クラウド脆弱性の傾向とShisho Cloudの活用

Slide 1

Slide 1 text

Ϋϥ΢υ੬ऑੑͷ܏޲ͱShisho Cloudͷ׆༻ ʮ2025/03/17 Ϋϥ΢υΛ׆༻͢Δ։ൃ૊৫ͷ࣮ફతηΩϡϦςΟରࡦ ʙ੬ऑੑ਍அͱDB΁ͷΞΫηε੍ޚʙʯ ϑΝΠϯσΟגࣜձࣾ ϓϩμΫτ։ൃ෦/SRE ҆ୡ ྋ(@adachin0817)

Slide 2

Slide 2 text

ࣗݾ঺հ

Slide 3

Slide 3 text

3 ࣗݾ঺հ ҆ୡ ྋ(@adachin0817) ɾϑΝΠϯσΟ(ג) / ϓϩμΫτ։ൃ෦/Senior SRE ɾBlog: blog.adachin.me/wiki.adachin.me ɾTechBull(ΤϯδχΞίϛϡχςΟ) techbull.cloud ɹɾSRE/ΤϯδχΞͷϝϯλϦϯά ྦྷܭ300໊↑ ɹɾίϛϡχςΟϚωʔδϟʔ ɾ͔ͭͯ͸OSS൛VulsͷίϯτϦϏϡʔλʔ΍Πϕϯτओ࠵ͳͲ ɾ89೥ੜ·Εɺ౦ژ౎଍ཱ۠ग़਎Ͱ࡛ۄݝय़೔෦ࢢ͕஍ݩ ɾϑϨϯνϒϧυοάͷࣂ͍ओͰ΋͋Δ

Slide 4

Slide 4 text

Slide 5

Slide 5 text

ԣஅSREνʔϜͷҐஔ͚ͮͱϛογϣϯ

Slide 6

Slide 6 text

ԣஅSREνʔϜͷҐஔ͚ͮͱϛογϣϯ ● ԣஅSREνʔϜ ○ ڈ೥͔ΒνʔϜͱ্ཱ͓ͯͪ͛ͯ͠Γɺݱࡏ͸4໊Ͱ׆ಈ͍ͯ͠Δ ● SREͷଘࡏҙٛ ○ SRE͸ಓΛ࡞ΔͨΊʹଘࡏ͢Δ(։ൃͷεϐʔυͱ҆શੑΛཱ྆) ○ ϦεΫΛड͚ೖΕɺ؅ཧ͢Δ(ো֐ͷϦεΫΛ࠷খݶʹ཈͑ͭͭɺޮ཰తͳӡ༻Λ໨ࢦ͢) ○ SLOΛܭଌ͢Δ(৴པੑͷόϥϯεΛऔΔͨΊͷج४Λࡦఆ) ○ τΠϧͷ࡟ݮͱࣗಈԽ(Ձ஋ͷߴ͍ۀ຿ʹूதͰ͖Δ؀ڥΛఏڙ) ○ ϓϩμΫτͷࢧԉ(։ൃεϐʔυͱ৴པੑͷόϥϯεΛอͭͨΊʹٕज़ࢧԉ) ○ ηΩϡϦςΟͷՄࢹԽͱڧԽ (જࡏతͳϦεΫΛൃݟ͠ɺγεςϜΛΑΓ҆શͳঢ়ଶʹอͭ) ● ୹ظϛογϣϯ ○ ʮϑΝΠϯσΟͷࣄۀ੒௕Λࢧ͑ΔͨΊʹɺSRE૊৫ͷ͋Γํͷཱ֬ʯ ● தظϛογϣϯ ○ ʮࣾһશһ͕ࣄۀ੒௕ʹूதͰ͖ΔΑ͏ͳ࢓૊ΈΛߏங͠ɺ҆શʹఏڙʯ 6

Slide 7

Slide 7 text

ৄ͍͠औΓ૊Έʹ͍ͭͯ͸Findy Tech BlogΛࢀߟʹʂ 7

Slide 8

Slide 8 text

ۙ೥ͷ੬ऑੑʹ͍ͭͯ

Slide 9

Slide 9 text

ۙ೥ͷ੬ऑੑ͸೥ʑ૿Ճ͍ͯ͠Δ 9 ࢀߟ: https://www.first.org/epss/data_stats https://blog.adachin.me/archives/53851 https://vuls.biz/blog/articles/20240822a/

