Identifying and Ranking Vulnerabilities in AWS

Prioritizing AWS Security Risks 
For an AWS environment, AWS Inspector is the key to meet PCI Requirement 6.1. This requirement states, “Establish a process to identify security vulnerabilities, using reputable outside sources for security vulnerability information, and assign a risk ranking to newly discovered security vulnerabilities.” So not only do you need a formalized process for recognizing security vulnerabilities, but you also have to rank risks by high, medium, or low priority. Fortunately, AWS Inspector will perform an assessment that results in a list of prioritized security findings. Then, it’s up to your team to remediate those findings according to the threat level.

AWS Inspector is a service provided by AWS that can help you comply with PCI Requirement 6.1. This requirement states that you have to have a method for identifying security vulnerabilities and you also have to have a ranking system. You have to rank the findings according to some type of risk rating system in order to identify the things that are high and above, which you have to resolve and ensure that you’ve remediated. In addition to running AWS Inspector for performing a security assessment of your environment, the AWS Marketplace provides a lot of solutions from industry standard vulnerability scan providers. You need to put those things into place to scan your environment, get the results, resolve the findings, and come back and scan again in order to prove that those things were remediated.  

Related Videos