20230914_FinJAWS

"844FDVSJUZ)VCΛ࢖͍͜ͳͤͳͯ͘
ࣦഊͯ͠͠·͏ΞϯνϨγϐ
ถᖒ ୓໵

View Slide

ถᖒ ୓໵
5BLVZB:POF[BXB
೥ʹ4*FSʹ৽ଔೖࣾɻ
ݱࡏ͸࢈ۀۀքͷ͓٬༷޲͚ʹ"84؀ڥશൠͷઃܭߏஙΛ୲౰ɻ
8։ൃ͔Β"84౷੍ɺΫϥ΢υΨΠυϥΠϯࡦఆͳͲ ԿͰ΋԰z
ࢲͷ࢓ࣄ͸4FDVSJUZ)VCʹΑͬͯ੒Γཱ͍ͬͯ·͢
޷͖ͳ"84αʔϏε͸ 4". "QQMJDBUJPO$PNQPTFS $PEF1JQFMJOF
޷͖ͳٕज़͸ /FYUKT /FTU+4 5BJMXJOE$44 %PDLFS LT
झຯ͸ ֨ಆٕʢରઓΑΖ͓͘͠ئ͍͠·͢ʣɺ͓ՈL

IUUQTUXJUUFSDPN
UBLVZB@ZOF

View Slide

͸͡Ίʹ
§ /*45ͷ$ZCFS4FDVSJUZ'SBNFXPSL $4'
ͱ "84αʔϏε

識別
- Identity -
防御
- Protect -
検知
- Detect -
対応
- Respond -
復旧
- Recover -
AWS Config AWS Security Hub
AWS Shield Amazon GuardDuty
Amazon
Inspector
Amazon
Macie
AWS WAF Amazon Detective
IAM
AWS KMS
AWS
Network Firewall
Amazon
Verified
Permissions
AWS
Systems Manager
AWS Lambda
AWS
Systems Manager
AWS CloudFormation
AWS Backup
AWS
Elastic Disaster Recovery
(AWS DRS)

View Slide

͸͡Ίʹ
§ /*45ͷ$ZCFS4FDVSJUZ'SBNFXPSL $4'
ͱ "84αʔϏε

識別
- Identity -
防御
- Protect -
検知
- Detect -
対応
- Respond -
復旧
- Recover -
AWS Shield Amazon GuardDuty
Amazon
Inspector
Amazon
Macie
AWS WAF Amazon Detective
IAM
AWS KMS
AWS
Network Firewall
Amazon
Verified
Permissions
AWS
Systems Manager
AWS Lambda
AWS
Systems Manager
AWS CloudFormation
AWS Backup
AWS
Elastic Disaster Recovery
(AWS DRS)
lݕ஌zքͷେޚॴ
4FDVSJUZ)VC༷ͷ͓࿩Ͱ͢

View Slide

ͬͦ͘͞ຊ୊΁ɻɻ
4FDVSJUZ)VC͸҄ϲۼ͞Μ
ηογϣϯͰղઆࡁΈͳͷͰ

View Slide

BBTEGBGB
§ BBBBB
▸BBBBBB
− CCCCC
§ BBBBB
▸BETBGBEG

είΞʁ
ग़དྷΒ͋ͬʂ
͡Όͳ͍ʂʁ
ةݥ͔ͩΒૣ͘ੋਖ਼͠Ζʂ
ౖΒΕΔ͔Β͜ͷϧʔϧΛ
0''ʹͯͬ͠ͱɻɻ
ͦͷ

View Slide

ग़དྷ·ͤΜͰͨ͠ʜ

§ ࡶʹ4FDVSJUZ)VCΛσϑΥϧτઃఆͰ༗ޮԽ͢Δͱʜ
▸$*4Wʢݸʣͱ "84جૅηΩϡϦςΟͷϕετϓϥΫςΟεWʢݸʣ
͕༗ޮԽɺʢେମͷ৔߹͸ʣͱΜͰ΋ͳ͍είΞ͕ग़Δ
:"7":ʂ

View Slide

ఘΊͳ͍Ͱʂ

§ ஌͓͖͍ͬͯͨ4FDVSJUZ)VCείΞࢉग़ϧʔϧ
https://docs.aws.amazon.com/ja_jp/securityhub/latest/userguide/standards-security-score.html

View Slide

ఘΊͳ͍Ͱʂ

§ ஌͓͖͍ͬͯͨ4FDVSJUZ)VCείΞࢉग़ϧʔϧ
https://docs.aws.amazon.com/ja_jp/securityhub/latest/userguide/standards-security-score.html
είΞʹίϯτϩʔϧͷ߹֨਺༗ޮίϯτϩʔϧ਺
ॏཁ౓ $SJUJDBM)JHI.FEJVN-PX
͸ߟྀ֎ͳͷͰ
είΞʹ:"7":౓ Ͱ͸ͳ͍