Slide 10

Slide 10 text

߈ܸܦ࿏ͱ૊৫ͷηΩϡϦςΟରԠྗ 10 ࢀߟ: https://vuls.biz/blog/articles/20240822a/

Slide 11

Slide 11 text

Top Threats to Cloud Computing 2024 Ϋϥ΢υॏେڴҖϨϙʔτ

Slide 12

Slide 12 text

Top Threats to Cloud Computing 2024 ● 2024೥ Ϋϥ΢υॏେڴҖϨϙʔτ ○ CSA(Ϋϥ΢υηΩϡϦςΟΞϥΠΞϯε)ຊ෦ ○ 2೥ʹҰ౓ڴҖϨϙʔτΛެ։ ○ 500ਓҎ্ͷۀքઐ໳ՈΛର৅ʹಛఆ ● ՝୊ ○ ॱҐ͕Լ͕͓ͬͯΓݒ೦͞ΕΔ΋ͷͰ͸ͳ͍ ○ ઃఆϛεͱෆे෼ͳมߋ؅ཧ ○ IAMʹΑΔΞΫηε؅ཧ ○ ηΩϡΞͰ͸ͳ͍ΠϯλʔϑΣʔε΍API ○ Ϋϥ΢υηΩϡϦςΟͷΞʔΩςΫνϟ ͱઓུͷܽ೗ 12 ࢀߟ: https://www.cloudsecurityalliance.jp/site/?p=35829

Slide 13

Slide 13 text

Top Threats to Cloud Computing 2024 ● ࠓޙͷݟ௨͠ ○ AIΛؚΉΑΓߴ౓Խͳ߈ܸ ○ αϓϥΠνΣʔϯͷϦεΫ ○ ਐԽ͢Δن੍ͷঢ়گ ○ Ransomware-as-a-Service(RaaS) ● ରࡦ ○ SDLC(ιϑτ΢ΣΞ։ൃϥΠϑαΠΫϧ)Λ௨ͨ͡ AIͷ౷߹ ○ AIΛ׆༻ͨ͠ηΩϡϦςΟπʔϧ ○ θϩτϥετηΩϡϦςΟϞσϧ ○ ࣗಈԽͱΦʔέετϨʔγϣϯ ○ ηΩϡϦςΟεΩϧͷ֨ࠩ 13 ࢀߟ: https://www.cloudsecurityalliance.jp/site/?p=35829

Slide 14

Slide 14 text

Ϋϥ΢υηΩϡϦςΟʹऔΓ૊ΉୈҰา

Slide 15

Slide 15 text

Ϋϥ΢υηΩϡϦςΟʹऔΓ૊ΉࡍͷୈҰา ● ηΩϡϦςΟ਍அͱݱঢ়೺Ѳ / CSPM(Cloud Security Posture Management) ○ ઃఆϛε΍੬ऑͳϦιʔεΛՄࢹԽ͠ɺ༏ઌ͢΂͖ϦεΫΛಛఆ ○ ૣظରԠͰηΩϡϦςΟΠϯγσϯτΛະવʹ๷͙ ● ηΩϡϦςΟ؂ࢹͱΞϥʔτͷઃఆ ○ ҟৗͳϩάΠϯ΍ڴҖΛϦΞϧλΠϜʹݕग़ ○ ඞཁͳΞϥʔτΛద੾ʹઃఆ͠ɺਝ଎ͳରԠΛՄೳʹ ● TrivyΛ׆༻ͨ͠ηΩϡϦςΟεΩϟϯ ○ ط஌ͷ؀ڥʹର͢Δ਍அͱɺ৽نߏங࣌ͷࣗಈεΩϟϯΛCIԽ ● ηΩϡϦςΟϩάͷՄࢹԽ ○ AWS WAFɺCloudTrailɺGuardDutyͷঢ়ଶΛઃఆ͢Δ͚ͩͰͳ͘ՄࢹԽɾ෼ੳ ○ ҟৗݕ஌ͷਫ਼౓Λ޲্ͤ͞ɺରԠεϐʔυΛਐΊΔ ● ηΩϡϦςΟڭҭͱҙࣝ޲্ ○ νʔϜશମͷηΩϡϦςΟҙࣝΛߴΊΔ͜ͱ͕େ੾ ○ ࠷৽ͷڴҖ΍ରࡦํ๏Λڞ༗͢Δ৔Λઃ͚Δ 15

