AWS Inspector Vs Azure Security Center

 In Cloud

AWS Inspector

AWS Inspector is one of the AWS Service which allows us to perform security analysis on AWS resources like EC2 instances and identify potential security issues. It not only identifies the security issues with severity but also provides the needed recommendations to fix these issues.This helps keep the AWS Cloud resources secure and protect from security vulnerabilities. AWS Inspector is explained in the blog Getting started with Inspector

Azure Security Center

Azure Security Center helps prevent, detect and respond to threats that can compromise the security of Azure resources. More details on Azure security center is available in Getting Started with Azure Security Center

Things in Common

● Like AWS Inspector focuses on security of the EC2 resources, Azure Security Center focuses on security of Azure resources
● Agent based – Both Inspector & Azure Security Center are agent based security assessment service
● Free Tier – Both provides free-tier usage for 90 days
● Integrated with partner solutions to provide enriched security assessment and recommendations
● “Security Best practices” is a common area of focus though the recommendations vary among them

Comparison

AWS InspectorAzure Security Center
Agent installation is manual. Detailed steps to install & manage AWS agent has been provided by AWS. Each EC2 instance should have AWS agent running to consider them as assessment targets.Agent installation is automated.Just by few clicks in the portal, agent gets installed without having to follow a sequence of steps like AWS. This helps to get started quickly
Security assessment is controlled by “Assessment Templates”. User can define the templates and run them as and when requiredPrevention, Data collection and Threat detection are controlled through policies
● These policies are predefined and user can turn on/off each of them
● Policies can be common to all the resources at the subscription level or can be defined at the individual resources level
Duration of assessment and schedule can be defined as per our convenienceAzure claims “Security Center” scanning takes place daily but there is no mention of “when it runs” and “how can it be controlled
AWS Inspector is tag based. Assessment template looks for EC2 instances with specific tags to identify Assessment targets.Azure Security Center is resource based.When data collection is enabled, agent gets automatically installed on the resources getting provisioned.All resources are considered as assessment targets by default and the same be turned on/off for specific resource groups if required
Any security issue including the “Security best practices proposed by AWS” has to be addressed manually based on the recommendation in the assessment findings“Threat Prevention” recommendations proposed by Azure (security best practices) can be implemented through portal just by few clicks.Only threat detection and fixing is manual based on recommendations
User cannot choose to integrate with partner solutions as they like. Assessment is controlled through “Rules Packages” which are defined and managed by AWS. These rules packages are integrated with partner solutions which user cannot changeUser can choose to integrate with partner solutions as they wish and observations are consolidated in portal at a common place
● Next Generation Firewall – Barracuda,Checkpoint, Fortinet
● Web Application Firewall – Barracuda,F5 Networks, Imperva Inc
● Vulnerability Assessment Solutions -Qualys etc.,
EC2 instances are the only resource that can be assessed for security issues now. More AWS resources like S3, RDS will be added soon for assessmentThreat prevention, and detection can be performed on
● Azure Virtual Machines
● Firewalls
● SQL Databases
● Storage Disk
AWS Inspector dashboard doesn’t have any charts to show the recommendations and vulnerabilities Provides dashboard with separate charts for “Prevention” & “Detection”. Data in the charts can be selected to view the details.Can be integrated with Power BI to have additional dashboards
Export to csv is provided by defaultOption to export the recommendations & security observations in CSV/PDF format can be done by integrating with Power BI
Assessment to be done on each EC2 instance to verify the security best practices which involves cost“Basic security” is provided for free by default which ensures the must-have security recommendations are addressed for Azure resources without any cost
Pricing is based on the “assessment run per target”. So only when the assessment run is initiated, cost is involvedFixed monthly price is charged for each node being assessed.
● Standard ($15/node/month)
Focusses more on Linux resourcesFocusses more on Windows OS & SQL DB resources
Notifications are sent when an assessment run is initiated/completed by integrating with SNS. The email recipients can vary for eachassessment template.Notifications are sent to “recipients” configured at the subscription or resource level for each of the “HIGH” severity issues being detected
Network traffic to Malicious IP address are not available nowCan detect network traffic to malicious IP addresses. These IP addresses are maintained by Microsoft/Azure Database based on their experience
Cannot combine events and alerts as of now. But integration with “Common vulnerabilities or exposures (CVE)” & “Center for Internet Security (CIS)” plays a major role in detecting security threatsFusion – can combine combine events and alerts to provide attack timeline. Like, first the Brute force attempt and next the suspicious VM activity can be combined as a security threat

Conclusion

Comparison reveals that both AWS Inspector and Azure Security Center have their own strengths and weaknesses. Both of these security assessment services prioritizes providing secure and protected environment to their customers. The capabilities available now are sufficient to provide a basic security to some of the resources. Hope is that they will cover more resources and mature the features in the upcoming releases.

Recommended Posts

Leave a Comment

Start typing and press Enter to search