Host Vulnerability Management (HVM) enables Security and DevOps teams to efficiently view, prioritize, and orchestrate the response to vulnerabilities (Common Vulnerabilities and Exposures (CVEs)) detected on host instances across their clouds accounts. Host are automatically assessed when they are launched and detected by the InsightCloudSec harvesters without the use of traditional network scanning or an embedded agent. Using snapshots of the instances’ root volume, a thorough vulnerability assessment is performed on all packages in the guest operating system and installed software, on Open Source Software (OSS) dependencies, and on select file types.
The snapshots are downloaded to your InsightCloudSec instance, their package inventory is assessed and stored, and are then promptly deleted. The host instance inventory is continuously monitored for new vulnerabilities as long as they remain active in your cloud. Select changes to the host instance in the cloud will automatically trigger a fresh snapshot and assessment. Remediations are detected and recognized whether by host instance updates or removals and replacements by updating the base image (e.g., AMI) and relaunching.
HVM offers the following capabilities:
- Comprehensive assessment and visibility including:
- All host instances (resources), plus their base image, metadata, and detected vulnerabilities
- All packages plus their prevalence across the host instances
- All vulnerabilities detected across the instances and packages in total plus their metadata and link to exploit references
- Vulnerability Risk scores for each CVE calculated by a new, proprietary model leveraging intelligence about available exploits and their use by attackers in the wild
- Advanced filters to narrow the focus on select resources and their packages and vulnerabilities for risk-based prioritization and remediation
- Recommended solutions for each vulnerability as package and OSS version updates.
- Actions and automation that trigger alerts, ticketing, remediation workflows, and data exports
- Assessment coverage and health monitoring to identify any errors or access issues impacting feature operations
Host Vulnerability Management supports AWS EC2, Azure Virtual Machine (VM), and GCP VM instances and is only available to InsightCloudSec SaaS customers.
In addition, Windows hosts are not supported and will fail assessment.
Check out the Host Vulnerability Management - Configuration & Workflows page for details on the common workflows for Host Vulnerability Management and information on the require prerequisites.
The Host Vulnerability Management - User Guide provides details on feature operation and capabilities.
Why does InsightCloudSec require AWS/Azure/GCP permissions to assess host vulnerabilities?
Agentless assessment requires that InsightCloudSec has a way to scan a volume/disk without running anything in your cloud environment. InsightCloudSec downloads a snapshot of a resource's root volume to our own cloud provider account (using the users/roles/policies you configured during onboarding), runs the assessment, and deletes the snapshot. We use the minimal required permissions for creating, downloading/exporting, and then removing the snapshot.
The process looks something like this:
What is the frequency of snapshots being created and then deleted?
Snapshots are created:
- When a new host is discovered
- When a new vulnerability is discovered
- When you manually trigger an assessment
Updated 4 months ago