  Privacy Policy
Share