Slide 16

Slide 16 text

Ϋϥ΢υηΩϡϦςΟڧԽʹ͓͚ΔπʔϧબఆͷΞϓϩʔν ● ౰ॳͷܭը: AWS Security Hub Λ׆༻ͨ͠ηΩϡϦςΟ؅ཧΛݕ౼ ○ AWS OrganizationsͰ؅ཧ͍ͯ͠ΔͨΊɺ਺ेݸҎ্ͷΫϩεΞΧ΢ϯτ͕ଘࡏ ○ σʔλ෼ੳͰ͸GCP΋ར༻͍ͯ͠ΔͨΊɺҰݩ؅ཧ͕Ͱ͖ͣɺҰ؏ੑ͕อͯͳ͍ ○ ༷ʑͳαʔϏε͕ಈ࡞͢ΔͨΊɺෳࡶʹͳΓ΍͘͢ɺίετ͕ߴ͘ͳΓ΍͍͢ ○ ૢ࡞ੑɺධՁ݁Ռͷࢹೝੑ͕ѱ͘ɺτϦΞʔδͷूܭʹ޻਺͕͔͔Δ ○ ରԠํ๏ͷυΩϡϝϯτ͕ӳޠͩΒ͚ͰΤϯδχΞ͕ૉૣ͘ରԠͰ͖ͳ͍ ● ༷ʑͳΫϥ΢υηΩϡϦςΟπʔϧΛࢼݧಋೖ ○ ػೳ΍ૢ࡞ੑɺίετύϑΥʔϚϯεͷ؍఺͔Βൺֱݕ౼ ○ Shisho Cloud͕࠷΋ཁ݅ʹద߹͠ɺಋೖͷܾఆʹ🎉 16

Slide 17

Slide 17 text

Shisho Cloudͷಋೖ

Slide 18

Slide 18 text

Shisho Cloudͷ࢖͍΍͢͞ ● Simple is the best ○ ϚϧνΫϥ΢υͷҰݩ؅ཧ ○ ηΩϡϦςΟઐ໳஌͕ࣝͳͯ͘΋ରԠՄೳ ○ ϦεΫͷଈ࣌ՄࢹԽ ○ ೔ຊޠରԠͷஸೡͳϨϙʔτ ○ ಋೖͷ༰қ͞ͱݕग़݁Ռͷ଎͞ ○ े෼ʹ४උ͞ΕͯΔϚωʔδυϙϦγʔ ○ ϫʔΫϑϩʔʹΑΔΧελϚΠζੑͷߴ͞ ○ Ձ͕͍֨҆ 18

Slide 19

Slide 19 text

Shisho Cloudͷӡ༻ϙΠϯτ ● ηΩϡϦςΟΨΠυϥΠϯϙϦγʔͷ࡞੒ ○ ࢛൒ظ͝ͱʹ༏ઌ౓ͷߴ͍IssueΛ͢΂ͯରԠ͢Δ͜ͱΛ໨ඪʹઃఆ ● ηΩϡϦςΟ؂ࢹͱΞϥʔτͷઃఆ ○ ֤ϓϩδΣΫτʹઐ༻ͷSlackνϟϯωϧΛ࡞੒ ○ ؔ܎ऀΛר͖ࠐΉ࢓૊ΈΛߏங ○ Embedded SRE޲͚ʹ৘ใڞ༗ͷ৔Λઃ͚Δ ○ τϦΞʔδ͞ΕͨΞϥʔτ͸͢΂ͯରԠ͢Δඞཁ͸ͳ͘ɺ༏ઌ౓͔ΒߜΔ ● ηΩϡϦςΟରԠͷܗ֚ԽΛ๷͗ɺνʔϜͷཱࣗΛଅਐ ○ ηΩϡϦςΟରԠͷܗ֚ԽΛ๷͗ɺνʔϜͷཱࣗΛଅਐ 19

Slide 20

Slide 20 text

Shisho Cloudͷӡ༻՝୊ ● ৽نΠϯϑϥߏங࣌ʹຖճΞϥʔτͷޡݕ஌͕ൃੜ ○ Terraform ͰશΠϯϑϥΛ؅ཧ͍ͯ͠Δ͕ɺ؀ڥ͝ͱͷ౷Ұϧʔϧ͕ͳ͍ ○ ෛՙςετ؀ڥ΍৽نΠϯϑϥ؀ڥͷςϯϓϨʔτԽ͕ະ੔උ ○ ηΩϡϦςΟϙϦγʔ͕؀ڥ͝ͱʹ౷Ұ͞Ε͓ͯΒͣɺෆཁͳΞϥʔτ͕ൃੜ ○ Slack ௨஌͕ଟൃ͠ɺϊΠζͰຒ·ͬͯ͠·͏ ● ॏཁͳ௨஌ݕ஌ ○ Critical / High ͷΞϥʔτ͸ Slack Ͱϝϯγϣϯ෇͖௨஌ ○ ϊΠζΛݮΒ͠ɺରԠ͢΂͖ΞϥʔτʹूதͰ͖Δ؀ڥΛߏங 20

