re:Inforce 2021 ReCap

Transcript

1. re:Inforce 2021 ReCap Japan’s earliest re:Inforce challenge to ReCap By

   Hirokazu Yoshida / At S-JAWS#21 / 2021.8.27

2. re:Inforce 2021 ReCap ೔ຊҰૣ͍re:InforceͷReCap΁ͷ௅ઓ ٢ాͻΖ͔ͣ / S-JAWS#21 / 2021.8.27

3. Who am I !? Hirokazu Yoshida @ CloudNative Inc. Job

   : Security Engineer Community : Security-JAWS Favorite AWS Service :

4. Attention !! • ຊηογϣϯ͸ɺݸਓͷݟղʹجͮ͘΋ͷͰ͢ • ॴଐ͢ΔاۀɺஂମͷҙݟΛ୅ද͢Δ΋ͷͰ͸͋Γ·ͤΜ • and more …

5. re:Inforceͬͯ ͳΜ͡ΌΒ΄͍ʁ

6. About re:Inforce • AWS͕ओ࠵͢ΔηΩϡϦςΟɺΞΠσϯςΟςΟɺ 
 ίϯϓϥΠΞϯεʹಛԽͨ͠ϥʔχϯάΧϯϑΝϨϯε • ॳճ͸2019೥ʹϘετϯͰ։࠵ʢ೔ຊਓͷࢀՃऀ͸61໊ʣ • 2020೥

   (ώϡʔετϯ) ͸ɺίϩφͷӨڹͰதࢭ • ࠓ೥͸தࢭͷةػΛ৐Γӽ͑ɺ౔ஃ৔Ͱόʔνϟϧ୹ॖ։࠵

7. ΄ʔΜ re:Inforceͬͯ re:InventͷηΩϡϦςΟ൛ ͳΜͰ͠ΐʁ

8. ηΩϡϦςΟ৽ػೳͷൃදϥογϡ ͨͷ͠Έ΍ͳ͊ʂ

9. ͱࢥ͍ͬͯͨ࣌ظ΋ ͋Γ·ͨ͠

10. About re:Inforce • AWS͕ओ࠵͢ΔηΩϡϦςΟɺΞΠσϯςΟςΟɺ 
 ίϯϓϥΠΞϯεʹಛԽͨ͠ϥʔχϯάΧϯϑΝϨϯε • ॳճ͸2019೥ʹϘετϯͰ։࠵ʢ೔ຊਓͷࢀՃऀ͸61໊ʣ • 2020೥͸ɺίϩφͷӨڹͰதࢭ

    • ࠓ೥΋தࢭͷةػΛ৐Γӽ͑ɺ౔ஃ৔Ͱόʔνϟϧ୹ॖ։࠵

11. ৽ػೳগͳ͍ʂͬͯ ͦ΋ͦ΋ओࢫ͕ҧ͏

12. ͦΕͰ΋͋ͬͨ ৽ػೳͷൃදΛ঺հ͠·͢

13. Functions introduced as new features • AWS Backup Audit Manager

    • AWS Backup͕ಈ࡞͍ͯ͠Δʮ೔ใʯΛݟΔ͜ͱ͕Ͱ͖Δ

14. Functions introduced as new features • AWS IoT CoreͷVPC Endpoint

    (Private Link) ରԠ • IoT Coreͷ௨৴ΛެڞͷΠϯλʔωοτʹग़ͣ͞ʹऩू͢Δ

15. Functions introduced as new features • Level 1 MSSPϓϩάϥϜͷ։࢝ •

    جຊతͳ඼࣭ج४Λຬͨͨ͠ύʔτφʔ͕ొ࿥͞Ε͍ͯΔ • 10छྨͷ෼໺Ͱӡ༻΋ؚΊͨ௕ظతʹ৴པͰ͖ΔηΩϡϦ ςΟ੡඼ΛखʹೖΕΔ͜ͱ͕Ͱ͖Δ

16. Functions introduced as new features • IAM Access Analyzer (2021೥4݄)

    • ϙϦγʔཤྺͷରԠ

17. Functions introduced as new features • IAM Access Analyzer (2021೥4݄)

    • ϙϦγʔͷݕূ

18. Functions introduced as new features • IAM Access Analyzer (2021೥4݄)

    • ϙϦγʔͷϓϨϏϡʔ

19. Functions introduced as new features • IAM Access Analyzer (2021೥4݄)

    • ࢖ΘΕͯͳ͍ΞΫγϣϯ 
 ͷݕग़

20. Functions introduced as new features? • Wickrͷങऩ (2021೥6݄)

21. ֤ηογϣϯ͔Β֞ؒݟΔ ϝοηʔδΛ঺հ

22. Today's Agenda • Keynote • Leadership session: Data Protection &

    Privacy • Leadership session: Governance, Risk & Compliance • Leadership session: Culture of Security • Leadership session: Identity & Access Management • Leadership session: Threat Detection & Incident Response

