Splunking_AWS_security

Transcript

1. © 2017 SPLUNK INC. © 2017 SPLUNK INC. © 2017

   SPLUNK INC. © 2017 SPLUNK INC. S/ 1 3 0 A 8 2 ( 0 )( 1 82 3

2. © 2017 SPLUNK INC. © 2017 SPLUNK INC. v‰¥ªŸ¬¡®§¬ˆkKŠK‰3‰^Š$x–•5Qˆh{• s‡%[˜cŒ•v†

   rm”{lKŠkqq•%[rk?KrH„n•ZˆƒtK‰?‰;p’‹'˜ -{• ‘‰…m•v††ki‰^ŠP4rVytB‡•v†rm•v†˜Fx™ˆw:%ny{li‰P4r K‰ s‡%[ˆ–•‘‰†ŠB‡•’oˆx|•dZ‡Zˆ‚n„ŠkSEC ˜K‰(0˜p] Œt€xnl v‰¥ªŸ¬¡®§¬ˆ–• s‡%[Šk@‰¥ªŸ¬¡®§¬‰,.ˆpn„cŒ“–‘‰…{l@ ‰¥ªŸ¬¡®§¬‰ ˆ[GyrW—– kv‰¥ªŸ¬¡®§¬ˆ?‰Š9I‡#r–‡ nv†rm”{lKŠkKrcŒ•v†rm• s‡%[˜/*{•R˜_n|™lkK‰«®¢ ¦ ¥ˆh{•#…kK‰
   UE‡X+e‰6ZrJx–„n{rkv‰#Š‡yˆn‚…‘/ x–•v†rm”{lv–Šmt… =A…m„kNŠ}‰‰NˆOŽb–‡n‘‰†y{l SplunkŠk\cx–„n•>!Š8T˜gC{•R‘kqq•>!Š8T˜3‰©©®žˆ•R ‘_n|™l SplunkkSplunk>kListen to Your DatakThe Engine for Machine DatakSplunk CloudkSplunk Lightp’‹SPLŠkSplunk Inc.‰Mp’‹}‰‰ˆpu•7Š Df7…{l‰{Œ„‰¤¨¬¢ kX k‘ytŠ7Šk}–~–‰&1Sˆy{l© 2017 Splunk Inc. <)Y­`a˜Lz{l 2¥ªŸ¬¡®§¬ˆ‚n„

3. © 2017 SPLUNK INC. © 2017 SPLUNK INC. 1.32 2

   A 1 2
   

4. © 2017 SPLUNK INC. © 2017 SPLUNK INC.  

     
   

5. © 2017 SPLUNK INC. © 2017 SPLUNK INC. S .0-+0-1CnC
   #URL)Proxy/*!

   !.0,0)  P 4BOECPY )&1SPYZ#$ "% #MPDL'&!(&

6. © 2017 SPLUNK INC. © 2017 SPLUNK INC. a W

   ly n   
      . R e d p c s P xMfD w d s r tm F P oi 
        

7. © 2017 SPLUNK INC. © 2017 SPLUNK INC.  

       Proxy
           
     

8. © 2017 SPLUNK INC. © 2017 SPLUNK INC. 0 1

9. © 2017 SPLUNK INC. © 2017 SPLUNK INC. W S

   i7 ▶ 2 3 02 L N n • r s i n Re o V S UISL L V e a aV IW N W L N 1 32 a r m ▶ E g E g E a • tko D 43 5 GE Re i L UIS ▶ 40 32 z g eE a • z 04 5 Si 4 L U IS ▶ VO g o A a • y At Re o tz m L 2 U d 1 UIe rL UI o e V UIS ▶ i g L No A a • 2 z U C L o V UIS i

10. © 2017 SPLUNK INC. © 2017 SPLUNK INC. 
     

     yv NT nek W BBB nek W t SA C/ : : W s C Bac g B 1 : pd Bl u TF 2 12:bo t NT3 yv i gW - 2 2 ! 2 :2 2 r T

11. © 2017 SPLUNK INC. © 2017 SPLUNK INC. 
    

    

12. © 2017 SPLUNK INC. © 2017 SPLUNK INC.  

    
     D L S / Q O S

13. © 2017 SPLUNK INC. © 2017 SPLUNK INC. ▶ dack

    L ▶ LSl dac cT SL ▶ i b l L M Lw L ▶ L ▶ e cL ▶ L L ▶ L ▶ L ▶ 2 2L ▶ GAIA e L ▶ IA L n ▶ ▶ i c WTlc L Sl       o C o t E m L b r MN e L L y p L u

14. © 2017 SPLUNK INC. © 2017 SPLUNK INC. 3 A

    S S
       ▶ E BL

15. © 2017 SPLUNK INC. © 2017 SPLUNK INC. 
     

