- Covers all the CVE stuff, finds, reports, act (patch, etc) and many more best practices the AWS team had gathered all along.
- Recording of activities inside your instances and tracking of suspicious or activities that may harm your defense.
- Automation via the AWS CLI, API, including workflow control for vulnerabilities and their mitigation actions (you can mark a vulnerability as clear manually for example, or tag one as needing a review by Auditor, etc)
- Able to catch real time system call operations, analyze and report – such as setting a library file with wide open permissions that is owned by root…
- Requires an agent that is ready for Amazon and Ubuntu AMIs for now (more platforms including Windows to follow
- Simple and cheap to try, no need to spend time and money on massive software suites. I know that's AWS core concept, but in the vulnerability scanning world its even more enticing.
- Did you know that Amazon Linux instances will automatically patch themselves on any reboot (at least for critical security patches I guess)? Alex mentions this as one of the "obstacles" he had, while he was trying to setup a vulnerable instance that does not have critical patches installed…
- What is the Agent's overhead?
- Support for Cloud Watch Integration yet to come
- People in the YouTube session seem to be either sleepy or something, because they did not jump of their sits in enthusiasm as I would 🙂
Slide deck is here: