Upgrade to Pro — share decks privately, control downloads, hide ads and more …

IMPROVING VISIBILITY IN THE CLOUD

IMPROVING VISIBILITY IN THE CLOUD

2017/07/25 RSA APJ Summitでの、松原の講演資料になります

Recruit Technologies

July 26, 2017
Tweet

More Decks by Recruit Technologies

Other Decks in Technology

Transcript

  1. 1 @RSAAPJ #RSAAPJ @RSAAPJ #RSAAPJ IMPROVING VISIBILITY IN THE CLOUD

    Yumiko Matsubara Cyber Security Consulting Department Security Architecture Group Manager Recruit Technologies Co.,Ltd. THREAT DETECTION & RESPONSE @RSAAPJ #RSAAPJ
  2. 2 @RSAAPJ #RSAAPJ BIO 2 Yumiko Matsubara  Planning, building

    and operating IT in Recruit Technologies’ Internal IT Department  As of 2013, planning and building security solutions I like: motorbikes and wine
  3. 3 @RSAAPJ #RSAAPJ TODAY'S POINTS 3 Combination is KEY for

    Biz - Private and Public hybrid-cloud is advancing Recruit's business. Robust Security on both Infrastructures - To advance our business, it is necessary to have hybrid-cloud services that have solid security solutions and infrastructure. RSA Cloud Solution boost us - The advancement of Netwitness and TAP technologies promotes advancement in the security sector.
  4. 4 @RSAAPJ #RSAAPJ AGENDA 1. About RECRUIT - Who is

    RECRUIT? - Recruit Security Team 2. RSA NetWitness usage - Recruit Infrastructure - On-Premise with success - Cloud with issues - POC testing 3. Wrap-up - Wish List - Summary
  5. 6 @RSAAPJ #RSAAPJ 6 Established March 31, 1960 Group Employees

    38,451 Consolidated Sales 1.8 trillion yen approx. Consolidated Profits 131 billion yen approx. Group Companies 287 (Japan & abroad) *End of March, 2016 RECRUIT HOLDINGS CO., LTD. *End of March, 2016 *End of March, 2017 *End of March, 2017
  6. 7 @RSAAPJ #RSAAPJ BUSINESS MODEL Delivering Value to Clients and

    Users by Making Life Easier and More Fulfilling through Optimized Matching Matching Platform Consumers USER Enterprise CLIENT Clients pay money for a contribution of linking clients to customers.
  7. 8 @RSAAPJ #RSAAPJ 8 BUSINESS MODEL Life event area Lifestyle

    Area Travel Business Lifestyle Health & Beauty Job Hunt Marriage Job Change Home Purchase Car Purchase Child Birth Education Information services that support choice
  8. 9 @RSAAPJ #RSAAPJ 9 Jobs Housing Travel Dining Beauty /

    Fashion Used Cars Bridal/Maternity/ Baby Education Coupon / Daily Deals Online Shopping BUSINESS MODEL
  9. 10 @RSAAPJ #RSAAPJ 10 Job Housing Travel Dining Beauty /

    Fashion Used Cars Bridal/Maternity/ Baby Education Coupon / Daily Deals Online Shopping TOP SHARE IN JAPAN
  10. 12 @RSAAPJ #RSAAPJ STRATEGIC IT COMPANY 12 Recuir Security Team

    Project Management UXD/SEO Internet Marketing Big Data Solutions Technology R&D Systems Development Recruit Holdings Recruit Career Recruit Sumai Company Recruit Lifestyle Recruit Jobs Recruit Staffing Recruit Marketing Partners Staff Service Holdings Recruit Technologies Recruit Administration Recruit Communications Business/ Service Function/ Support
  11. 13 @RSAAPJ #RSAAPJ ENTIRE SECURITY ORG STRUCTURE 13 Recruit Holdings

    Recruit Technologies Security Management Office Board Business security System security Security Architecture Group Strategy Group Consulting Group SOC IR QM
  12. 14 @RSAAPJ #RSAAPJ SECURITY ORG STRUCTURE IN RECRUIT TECHNOLOGIES 14

    Strategy Group Consulting Group Security Architecture Group Testing and introduction of advanced security solutions, systems operation Implementation of overall rules governing security Review of security measures for new Web development SOC IRG QM Security Operation Center Incident Response Quality Management Insourced from Recruit-CSIRT
  13. 17 @RSAAPJ #RSAAPJ SERVICE INFRASTRUCTURE Robustness OS/MW Flexibility Private Cloud

