Taking a look at the AWS Inspector intro  by Alex Lucas I could see several sweet features all DevOps security minded pros would love (and of course it includes even more goodies).

1. Covers all the CVE stuff, finds, reports, act (patch, etc) and many more best practices the AWS team had gathered all along.
2. Recording of activities inside your instances and tracking of suspicious or activities that may harm your defense.
3. Automation via the AWS CLI, API, including workflow control for vulnerabilities and their mitigation actions (you can mark a vulnerability as clear manually for example, or tag one as needing a review by Auditor, etc)
4.  Able to catch real time system call operations, analyze and report – such as setting a library file with wide open permissions that is owned by root…
5. Requires an agent that is ready for Amazon and Ubuntu AMIs for now (more platforms including Windows to follow
6. Simple and cheap to try, no need to spend time and money on massive software suites. I know that’s AWS core concept, but in the vulnerability scanning world its even more enticing.
7. Did you know that Amazon Linux instances will automatically patch themselves on any reboot (at least for critical security patches I guess)? Alex mentions this as one of the “obstacles” he had, while he was trying to setup a vulnerable instance that does not have critical patches installed…

Open topics:

1. What is the Agent’s overhead?
2. Support for Cloud Watch Integration yet to come
3. People in the YouTube session seem to be either sleepy or something, because they did not jump of their sits in enthusiasm as I would 🙂

Slide deck is here: