スケーラブルなセキュリティ監視基盤の作り方 /techconf2019-mizutani

Transcript

1. ਫ୩ ਖ਼ܚ ٕज़෦ ηΩϡϦςΟάϧʔϓ εέʔϥϒϧͳηΩϡϦςΟ ؂ࢹج൫ͷ࡞Γํ

2. ࣗݾ঺հɿਫ୩ਖ਼ܚ (@m_mizutani) 2 w લ৬
   w ৘ใηΩϡϦςΟؔ࿈ͷݚڀ։ൃ
   w ηΩϡϦςΟΦϖϨʔγϣϯηϯλʔͷΞφϦετ
   w

   ೥݄
   ΫοΫύουೖࣾ
   w ٕज़෦ηΩϡϦςΟάϧʔϓ
   άϧʔϓ௕
   w ηΩϡϦςΟ؂ࢹΛத৺ʹηΩϡϦςΟؔ࿈ۀ຿ʹैࣄ

3. ηΩϡϦςΟ
   ؂ࢹͯ͠·͔͢ʁ

4. ηΩϡϦςΟରࡦͷશମ૾ 4 ๷ޚ ݕग़ ରԠ ੬ऑੑΛվળ͢Δ
   ෆཁͳαʔϏεΛด͡Δ
   ݖݶͷ੍ݶ ৵ೖ͞Εͯ͠·ͬͨࠟ੻ͷൃݟ
   ෆਖ਼ͳαʔϏεར༻ͷൃݟ

   ΠϯγσϯτϨεϙϯε
   վળ఺ͷ෼ੳ

5. ηΩϡϦςΟରࡦͷશମ૾ 5 ๷ޚ ݕग़ ରԠ ੬ऑੑΛվળ͢Δ
   ෆཁͳαʔϏεΛด͡Δ
   ݖݶͷ੍ݶ ৵ೖ͞Εͯ͠·ͬͨࠟ੻ͷൃݟ
   ෆਖ਼ͳαʔϏεར༻ͷൃݟ

   ΠϯγσϯτϨεϙϯε
   վળ఺ͷ෼ੳ ؂ࢹ

6. ͳͥ؂ࢹ͢Δͷ͔ 6 w ๷ޚͷઌΛߏ͑Δඞཁ͕͋Δ
   w ׬શͳ๷ޚ͸͋Γ͑ͳ͍
   w ݕग़ͷํ͕ར༻ऀͷෛ୲͕গͳ͍
   w ա౓ͳ๷ޚ͸੍໿͕ଟ͘ͳΓϢʔβϏϦςΟΛ્֐͢Δ
   

   w ๷ޚ͸ޡͬͯಈ࡞ͨ͠৔߹ͷӨڹ΋େ͖͍

7. ຊ೔ͷτϐοΫɿεέʔϥϒϧͳ؂ࢹ 7 w εέʔϥϒϧͱ͸
   w αʔϏεͷن໛͕େ͖͘ͳͬͯ΋ରԠͰ͖Δ
   w ؂ࢹ͢Δର৅͕૿͑ͯ΋ରԠͰ͖Δ
   w Կ͕ࠔΔͷʁ
   

   w ෳ਺αʔϏεͱͷ݁߹
   w σʔλྲྀྔͷ૿Ճ
   w Ξϥʔτʢޡݕग़ؚΉʣͷରԠ ࠓ೔͸͜͜ʹ஫໨

8. ηΩϡϦςΟ؂ࢹʹ͓͚Δফ໣ 8 Ξϥʔτͷର৅ʹͳͬͨ1$ Λௐ΂ͯΈ͚ͨͲ݁ہԿ͕͋ͬ ͨͷ͔Α͘Θ͔Βͳ͔ͬͨʜ 8FC޿ࠂͷεΫϦϓτ͕ ߈ܸͱ൑ఆ͞Ε͍ͯͨʜ ϦϞʔτϫʔΫͷࣾһͷ ΞΫηε͕ෆਖ਼ϩάΠϯ ͷஹީͱͯ͠ݕग़͞Εͨʜ

   ϝʔϧαʔό͔Βͷ%/4 ௨৴͕ෆਖ਼ͳ׆ಈͱ൑ఆ ͞Ε͍ͯͨʜ ͭΒ͍ Ξϥʔτʹग़͖ͯͨαʔϏ εͷ಺༰͕Α͘Θ͔Βͳ͍ɻ Ͳ͏൑அ͢Ε͹ʜ

9. ফ໣Λແͨ͘͢Ίʹ 9 w ݕ஌ͷϧʔϧͰෆཁͳΞϥʔτΛআ֎͢ΔΑ͏ௐ੔͢Ε͹ྑ͍͕ɺ
   w ʮͪΌΜͱௐ੔ޙͷϧʔϧ͕ಈ͔͘Θ͔Βͳ͍ʜʯ
   w ʮෆཁͱ൑அ͢ΔϩδοΫΛϧʔϧʹॻ͚ͳ͍ʜʯ
   w ʮෆཁͱ൑அ͢ΔͨΊʹ͸௥ՃͰ৘ใΛूΊͳ͍ͱແཧʜʯ