    - On premise Public Cloud - AWS A combination of our large-scale On premise infrastructure and cloud environment is used in businesses.
  14. 18 @RSAAPJ #RSAAPJ SERVICE INFRASTRUCTURE Robustness OS/MW Flexibility Security Private

    Cloud - On premise Public Cloud - AWS A combination of our large-scale On premise infrastructure and cloud environment is used in businesses.
  15. 20 @RSAAPJ #RSAAPJ 20 Improve Decision-making Speed ◦ Commercial environment

    threat detection: IDS and WAF ▪ No way of checking impact on the detected communication (data leak or not) or whether an attack was successful ▪ Even if there was a way, investigations are time-consuming and expensive ▪ To ascertain these impacts, we wanted to record all communications and use them in our investigations Implementation of NetWitness network forensics
  16. 21 @RSAAPJ #RSAAPJ 21 Extraction using a TAP ・The same

    traffic going through the detection tools is extracted, so it can be analyzed after detection. SPAN 10G×6 1G×6 1G×6 1G×1 Internet attack attack GigaVue-HD4 IDS/ WAF SA Server Concentrator ×6 Decorder ×6
  17. 23 @RSAAPJ #RSAAPJ 1. RSA NetWitness for AWS 2. TAP

    on AWS Issues with Implementation in the Cloud 2 main (big) issues in October 2016
  18. 25 @RSAAPJ #RSAAPJ Answer for request Provided Pilot testing both

    NW and TAP for Cloud. Thanks to enormous cooperation, we have completed PoC in the productization process.
  19. 26 @RSAAPJ #RSAAPJ 26 RSA suggested…..workaround Cloud VM Ompremis Environment

    Gigaview Agent Gigamon Decoder Concentrator Server Collection of Captured Packets Transfer of Captured Packets Transfer of Captured Packets GigaVUE-FM Control Control Link External ELB WAF Internal ELB Packet Capture Use On premise RNWS incompatibility On premise Gigamon is necessary To link with On premise Netwitness, On premise Gigamon is necessary customer
  20. 27 @RSAAPJ #RSAAPJ Implementing Cloud Version Each Company's Independent Cloud

    VM On-premis Environment Gigaview Agent Concentrator Server Collection of Captured Packets Transfer of Captured Packets Link GigaVUE-FM Control External ELB WAF Internal ELB Packet Capture Decoder Unnecessary! customer
  21. 29 @RSAAPJ #RSAAPJ Schedule From: January 16 to March 16,

    2017 Planning Environment Testing Reporting Testing completed January February March 2017 Structure Requirements Test items Environment construction Operability Functions Failure procedures Summary Testing environment construction completed
  22. 31 @RSAAPJ #RSAAPJ Roles Netwitness environment, testing & technical support

    Overall planning & test items Overall Direction RSA NetWitness Packets for AWS Visibility Platform for AWS AWS Gigamon environment, testing & technical support AWS environment preparation ・Each company filled the following roles
  23. 32 @RSAAPJ #RSAAPJ PoC Objective and Results Installation & Setup

    Non-steady Operation Monitoring Recovery Admin Steady Operation ・NTP・DNS・Puppet operation ・Connection to Web UI console ・Confirmation of admin interface access ・Appliance OS operation, status checks using Web GUI ・Appliance status check ・Investigation, LIVE, Rest API, Report operation ・Incident analysis, verification points, operation check ・Polling using SNMP ・OS reboot ・Effects of suspension of optional components on operation of other components ・Backup and restore operations for all components
  24. 35 @RSAAPJ #RSAAPJ Wish List 1. Inform traffic threshold to

    make designing easier 2. Converged virtual appliance
  25. 37 @RSAAPJ #RSAAPJ SUMMARY 37 Combination is KEY for Biz

    - Private and Public hybrid-cloud is advancing Recruit's business. Robust Security on both Infrastructures - To advance our business, it is necessary to have hybrid-cloud services that have solid security solutions and infrastructure. RSA Cloud Solution boost us - The advancement of Netwitness and TAP technologies promotes advancement in the security sector.
  26. 38 @RSAAPJ #RSAAPJ @RSAAPJ #RSAAPJ THANK YOU If You have

    any questions: You can find me at: [email protected] https://www.facebook.com yumiko.matsubara.58 Recruit Technologies