View Slide

ఘΊͳ͍Ͱʂ

§ ͔ͱ͍ͬͯɺԿ΋ݟͳ͍͍ͯ͘zͰ͸ͳ͍zͰ͢ʂ
▸ॏཁ౓ɿ$SJUJDBM͸ΘΓ͔͠Ξ΢τؾຯͳͷͰɺඞͣνΣοΫΛ
▸্هʹ߹Θͤͯ(VBSE%VUZͷݕग़݁ՌΛ֬ೝ͓ͯ͘͠ͱ٢

View Slide

BBTEGBGB
§ BBBBB
▸BBBBBB
− CCCCC
§ BBBBB
▸BETBGBEG

ͱΓ͋͑ͣ
શϧʔϧνΣοΫ
ͳΜ͔͍ͬͺ͍ج४͕
͋Δ͔Β༗ޮԽͪ͠Ό͑ʂ
ͨ͘͞ΜνΣοΫͯ͠
ࠔΔ͜ͱ͸ͳ͍ͩΖ͏ʜ
ͦͷ

View Slide

4FDVSJUZ)VCΛ௨஌͢Δͷ͸ͱͯ΋؆୯
§ ͓खܰ௨஌ύλʔϯू

Amazon
EventBridge
AWS Security Hub
Event Rule
Amazon SNS
Incident
Manager
AWS
Systems Manager
AWS Chatbot
Amazon SNS
͢΂ͯίʔσΟϯάແ͠Ͱ࣮ݱՄೳ 👏

View Slide


Incident
Manager
AWS
Systems Manager
AWS Chatbot
Amazon SNS
Amazon SNS
Amazon
EventBridge
AWS Security Hub
Event Rule

View Slide


Incident
Manager
AWS
Systems Manager
AWS Chatbot
Amazon SNS
Amazon SNS
Amazon
EventBridge
AWS Security Hub
Event Rule
🤢 ੜ+40/ "4''
Λ໨ύʔεͰ͖Δ
஁࿉͞Εͨ4FDVSJUZ)VCϢʔβͷΈͷબ͹Ε͠௨஌ํ๏

View Slide


Amazon SNS
Incident
Manager
AWS
Systems Manager
AWS Chatbot
Amazon SNS
Amazon
EventBridge
AWS Security Hub
Event Rule

View Slide


Amazon SNS
Incident
Manager
AWS
Systems Manager
AWS Chatbot
Amazon SNS
Amazon
EventBridge
AWS Security Hub
Event Rule
👍4MBDL΍5FBNTʹ௨஌͕ྲྀΕΔͷͰ͙͢ؾ෇͚Δ
👍Πϕϯτ಺༰͕αϚΒΕ͍ͯΔͷͰݟ΍͍͢
👍$IBU#PU͔ΒίϚϯυ΍3VOCPPL͕࣮ߦ
Ͱ͖ΔͷͰ࢖͍͜ͳͤΕ͹շదͳ$IBU0QT

View Slide


Amazon SNS
AWS Chatbot
Amazon SNS
Incident
Manager
AWS
Systems Manager
Amazon
EventBridge
AWS Security Hub
Event Rule

View Slide


Amazon SNS
AWS Chatbot
Amazon SNS
Incident
Manager
AWS
Systems Manager
Amazon
EventBridge
AWS Security Hub
Event Rule
👍l୭͕z z͍ͭz ରԠΛ࢝Ίͨ׬͔ྃͨ͠ͷτϥοΫ
👍աڈͷྨࣅࣄ৅ͱͷؔ࿈෇͚
👍ϝʔϧ΍4.4 5&-ͳͲ๛෋ͳνϟωϧ

View Slide

44.*ODJEFOU.BOBHFS

44.*ODJEFOU .BOBHFS͸ͱͯ΋Ԟ͕ਂ͍ͷͰ
0QT+"84ͷԼهࢿྉΛνΣοΫʂ
https://speakerdeck.com/yoshiiryo1/aws-systems-manager-incident-manager-deshi-xian-suruinsidentoguan-li

View Slide

ࢲͷۤखͳݴ༿Ͱ͢

ͱΓ͋͑ͣϧʔϧ0/
͔Βͷ
ͱΓ͋͑ͣ௨஌

View Slide

Կ͕ݴ͍͍͔ͨʁ

https://www.oreilly.co.jp/books/9784873119847/
lϊΠζͷଟ͍Ξϥʔτ͸ΞϥʔτർΕΛى͜͠ɺ
ΞϥʔτΛ໾ʹཱͨͳ͍΋ͷʹͯ͠͠·͍·͢ɻ
lΞϥʔτγεςϜʹଟ͘ͷϊΠζΛൃੜͤͯ͞͠·͍ɺ
ͦΕΒ͸͙͢ʹແࢹ͞ΕΔΑ͏ʹͳΓɺ
Ξϥʔτ͕ൃੜ͍ͯ͠Δͷ͕
ਖ਼ৗͩͱݟΒΕͯ͠·͏͜ͱͰ͢ɻ
ষ ΞϥʔτർΕ ΑΓ