23. Today's Agenda • Keynote • Leadership session: Data Protection &

    Privacy • Leadership session: Governance, Risk & Compliance • Leadership session: Culture of Security • Leadership session: Identity & Access Management • Leadership session: Threat Detection & Incident Response

24. Threat Detection & Incident Response • GuardDutyͰڴҖΛݕग़ • Security HubͰݕग़ࣄ߲Λू໿ɺίϯϓϥΠΞϯεҧ൓Λݕग़

    • ରԠͷࣗಈԽ΍νϡʔχϯάΛߦͬͯɺΞϥʔτ׳ΕΛ๷͙

25. Ransomware • ΦϖϨʔγϣϯ༻ͱόοΫΞοϓ༻ͰΞΧ΢ϯτΛ෼͚Δ • S3όʔδϣχϯάͱΦϒδΣΫτϩοΫͷར༻ • DRΛؚΊͨแׅతͳόοΫΞοϓܭըͱήʔϜσΠ • ͞Βʹ۷ΓԼ͛ΔͳΒNIST SP1800-25Λࢀߟʹ͢Δͱ͍͍

26. Identity and Access Management • ύεϫʔυͷ࢖͍ճ͠ʹΑΔةݥੑ • SSOͷଞɺۈ຿࣌ؒ֎ͷΞΫςΟϏςΟ΍෺ཧσόΠεΛซ༻͢Δଟཁૉೝূ • IAM

    Access Analyzer͸ήʔϜνΣϯδϟʔ • ύʔϛογϣϯ͸ఆظతʹ؂ࠪ • ϢʔβʔάϧʔϓΛ࢖ͬͯɺݖݶ؅ཧͷ൥ࡶ͞Λܰݮ͠Α͏

27. Network Infrastructure Security • HBOmaxͷࣄྫɿݕग़ͱରԠ • ։ൃ / ϓϩμΫτνʔϜʹద੾ͳΨʔυϨʔϧͷߏங •

    GuardDutyͰڴҖΛݕग़ɺSecurity HubʹFindingsΛू໿ • Event HubʹͦΕͧΕΛू໿

28. Network Infrastructure Security • HBOmaxͷࣄྫɿݕग़ͱରԠ • ηΩϡϦςΟΤϯδχΞ͸ɺSlackΛհͯ͠मਖ਼ͷͨΊͷyaml Λ࡞੒ • Cloud

    CustodianͰyamlΛLambdaʹม׵ͯࣗ͠ಈԽΛଅਐ

29. Network Infrastructure Security • HBOmaxͷࣄྫɿݕग़ͱରԠ

30. Network Infrastructure Security • Con fi dential Computing • AWS

    Nitro Enclaves • ӬଓతͳετϨʔδ΍ΠϯλϥΫςΟϒͳΞΫηεɺ֎෦ωοτϫʔΫ͕ͳ ͍ • ڐՄ͞ΕͨίʔυͷΈ͕Enclaves಺Ͱ࣮ߦ͞Ε͍ͯΔ͜ͱΛݕূͰ͖Δ • KMSͱ౷߹͞Ε͍ͯΔEnclavesͷΈ͕ػີ৘ใʹΞΫηε͢Δ͜ͱ͕Ͱ͖Δ

31. Data Protection & Privacy • θϩτϥετΞʔΩςΫνϟ • ීวతͳࣄฑͷू߹ମ • ҉໧ͷ৴པͷഉআɺܧଓతͳݕূɺ࠷খݖݶɾ࠷খظؒͰϢʔβʔΛઃఆɺ

    ҟৗͳ׆ಈ΍ѱҙͷ͋Δ׆ಈͷ؂ࢹɺཻ౓ͷߴ͍ϦεΫϕʔείϯτϩʔ ϧɺηΩϡϦςΟͷࣗಈԽ • AWSͷߟ͑ํ • ID؅ཧͱωοτϫʔΫ؅ཧͷ྆ํΛิ͍ͬͯ͘

