Amazon Inspector launches improved agent-based scanning for EC2

Amazon Web Services has launched an improved agent-based scanning capability for Amazon Inspector with the introduction of the Inspector VM Scanner, designed to enhance vulnerability detection while reducing performance impact on EC2 instances. The new scanning engine expands detection coverage to include a broader range of software and applications, including WordPress, Apache HTTP Server, Python packages, and Ruby gems, while consuming fewer CPU resources during vulnerability assessments. The Inspector VM Scanner replaces the previous scanning architecture with a modern, performance-optimized design that minimizes impact on production workloads. The upgrade brings agent-based scanning capabilities to parity with AWS's agentless scanning coverage, ensuring consistent vulnerability findings across both scanning methods. Organizations can enable the new scanner through the Amazon Inspector console or API, with delegated administrator accounts able to deploy it across entire AWS Organizations without requiring additional IAM instance profile roles or changes to existing SSM Agent configurations. The enhanced scanning capability is available at no additional cost in all AWS regions where Amazon Inspector operates, with existing agent-based EC2 scanning pricing remaining unchanged. This update strengthens AWS's vulnerability management service, which continuously monitors AWS workloads for software vulnerabilities and unintended network exposure across cloud environments.