AWS Inspector

What is Inspector:

A vulnerability management service that continuously scans compute workloads. Services most likely to be scanned are EC2, ECR repository images to check for software vulnerabilities and Lambda Functions. You can scan with an agent installed on the compute workloads or run in a 'hybrid mode' where Inspector will scan EBS volumes attached to compute workloads to assess for any vulnerabilities.

Inspector Features:

• Scans both host and network vulnerabilities.
• Checks for security vulnerabilities on compute.
• Can make a schedule for these checks.
• An agent must be installed for compute checks.
• If agent is installed can check for exposed services at host level.
• Can perform network checks for exposed ports within a VPC.
• No agent is required for these network checks.
• Can have centralised view of all accounts with AWS Organisations.
• Cost per assessment.