Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
クラウド脆弱性の傾向とShisho Cloudの活用
Search
adachi.ryo
March 16, 2025
Technology
0
210
クラウド脆弱性の傾向とShisho Cloudの活用
https://findy-tools.connpass.com/event/347629/
クラウドを活用する開発組織の実践的セキュリティ対策 〜脆弱性診断とDBへのアクセス制御〜
adachi.ryo
March 16, 2025
Tweet
Share
More Decks by adachi.ryo
See All by adachi.ryo
Findy Team+のSOC2取得までの道のり
rvirus0817
0
310
FindyにおけるTakumi活用と脆弱性管理のこれから
rvirus0817
0
980
技術的負債で信頼性が限界だったWordPress運用をShifterで完全復活させた話
rvirus0817
1
3.1k
Amazon Security Lakeを活用したセキュリティログの集約とAIによる可視化の最前線
rvirus0817
0
110
TechBull Membersの開発進捗どうですか!?
rvirus0817
0
1.4k
TechBullエンジニアコミュニティの取り組みについて
rvirus0817
0
1.1k
横断SREの立ち上げと、AWSセキュリティへの取り組みの軌跡
rvirus0817
3
12k
ゼロから創る横断SREチーム ~挑戦と進化~
rvirus0817
3
5.8k
入社1ヶ月でここまでやった!Findy Toolsインフラ支援の最適化
rvirus0817
11
14k
Other Decks in Technology
See All in Technology
FastAPIの魔法をgRPC/Connect RPCへ
monotaro
PRO
1
700
PLaMoの事後学習を支える技術 / PFN LLMセミナー
pfn
PRO
9
3.8k
OpenAI gpt-oss ファインチューニング入門
kmotohas
2
900
生成AIで「お客様の声」を ストーリーに変える 新潮流「Generative ETL」
ishikawa_satoru
1
290
Access-what? why and how, A11Y for All - Nordic.js 2025
gdomiciano
1
100
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
5.4k
PLaMo2シリーズのvLLM実装 / PFN LLM セミナー
pfn
PRO
2
950
Railsアプリケーション開発者のためのブックガイド
takahashim
14
6.1k
Optuna DashboardにおけるPLaMo2連携機能の紹介 / PFN LLM セミナー
pfn
PRO
1
860
LLMアプリケーション開発におけるセキュリティリスクと対策 / LLM Application Security
flatt_security
7
1.8k
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
11
77k
Azure SynapseからAzure Databricksへ 移行してわかった新時代のコスト問題!?
databricksjapan
0
130
Featured
See All Featured
Typedesign – Prime Four
hannesfritz
42
