Amazon Inspector now offers improved agent-based EC2 scanning with the new Inspector VM Scanner, delivering expanded detection coverage and reduced CPU utilization on your EC2 instances. Security teams can now detect vulnerabilities across a broader range of software and applications on their agent-based EC2 instances, including WordPress, Apache HTTP Server, Python packages, and Ruby gems, while consuming fewer compute resources during scans.
The Inspector VM Scanner replaces the previous scanning engine for agent-based EC2 with a modern architecture optimized for performance. Customers benefit from reduced CPU utilization during vulnerability scans, minimizing the impact on production workloads. The expanded ecosystem detection brings agent-based scanning to parity with agentless scanning coverage, ensuring consistent vulnerability findings regardless of which scanning method you use.
To get started, opt in to the Inspector VM Scanner from the Amazon Inspector console or API. Delegated administrator accounts can enable the new scanner across their entire AWS Organization, while standalone accounts can enable it individually. No additional IAM instance profile roles are required on your EC2 instances. Existing SSM Agent configurations continue to work with no changes needed.
Amazon Inspector is a vulnerability management service that continuously scans AWS workloads for software vulnerabilities and unintended network exposure. The Inspector VM Scanner for agent-based EC2 scanning is available in all AWS Regions where Amazon Inspector is available at no additional cost. Existing Amazon Inspector agent-based EC2 scanning pricing applies.
To learn more, visit: https://docs.aws.amazon.com/inspector/latest/user/inspector-vm-scanner.html
Categories: general:products/amazon-inspector,marketing:marchitecture/security-identity-and-compliance
Source: Amazon Web Services