Slide 21

Slide 21 text

Findy ToolsͰ΋ϨϏϡʔ͍ͯ͠·͢ʂ 21

Slide 22

Slide 22 text

ηΩϡϦςΟϩάج൫

Slide 23

Slide 23 text

ηΩϡϦςΟϩάج൫ ● Amazon Security Lakeͷ׆༻ ○ AWS಺ͰϦΞϧλΠϜʹԿ͕ى͖͍ͯΔ͔൑அͰ͖ͳ͍ ○ ηΩϡϦςΟपΓͷϞχλϦϯάڧԽ ○ CloudTrailɺWAFɺVPC Flow LogɺRoute53 (DNS Query)Λର৅ʹՄࢹԽ͠෼ੳ ○ Security LakeͰ؆୯ʹҰݩ؅ཧ͕Մೳ ○ ݄਺ສԁఔ౓Ͱ࣮૷ՄೳͰίεύ͕ྑ͍ ○ Amazon Managed GrafanaͰμογϡϘʔυԽ 23

Slide 24

Slide 24 text

WAF Log ● WAF(Web ACL) ○ Request by Country(ࠃผͷϦΫΤετ਺) ○ Heat map ○ Bar graph ○ Total Request(શϦΫΤετͷूܭ) ○ WAF Rule Request(WAFϧʔϧ͝ͱͷϦΫΤετ਺) ○ Access Ranking(IPΞυϨε΍URL͝ͱͷϦΫΤετ਺) ○ WAF Analytics Logs(෼ੳ༻ͷϩά/ϒϩοΫ৘ใͳͲ) 24

Slide 25

Slide 25 text

CloudTrail Log ● CloudTrail ○ Total Event Count(શΠϕϯτ਺) ○ Total Errors(શΤϥʔ਺) ○ Event History(Πϕϯτཤྺ) ○ Top Event Names(Πϕϯτ໊) ○ Total Event Source(Πϕϯτൃੜݩ) ○ Top Users(ϢʔβʔϥϯΩϯά) ○ Total Source IP(ૢ࡞ݩͷIPΞυϨε) ○ S3 Access Denied(S3ͰΞΫηεڋ൱͞Εͨճ਺) ○ EC2 Change Event Count(EC2ͷઃఆมߋճ਺) ○ VPC Change Event Count(VPCͷઃఆมߋճ਺) ○ Security Group Change Event Count(SGͷઃఆมߋճ਺) ○ Error Event(෼ੳ༻ΤϥʔΠϕϯτ) 25

Slide 26

Slide 26 text

खಈ ੬ऑੑ਍அ

Slide 27

Slide 27 text

खಈ ੬ऑੑ਍அ࣮ࢪ ● GMO Flatt Security x WebΞϓϦέʔγϣϯ਍அ ○ 2023೥ʙ ࣮ࢪࡁΈ ○ SQLΠϯδΣΫγϣϯ ○ XSSɺೝূɾೝՄͷ໰୊ͳͲ ○ ༷ʑͳ੬ऑੑ਍அʹରԠ͍ͯ͠Δ ○ ใࠂॻ/Ϩϙʔτ΋ඇৗʹݟ΍͍͢ ○ ΞϑλʔαʔϏε΋ॆ࣮͍ͯ͠Δ 27

Slide 28

Slide 28 text

Findy Team+ SOC2 Type1

Slide 29

Slide 29 text

Findy Team+ SOC2 Type1Λऔಘ 29

Slide 30

Slide 30 text

·ͱΊ

Slide 31

Slide 31 text

·ͱΊ ● Ϋϥ΢υηΩϡϦςΟपΓ͸ՄࢹԽͯ͠ܧଓతʹ෼ੳͱରࡦΛ͢Δ͜ͱ ● Shisho Cloud/ϫʔΫϑϩʔͷΧελϚΠζΛ׆͔͖͠Εͯͳ͍ ○ ඞཁʹԠͯ͡૊৫ݻ༗ͷϙϦγʔΛઃఆ͠ɺӡ༻ʹద༻͢Δ ○ AWSΞΧ΢ϯτͷ൑ఆج४Λ໌֬Խ͠ɺCritical,HighϨϕϧͷݕ஌࿙ΕΛ๷ࢭ ○ طଘΞϥʔτͷվमͱ୨Է͠ ● ηΩϡϦςΟϩάج൫ͷ෼ੳ ○ Security LakeΛ༻͍ͨج൫͸Ͱ͖ͨͷͰɺ෼ੳΛਐΊ͍ͯ͘ ○ μογϡϘʔυͷΧελϚΠζ΍ఆظతͳৼΓฦΓΛ࣮ࢪ͠ɺӡ༻վળΛਤΔ ○ SQLͷ݁Ռ͔ΒBedrockͰ෼ੳ༧ఆ 31

Slide 32

Slide 32 text

͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