10. Security as Code 10

11. Security as Code ʢϩάऩूͱ෼ੳʣ 11 w ݕ஌ʹؔΘΔॲཧΛίʔυԽ͢Δ͜ͱͰղܾ
    w มߋޙͷϧʔϧΛςετՄೳ
    w

    Ξϥʔτ൑ఆ৚݅ͷߴ͍هड़ྗ
    w ࣗಈతͳ௥ՃσʔλऩूʹΑΔলྗԽ
    w όʔδϣϯ؅ཧʹΑΔอकੑͷ޲্

12. 3rd Party Services ΞϥʔτॲཧͷύΠϓϥΠϯ 12 S3 ϩάσʔλ Ξϥʔτͷݕग़ ؔ࿈৘ใͷऩू ΞϥʔτͷධՁ

    ରԠঢ়گͷڞ༗ ؔ࿈৘ใͷू໿ Ξϥʔτͷ௨஌ 3rd Party Services Internal Data Source

13. Ξϥʔτͷݕग़ 13 w 4ʹసૹ͞Εͨϩά͔ΒΞϥʔτ Λݕग़͢ΔͨΊͷॲཧ
    w ηΩϡϦςΟϓϩμΫτ͕Ξϥʔτ ͱͯ͠ൃใͨ͠ϩάͷநग़
    w ͦͷଞɺϩάͰෆ৹ͳߦಈ͕͋ͬͨ

    ৔߹ʹΞϥʔτͱͯ͠ൃใ Ξϥʔτݕग़-BNCEB
    ʢݕग़ϧʔϧʣ ো֐ൃੜ࣌ʹॲཧ࠶։Λ ༰қʹ͢ΔͨΊ,JOFTJT
    %BUB
    4USFBNΛར༻ ฒྻॲཧͷͨΊͷ %JTQBUDIFS S3 Bucket SNS S3 Bucket S3 Bucket SNS SNS Lambda Kinesis data stream Lambda Lambda Lambda Lambda SNS

14. ͜͜ʹ۩ମྫ 14 ಛఆͷυϝΠϯ໊ΛؚΉ63-͔ͭɺ ಛఆͷݕ஌໊Ͱ͋Ε͹ޡݕ஌ͱ൑ఆ͢Δ ಛఆͷαΠτͰ0QFO44-ؔ࿈ͷ%P4͕ޡݕग़͞Εͯ͠·͏έʔε

15. 15 ಛఆͷλάΛ΋ͭΠϯελϯεͰ͋Γɺ ಛఆͷυϝΠϯ໊ʹؔ͢ΔൃใͰ͋Ε͹ޡݕ஌ͱ൑ఆ͢Δ ϝʔϧαʔό͔Βෆਖ਼ར༻υϝΠϯͷ%/4ΫΤϦ͕ૹ৴͞ΕΔέʔε

16. Ξϥʔτؔ࿈৘ใͷऩू 16 w ֎෦͔Βͷऩू
    w ྫʣϚϧ΢ΣΞؔ࿈৘ใαΠτ
    w ྫʣαϯυϘοΫεαΠτ
    w ಺෦͔Βͷऩू
    

    w ྫʣؔ࿈Ϣʔβͷߦಈϩά
    w ྫʣΞΫηεݩσόΠεͷ৘ใ Ξϥʔτʹؔ࿈ͨ͠ϩά ͷ౸ணΛ଴ͭͨΊͷ%FMBZ ৘ใऩूͷ݁ՌΛ ଴ͭͨΊͷ%FMBZ Ξϥʔτݕ஌ͷ௨஌ ৘ใऩूͷ݁ՌΛ ଴ͭͨΊʹ%FMBZ ৘ใऩू -BNCEB Lambda Lambda Lambda Lambda Lambda Lambda DynamoDB SNS SNS Step Function Step Function

17. DynamoDB Step Function Lambda Lambda Lambda (1) Invoke (2) Invoke

    (3) Invoke ΞϥʔτͷධՁ 17 w Ξϥʔτʴऩूͨؔ͠࿈৘ใ͔ΒϦ εΫධՁͯ݁͠ՌΛ௨஌
    w ෳ਺ͷ৘ใΛ૊Έ߹ΘͤΔ͜ͱͰΑ Γਫ਼ີͳධՁ͕Մೳ
    w ίʔυͱͯ͠هड़͓ͯ͘͜͠ͱͰ୭ ͕ͲͷΑ͏ͳҙਤͰϩδοΫ͕मਖ਼ ͞Ε͔ͨΛ೺Ѳ͠΍͍͢ ௨஌ͳͲ ϦεΫධՁ -BNCEB ৘ใऩूޙʹൃಈ ؔ࿈৘ใΛूੵ ؔ࿈৘ใΛϚʔδ ධՁ׬ྃͷ௨஌

18. ͜͜ʹ۩ମྫ 18 ීஈͱҟͳΔΞΫηεΛݕग़͢ΔΞϥʔτ͔ͭɺ ΫοΫύουॴ༗ͷσόΠεͰ͋ͬͨ৔߹ɺڴҖແ͠ͱධՁ͢Δ ௨ৗͱҟͳΔωοτϫʔΫɾϢʔβ͔ΒͷΞΫηεΛݕग़ͨ͠ΞϥʔτͷධՁ

19. ·ͱΊ 19 w αʔϏεͷن໛΍छྨΛ૿΍͢ʹ͋ͨΓɺηΩϡϦςΟ؂ࢹ͸σʔ λͷछྨɾྲྀྔҎ֎ʹΞϥʔτରԠͷεέʔϥϏϦςΟΛߟ͑ͳ͍ ͱͳΒͳ͍
    w Ξϥʔτݕ஌ɾ෼ੳɾධՁͷॲཧΛίʔυԽ͢Δ͜ͱʹΑͬͯɺ୲ ౰ऀͷෛՙΛܰݮ͠ͳ͕Β؂ࢹۀ຿ΛܧଓͰ͖Δ

20. Thank you!!