32. Data Protection & Privacy • GDPR΁ͷରԠ • αʔϏεͷػೳ͸GDPRద༻ର৅Ͱ͋Δ͔൱͔Λ໰Θͣɺ 
 ͢΂ͯͷސ٬ʹద༻͞ΕΔ

    • GDPRͰཁٻ͞ΕΔసૹධՁͷࢧԉϦιʔε

33. Data Protection & Privacy • AWSαʔϏεͷϓϥΠόγʔػೳ • αϙʔτϦΫΤετΛॲཧ͢Δୈࡾऀͷ৘ใΛܝࡌͨ͠ αϒϓϩηοαʔ

34. Data Protection & Privacy • ܭըͳ͠ʹػඍ৘ใΛอଘ͠ͳ͍͜ͱ • ͜ͷ෼໺͸ख୳ΓͰਐΊΔ͜ͱ͸Ͱ͖ͳ͍ • ϏδωεΛऴྃ͢ΔϨϕϧͷϦεΫΛ࣋ͭ

    • ϏδωεͰى͍ͬͯ͜Δ͜ͱΛ۷ΓԼ͛ͯਖ਼֬ʹཧղ͢Δ͜ͱ

35. Governance, Risk and Compliance • ߴ͍ϨϕϧͷೝূΛड͚ΔͨΊʹ͸ɺ150Ҏ্ͷίϯτϩʔϧΛ ຬͨ͢ඞཁ͕͋Δ • AWSαʔϏε͸ɺ஍Ҭ΍ۀքΛ໰ΘͣԿઍ΋ͷηΩϡϦςΟ؂ࠪ Ͱݕূ͞Ε͍ͯΔ

    • AWS Artifact͔Β࠷৽ͷCSFূ໌ॻΛμ΢ϯϩʔυͰ͖Δ

36. Governance, Risk and Compliance • ࠓ೔Ͱ͖Δ͜ͱɿCloud؂ࠪΞΧσϛʔ

37. Leadership Sessionͷϝοηʔδ

38. Leadership session: 
 Data Protection & Privacy • จԽΛܗ੒͢Δ •

    ֤νʔϜʹηΩϡϦςΟ୲౰ऀ͕૊Έࠐ·Ε͍ͯΔ • ҉߸Խ͢Ε͹͍͍Θ͚Ͱ͸ͳ͍ • 伴ͷ؅ཧͱಁ໌ੑʢAlexaͷࣄྫʣ • ϓϥΠόγʔ͸ɺʮԿΛ͢Δ͔ʯͱ͍͏͜ͱ

39. Leadership session: Governance, Risk & Compliance • ίϯϓϥΠΞϯεΛࣗ෼ͨͪͷ΋ͷʹ͢Δ6ͷڭ܇ • 10೥ؒͰੵΈ্͖͛ͯͨCompliance

    as a CodeΛ 
 ࣮ફ͢ΔͨΊͷڭ܇

40. Leadership session: Governance, Risk & Compliance • ૣࣦ͘ഊ͢Δ͜ͱ • ؂ࠪͷͨΊͷΤϯδχΞ

    • ίϯϓϥΠΞϯεʹັͤΒΕͨΤϯδχΞ • ઐ໳؂ࠪਓͷ୆಄ • ৑௕ੑΛ࣋ͨͤΔ • ੡඼ͷͲ͜ʹয఺Λ౰ͯΔ͔

41. Leadership session: Governance, Risk & Compliance • ΋ͬͱֶश͍ͨ͠ਓͷͨΊʹ

42. Leadership session: 
 Culture of Security • ηΩϡϦςΟ͸όφφͰͨ͠

43. Tenets ͱ͍͏ݴ༿͕ҿΈࠐΊͳͯ͘ Կ΋ೖ͖ͬͯ·ͤΜͰͨ͠ ͞ʔͤΜ

44. Leadership session: 
 Identity & Access Management • AWS OrganizationsΛ࢖ͬͯϚϧνΞΧ΢ϯτΛ؅ཧ

    • AWS SSOΛ࢖ͬͯΞΧ΢ϯτͷதԝ؅ཧ • σʔλϖϦϛλ • SCP, VPC Endpoint Policy, Resource-based policys

45. Leadership session: 
 Identity & Access Management • ࠷খݖݶ΁ͷཱྀ •

    IAM Access Analyzerͷ঺հ • IAM࠲ஊձ

46. Leadership session: 
 Threat Detection & Incident Response • ηΩϡϦςΟػೳΛ࢖ͬͯରԠ࣌ؒΛ୹ॖ͠Α͏

47. Leadership session: 
 Threat Detection & Incident Response • GuardDutyͷϕετϓϥΫςΟεͷ঺հ

    • ରސ٬ͷηΩϡϦςΟΦϖϨʔγϣϯνʔϜͷ࿩ • ͍Ζ͍Ζ΍ͬͯΔ͚Ͳɺ؅ཧऀϝʔϧ͚ͩ͸Ϛδड৴͠Ζ • ߦ͏΂͖ΞΫγϣϯTop10ʢීวతͳ࿩ʣ

48. Leadership session: 
 Threat Detection & Incident Response • ߦ͏΂͖ΞΫγϣϯTop10ʢීวతͳ࿩ʣ

49. Leadership session: 
 Threat Detection & Incident Response • ߦ͏΂͖ΞΫγϣϯTop10ʢීวతͳ࿩ʣ

50. A bird's eye view • ։ൃϓϩηεʹηΩϡϦςΟΛ૊ΈࠐΉจԽͱ 
 ίϯϓϥΠϯεΛ૊ΈࠐΉจԽ͸ࣅ͍ͯΔ • ϓϥΠόγʔͷߟ͑ํͷ಄ग़͠ʢੈͷதͷૌٻ΁ͷରԠʣ

    • Compliance as a Code͸ɺ·ͩ·ͩීٴ͍ͯ͠ͳ͍ • ೿खͳ໨৽͍͠΋ͷͰ͸ͳ͘ɺීวతͳࣄฑͷੵΈ্͛

51. Thank you !