2.8k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.1k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
Testing 201, or: Great Expectations
jmmastey
45
7.7k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
9
570
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
46
7.6k
Writing Fast Ruby
sferik
629
62k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Making Projects Easy
brettharned
119
6.4k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
54
3k
Transcript
Ϋϥυ੬ऑੑͷͱShisho Cloudͷ׆༻ ʮ2025/03/17 ΫϥυΛ׆༻͢Δ։ൃ৫ͷ࣮ફతηΩϡϦςΟରࡦ ʙ੬ऑੑஅͱDBͷΞΫηε੍ޚʙʯ ϑΝΠϯσΟגࣜձࣾ ϓϩμΫτ։ൃ෦/SRE ҆ୡ ྋ(@adachin0817)
ࣗݾհ
3 ࣗݾհ ҆ୡ ྋ(@adachin0817) ɾϑΝΠϯσΟ(ג) / ϓϩμΫτ։ൃ෦/Senior SRE ɾBlog: blog.adachin.me/wiki.adachin.me
ɾTechBull(ΤϯδχΞίϛϡχςΟ) techbull.cloud ɹɾSRE/ΤϯδχΞͷϝϯλϦϯά ྦྷܭ300໊↑ ɹɾίϛϡχςΟϚωʔδϟʔ ɾ͔ͭͯOSS൛VulsͷίϯτϦϏϡʔλʔΠϕϯτओ࠵ͳͲ ɾ89ੜ·Εɺ౦ژཱ۠ग़Ͱ࡛ۄݝय़෦ࢢ͕ݩ ɾϑϨϯνϒϧυοάͷࣂ͍ओͰ͋Δ
4
ԣஅSREνʔϜͷҐஔ͚ͮͱϛογϣϯ
ԣஅSREνʔϜͷҐஔ͚ͮͱϛογϣϯ • ԣஅSREνʔϜ ◦ ڈ͔ΒνʔϜͱ্ཱ͓ͯͪ͛ͯ͠Γɺݱࡏ4໊Ͱ׆ಈ͍ͯ͠Δ • SREͷଘࡏҙٛ ◦ SREಓΛ࡞ΔͨΊʹଘࡏ͢Δ(։ൃͷεϐʔυͱ҆શੑΛཱ྆) ◦
ϦεΫΛड͚ೖΕɺཧ͢Δ(োͷϦεΫΛ࠷খݶʹ͑ͭͭɺޮతͳӡ༻Λࢦ͢) ◦ SLOΛܭଌ͢Δ(৴པੑͷόϥϯεΛऔΔͨΊͷج४Λࡦఆ) ◦ τΠϧͷݮͱࣗಈԽ(Ձͷߴ͍ۀʹूதͰ͖ΔڥΛఏڙ) ◦ ϓϩμΫτͷࢧԉ(։ൃεϐʔυͱ৴པੑͷόϥϯεΛอͭͨΊʹٕज़ࢧԉ) ◦ ηΩϡϦςΟͷՄࢹԽͱڧԽ (જࡏతͳϦεΫΛൃݟ͠ɺγεςϜΛΑΓ҆શͳঢ়ଶʹอͭ) • ظϛογϣϯ ◦ ʮϑΝΠϯσΟͷࣄۀΛࢧ͑ΔͨΊʹɺSRE৫ͷ͋Γํͷཱ֬ʯ • தظϛογϣϯ ◦ ʮࣾһશһ͕ࣄۀʹूதͰ͖ΔΑ͏ͳΈΛߏங͠ɺ҆શʹఏڙʯ 6
ৄ͍͠औΓΈʹ͍ͭͯFindy Tech BlogΛࢀߟʹʂ 7
ۙͷ੬ऑੑʹ͍ͭͯ
ۙͷ੬ऑੑʑ૿Ճ͍ͯ͠Δ 9 ࢀߟ: https://www.first.org/epss/data_stats https://blog.adachin.me/archives/53851 https://vuls.biz/blog/articles/20240822a/
߈ܸܦ࿏ͱ৫ͷηΩϡϦςΟରԠྗ 10 ࢀߟ: https://vuls.biz/blog/articles/20240822a/
Top Threats to Cloud Computing 2024 ΫϥυॏେڴҖϨϙʔτ
Top Threats to Cloud Computing 2024 • 2024 ΫϥυॏେڴҖϨϙʔτ ◦