      + + + + + + “Customers love the agility of AWS together with the end-to-end visibility of Splunk.” Andy Jassy, AWS CEO

16. © 2017 SPLUNK INC. © 2017 SPLUNK INC. o t

    ▶ A 5S AC ▶ u V c AC ▶ g P k f kW C F 0S AC % 3 W oB W ,) ai iT 3 S WiT ( l ▶ g h d F ▶ g h dE W nF L p E Si r ▶ g P kV k

17. © 2017 SPLUNK INC. © 2017 SPLUNK INC.
     

         Billing Reports S3 Access Logs CloudTrail Logs ELB Access Logs CloudFront Access Logs Application Logs Config Snapshots & History Files Other Service Logs SQS RDS Redshift CloudTrail SNS S3 CloudWatch Metrics CloudWatch Logs EC2 System Manager Events ECS Container & Task State Changes EBS Volume & Snapshot Notifications EMR Cluster & Instance State Changes Auto Scaling Group State Changes CodeDeploy Instance & Deployment State Changes AWS Console Sign-In Events AWS Health & Trusted Advisor Events KMS Events Config ElastiCache Cluster Events CloudFormation Stack Events CloudWatch Alarms ELB Metrics CloudFront Metrics EC2 Metrics EBS Metrics ECS Metrics DynamoDB Metrics EMR Metrics Kinesis Metrics Lambda Metrics API Gateway Metrics S3 Metrics Route53 Metrics SNS Metrics RDS Metrics AWS Add-on DB Connect Native path (via AWS) Push path (via Splunk HEC) Pull path (via Splunk Modular Input or DB Input) VPC Flow Logs Lambda Logs API Gateway Logs Custom Application Logs API Gateway Custom Events DynamoDB Table Updates S3 Events Cognito Events Custom Config Rules CodeCommit Repo Events Kinesis Firehose IoT HTTP Event Collector Kinesis Stream Lambda CloudWatch Events v1.2 NEW

18. © 2017 SPLUNK INC. © 2017 SPLUNK INC. 
    
    AWS

    CloudTrail S3 bucket AWS Cloud AWS SNS AWS SQS SNS topic Splunk Add-on for AWS

19. © 2017 SPLUNK INC. © 2017 SPLUNK INC.
    

20. © 2017 SPLUNK INC. © 2017 SPLUNK INC. ▶ C

    A 
     https://www.splunk.com/ja_jp/campaigns/splunk-cloud-trial.html

21. © 2017 SPLUNK INC. © 2017 SPLUNK INC. ▶ H

    FC . G = nshgtf Wza ▶ -HH x or c 7 H FC -== GF ?G -E: GF 5 8] 7 H FC -HH ?G -5 8fhukn t ▶ lmngmp e_w y fvd]h U[ b S ikk Y W/F A GF ( & ) 2 . 7 ) .1 7 1 ) 7 2 07 0 A H G GE : A 1 6 &)( A )

22. © 2017 SPLUNK INC. © 2017 SPLUNK INC. © 2017

    SPLUNK INC. © 2017 SPLUNK INC. S ↓

23. © 2017 SPLUNK INC. © 2017 SPLUNK INC. 
     OneLogin

    May 31, 2017 Security Incident (UPDATED June 8, 2017) = . :A 8 7A 6 :8 8 9: $"4 )AWS1#/0.,2) = . ?6 6 8 : 8 6 8A: ) - ( 2018-01-16) *Amazon S34! >:356 (' = . : 6= 8 ? 7 A : = 6 6 = ( 2018-01-16) AWS  +Webinar9@A; %) -6AWS
    14<8?@=7 & = . A 9: =6 : : 1 6 4:73: J 8: 26 6 6 :7 6 ( 0 5 56 / AWS S3 Breaches: What to Do & Why = . 96 :69 8 8A 9 6 7 :68=: =6 9 6 9 = 6 9 9 - )(0 ( 2018-01-16) Example Scenarios for AWS Config Continuous Monitoring of Amazon S3 Bucket Access Controls = . 6 6 6 8 ? 7A : 6 A: 8: 6 6 8 8 6 6 7 8 : 688: 8 A ( 2018-01-16)