uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites,’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.


Vulnerability Management for Amazon Web Services (AWS)

As the benefits of cloud computing drive increased adoption by businesses, the fastest growing area of public cloud computing appears to be Infrastructure-as-a-Service (IaaS).But with adopting an IaaS model, businesses are often leaving the safety of their applications to the service provider and blindly moving to the cloud with disregard for commonly held security practices.

The trouble is that businesses are not doing their security homework before choosing their IaaS provider. According to Ponemon Institute’s “Security of Cloud Computing Users 2013” study, less than half of the companies surveyed reported evaluating IaaS resources for security prior to deployment.

Why is vulnerability management important for AWS instances?

According to Amazon Web Services Security Center, “Because you’re building systems on top of the AWS cloud infrastructure, the security responsibilities will be shared: AWS manages the underlying infrastructure but you must secure anything you put on the infrastructure. This includes your AWS EC2 instances and anything you install on them, any accounts that access your instances, the security group that allows outside access to your instances, the VPC subnet that the instances reside within if you’ve chosen this option, the external access to your S3 buckets, etc.

That means that the onus is on you to understand where your organization stands from a risk perspective.

Recommendations for vulnerability management on AWS

Our experience and guidance for cloud security is to approach it similar to on-premises infrastructure and applications. Vulnerability assessments and penetration tests are worthwhile exercises. However, prior to commencement of scanning or testing against AWS instances, you need to fill out the AWS Vulnerability / Penetration Testing Request Form. When we perform services on behalf of our customers, it requires that they are logged into the portal using the credentials associated with the AWS instances, and we are informed once permission has been granted.

Unified VRM is hosted on Amazon Web Services for first-hand experience

NopSec has first-hand knowledge of vulnerability management for Amazon Web Services. We host Unified VRM software-as-a-service using AWS infrastructure. We are proud to be listed in the AWS Marketplace as a verified security provider. View our listing here

Learn more about NopSec’s proactive approach to vulnerability management and the methodology we use to secure applications and infrastructure from security breaches.Best Practices Guide: Vulnerability Management.

Schedule a Product Demo Today!

See how NopSec's security insights and cyber threat exposure management platform can organize your security chaos.