CSA(ΫϥυηΩϡϦςΟΞϥΠΞϯε)ຊ෦ ◦ 2ʹҰڴҖϨϙʔτΛެ։ ◦ 500ਓҎ্ͷۀքઐՈΛରʹಛఆ • ՝ ◦ ॱҐ͕Լ͕͓ͬͯΓݒ೦͞ΕΔͷͰͳ͍ ◦ ઃఆϛεͱෆेͳมߋཧ ◦ IAMʹΑΔΞΫηεཧ ◦ ηΩϡΞͰͳ͍ΠϯλʔϑΣʔεAPI ◦ ΫϥυηΩϡϦςΟͷΞʔΩςΫνϟ ͱઓུͷܽ 12 ࢀߟ: https://www.cloudsecurityalliance.jp/site/?p=35829
Top Threats to Cloud Computing 2024 • ࠓޙͷݟ௨͠ ◦ AIΛؚΉΑΓߴԽͳ߈ܸ
◦ αϓϥΠνΣʔϯͷϦεΫ ◦ ਐԽ͢Δن੍ͷঢ়گ ◦ Ransomware-as-a-Service(RaaS) • ରࡦ ◦ SDLC(ιϑτΣΞ։ൃϥΠϑαΠΫϧ)Λ௨ͨ͡ AIͷ౷߹ ◦ AIΛ׆༻ͨ͠ηΩϡϦςΟπʔϧ ◦ θϩτϥετηΩϡϦςΟϞσϧ ◦ ࣗಈԽͱΦʔέετϨʔγϣϯ ◦ ηΩϡϦςΟεΩϧͷ֨ࠩ 13 ࢀߟ: https://www.cloudsecurityalliance.jp/site/?p=35829
ΫϥυηΩϡϦςΟʹऔΓΉୈҰา
ΫϥυηΩϡϦςΟʹऔΓΉࡍͷୈҰา • ηΩϡϦςΟஅͱݱঢ়Ѳ / CSPM(Cloud Security Posture Management) ◦ ઃఆϛε੬ऑͳϦιʔεΛՄࢹԽ͠ɺ༏ઌ͖͢ϦεΫΛಛఆ
◦ ૣظରԠͰηΩϡϦςΟΠϯγσϯτΛະવʹ͙ • ηΩϡϦςΟࢹͱΞϥʔτͷઃఆ ◦ ҟৗͳϩάΠϯڴҖΛϦΞϧλΠϜʹݕग़ ◦ ඞཁͳΞϥʔτΛదʹઃఆ͠ɺਝͳରԠΛՄೳʹ • TrivyΛ׆༻ͨ͠ηΩϡϦςΟεΩϟϯ ◦ طͷڥʹର͢Δஅͱɺ৽نߏங࣌ͷࣗಈεΩϟϯΛCIԽ • ηΩϡϦςΟϩάͷՄࢹԽ ◦ AWS WAFɺCloudTrailɺGuardDutyͷঢ়ଶΛઃఆ͢Δ͚ͩͰͳ͘ՄࢹԽɾੳ ◦ ҟৗݕͷਫ਼Λ্ͤ͞ɺରԠεϐʔυΛਐΊΔ • ηΩϡϦςΟڭҭͱҙ্ࣝ ◦ νʔϜશମͷηΩϡϦςΟҙࣝΛߴΊΔ͜ͱ͕େ ◦ ࠷৽ͷڴҖରࡦํ๏Λڞ༗͢ΔΛઃ͚Δ 15
ΫϥυηΩϡϦςΟڧԽʹ͓͚ΔπʔϧબఆͷΞϓϩʔν • ॳͷܭը: AWS Security Hub Λ׆༻ͨ͠ηΩϡϦςΟཧΛݕ౼ ◦ AWS OrganizationsͰཧ͍ͯ͠ΔͨΊɺेݸҎ্ͷΫϩεΞΧϯτ͕ଘࡏ
◦ σʔλੳͰGCPར༻͍ͯ͠ΔͨΊɺҰݩཧ͕Ͱ͖ͣɺҰ؏ੑ͕อͯͳ͍ ◦ ༷ʑͳαʔϏε͕ಈ࡞͢ΔͨΊɺෳࡶʹͳΓ͘͢ɺίετ͕ߴ͘ͳΓ͍͢ ◦ ૢ࡞ੑɺධՁ݁Ռͷࢹೝੑ͕ѱ͘ɺτϦΞʔδͷूܭʹ͕͔͔Δ ◦ ରԠํ๏ͷυΩϡϝϯτ͕ӳޠͩΒ͚ͰΤϯδχΞ͕ૉૣ͘ରԠͰ͖ͳ͍ • ༷ʑͳΫϥυηΩϡϦςΟπʔϧΛࢼݧಋೖ ◦ ػೳૢ࡞ੑɺίετύϑΥʔϚϯεͷ؍͔Βൺֱݕ౼ ◦ Shisho Cloud͕࠷ཁ݅ʹద߹͠ɺಋೖͷܾఆʹ🎉 16
Shisho Cloudͷಋೖ
Shisho Cloudͷ͍͢͞ • Simple is the best ◦ ϚϧνΫϥυͷҰݩཧ ◦
ηΩϡϦςΟઐ͕ࣝͳͯ͘ରԠՄೳ ◦ ϦεΫͷଈ࣌ՄࢹԽ ◦ ຊޠରԠͷஸೡͳϨϙʔτ ◦ ಋೖͷ༰қ͞ͱݕग़݁Ռͷ͞ ◦ ेʹ४උ͞ΕͯΔϚωʔδυϙϦγʔ ◦ ϫʔΫϑϩʔʹΑΔΧελϚΠζੑͷߴ͞ ◦ Ձ͕͍֨҆ 18
Shisho Cloudͷӡ༻ϙΠϯτ • ηΩϡϦςΟΨΠυϥΠϯϙϦγʔͷ࡞ ◦ ࢛ظ͝ͱʹ༏ઌͷߴ͍IssueΛͯ͢ରԠ͢Δ͜ͱΛඪʹઃఆ • ηΩϡϦςΟࢹͱΞϥʔτͷઃఆ ◦ ֤ϓϩδΣΫτʹઐ༻ͷSlackνϟϯωϧΛ࡞
◦ ؔऀΛר͖ࠐΉΈΛߏங ◦ Embedded SRE͚ʹใڞ༗ͷΛઃ͚Δ ◦ τϦΞʔδ͞ΕͨΞϥʔτͯ͢ରԠ͢Δඞཁͳ͘ɺ༏ઌ͔ΒߜΔ • ηΩϡϦςΟରԠͷܗ֚ԽΛ͗ɺνʔϜͷཱࣗΛଅਐ ◦ ηΩϡϦςΟରԠͷܗ֚ԽΛ͗ɺνʔϜͷཱࣗΛଅਐ 19
Shisho Cloudͷӡ༻՝ • ৽نΠϯϑϥߏங࣌ʹຖճΞϥʔτͷޡݕ͕ൃੜ ◦ Terraform ͰશΠϯϑϥΛཧ͍ͯ͠Δ͕ɺڥ͝ͱͷ౷Ұϧʔϧ͕ͳ͍ ◦ ෛՙςετڥ৽نΠϯϑϥڥͷςϯϓϨʔτԽ͕ະඋ ◦
ηΩϡϦςΟϙϦγʔ͕ڥ͝ͱʹ౷Ұ͞Ε͓ͯΒͣɺෆཁͳΞϥʔτ͕ൃੜ ◦ Slack ௨͕ଟൃ͠ɺϊΠζͰຒ·ͬͯ͠·͏ • ॏཁͳ௨ݕ ◦ Critical / High ͷΞϥʔτ Slack Ͱϝϯγϣϯ͖௨ ◦ ϊΠζΛݮΒ͠ɺରԠ͖͢ΞϥʔτʹूதͰ͖ΔڥΛߏங 20
Findy ToolsͰϨϏϡʔ͍ͯ͠·͢ʂ 21
ηΩϡϦςΟϩάج൫
ηΩϡϦςΟϩάج൫ • Amazon Security Lakeͷ׆༻ ◦ AWSͰϦΞϧλΠϜʹԿ͕ى͖͍ͯΔ͔அͰ͖ͳ͍ ◦ ηΩϡϦςΟपΓͷϞχλϦϯάڧԽ ◦
CloudTrailɺWAFɺVPC Flow LogɺRoute53 (DNS Query)ΛରʹՄࢹԽ͠ੳ ◦ Security LakeͰ؆୯ʹҰݩཧ͕Մೳ ◦ ݄ສԁఔͰ࣮ՄೳͰίεύ͕ྑ͍ ◦ Amazon Managed GrafanaͰμογϡϘʔυԽ 23
WAF Log • WAF(Web ACL) ◦ Request by Country(ࠃผͷϦΫΤετ) ◦
Heat map ◦ Bar graph ◦ Total Request(શϦΫΤετͷूܭ) ◦ WAF Rule Request(WAFϧʔϧ͝ͱͷϦΫΤετ) ◦ Access Ranking(IPΞυϨεURL͝ͱͷϦΫΤετ) ◦ WAF Analytics Logs(ੳ༻ͷϩά/ϒϩοΫใͳͲ) 24
CloudTrail Log • CloudTrail ◦ Total Event Count(શΠϕϯτ) ◦ Total
Errors(શΤϥʔ) ◦ Event History(Πϕϯτཤྺ) ◦ Top Event Names(Πϕϯτ໊) ◦ Total Event Source(Πϕϯτൃੜݩ) ◦ Top Users(ϢʔβʔϥϯΩϯά) ◦ Total Source IP(ૢ࡞ݩͷIPΞυϨε) ◦ S3 Access Denied(S3ͰΞΫηεڋ൱͞Εͨճ) ◦ EC2 Change Event Count(EC2ͷઃఆมߋճ) ◦ VPC Change Event Count(VPCͷઃఆมߋճ) ◦ Security Group Change Event Count(SGͷઃఆมߋճ) ◦ Error Event(ੳ༻ΤϥʔΠϕϯτ) 25
खಈ ੬ऑੑஅ
खಈ ੬ऑੑஅ࣮ࢪ • GMO Flatt Security x WebΞϓϦέʔγϣϯஅ ◦ 2023ʙ
࣮ࢪࡁΈ ◦ SQLΠϯδΣΫγϣϯ ◦ XSSɺೝূɾೝՄͷͳͲ ◦ ༷ʑͳ੬ऑੑஅʹରԠ͍ͯ͠Δ ◦ ใࠂॻ/Ϩϙʔτඇৗʹݟ͍͢ ◦ ΞϑλʔαʔϏεॆ࣮͍ͯ͠Δ 27
Findy Team+ SOC2 Type1
Findy Team+ SOC2 Type1Λऔಘ 29
·ͱΊ
·ͱΊ • ΫϥυηΩϡϦςΟपΓՄࢹԽͯ͠ܧଓతʹੳͱରࡦΛ͢Δ͜ͱ • Shisho Cloud/ϫʔΫϑϩʔͷΧελϚΠζΛ׆͔͖͠Εͯͳ͍ ◦ ඞཁʹԠͯ͡৫ݻ༗ͷϙϦγʔΛઃఆ͠ɺӡ༻ʹద༻͢Δ ◦ AWSΞΧϯτͷఆج४Λ໌֬Խ͠ɺCritical,HighϨϕϧͷݕ࿙ΕΛࢭ
◦ طଘΞϥʔτͷվमͱ୨Է͠ • ηΩϡϦςΟϩάج൫ͷੳ ◦ Security LakeΛ༻͍ͨج൫Ͱ͖ͨͷͰɺੳΛਐΊ͍ͯ͘ ◦ μογϡϘʔυͷΧελϚΠζఆظతͳৼΓฦΓΛ࣮ࢪ͠ɺӡ༻վળΛਤΔ ◦ SQLͷ݁Ռ͔ΒBedrockͰੳ༧ఆ 31
͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