View Slide

Կ͕ݴ͍͍͔ͨʁ

lϊΠζͷଟ͍Ξϥʔτ͸ΞϥʔτർΕΛى͜͠ɺ
ΞϥʔτΛ໾ʹཱͨͳ͍΋ͷʹͯ͠͠·͍·͢ɻ
lΞϥʔτγεςϜʹଟ͘ͷϊΠζΛൃੜͤͯ͞͠·͍ɺ
ͦΕΒ͸͙͢ʹແࢹ͞ΕΔΑ͏ʹͳΓɺ
Ξϥʔτ͕ൃੜ͍ͯ͠Δͷ͕
ਖ਼ৗͩͱݟΒΕͯ͠·͏͜ͱͰ͢ɻ
ʘ͜͏ͳΓ·͢ʂʗ
ϝʔϧ
ະಡ݅਺
ষ ΞϥʔτർΕ ΑΓ

View Slide

๨Εͯ͸͍͚ͳ͍ίετ
§ 4FDVSJUZ)VCͱ$POGJH͸χίΠν
4FDVSJUZ)VCϧʔϧΛ0O
$POGJHϧʔϧ͕࡞੒͞ΕΔʢTFDVSJUZIVCIPHFʣ
$POGJHͷධՁ݁ՌΛ4FDVSJUZ)VC΁࿈ܞ
EC2
Lambda
RDS
VPC
৭ʑͳ"84Ϧιʔε
Ϧιʔεͷ
มߋཤྺ
Config
Rule
$POGJHϧʔϧ
ͷධՁ݁Ռ

💰ϙΠϯτᶃ 💰ϙΠϯτᶄ
💰ϙΠϯτᶅ

View Slide

§ ֤՝ۚϙΠϯτͷৄࡉʢWFSʣ
▸ᶃ $POGJHϨίʔμʔͷϦιʔεه࿥
− Ϧιʔε͝ͱʹ
▸ᶄ $POGJHϧʔϧͷධՁ
▸ᶅ4FDVSJUZ)VCνΣοΫ݁ՌऔΓࠐΈ

https://aws.amazon.com/jp/security-hub/pricing/
https://aws.amazon.com/jp/config/pricing/

View Slide

§ $POGJHͷϧʔϧධՁλΠϛϯά
https://docs.aws.amazon.com/ja_jp/config/latest/developerguide/evaluate-config-rules.html

View Slide

§ $POGJHͷϧʔϧධՁλΠϛϯά
https://docs.aws.amazon.com/ja_jp/config/latest/developerguide/evaluate-config-rules.html

&$΍&$4ͷ"VUP4DBMJOH౳Ͱ
ᶃ $POGJHϧʔϧͷ࠶ධՁ՝ۚ
ᶄ$POGJH΁ͷΠϕϯτऔΓࠐΈ՝ۚ ͷμϒϧύϯνʂ

View Slide

͡Ό͋ϧʔϧબఆͲ͏͢Ε͹ʁʁ

View Slide

ύλʔϯᶃɿશϧʔϧཁ൱֬ೝ

§ ར༻͍ͯ͠ΔαʔϏε΍4$1΋౿·͑ͯϧʔϧબఆ
▸4&͸γεςϜΛࣗ਎ͷखͰ੍ޚ͍ͨ͠ੜ͖෺Ͱ͢ 4".1-&

View Slide

4FDVSJUZ)VCͷϧʔϧ͸Ξοϓσʔτͱڞʹ૿͑Δ

View Slide

4FDVSJUZ)VCΞοϓσʔτͷ΢Υον

https://docs.aws.amazon.com/ja_jp/securityhub/latest/userguide/securityhub-announcements.html

View Slide

ύλʔϯᶃɿશϧʔϧཁ൱֬ೝ

§ શϧʔϧཁ൱֬ೝ
▸4&͸γεςϜΛࣗ਎ͷखͰ੍ޚ͍ͨ͠ੜ͖෺Ͱ͢ 4".1-&
4FDVSJUZ)VCϧʔϧͷΞοϓσʔτ௥ै
ˠ ϧʔϧ௥Ճഇࢭ΍ڴҖ౓ͷมߋΛ΢Υον͢Δମ੍
ˠ ֤"84αʔϏε͕νϣοτϫΧͬͯϦεΫධՁͰ͖Δਓࡐ
ఆظతͳϧʔϧ୨Է͠ͷϓϩηεཱ֬
ˠ ॳظߏஙͯ͠೩͑ਚ͖͕ͪ
͜ͷӡ༻Λճ͢ʹ͸ڧ͍ҙࢤɾମ੍͕ඞཁͰ͢ʢڭ܇ʣ

View Slide

ڧ͍ҙࢤɾମ੍͕ͳ͍ͷͰ͋Ε͹ʜ

View Slide

ύλʔϯᶄɿॏཁ౓ϕʔεͰ௨஌0/0''
§ Ϛωʔδυͳ4FDVSJUZ)VCϧʔϧʹ਎ΛҕͶΔ
▸4FDVSJUZ)VCϧʔϧ͸ఆظతʹ 6QEBUF͞ΕΔ 6QEBUFͯ͠΋Β͑Δɻ
− αʔϏεΞοϓσʔτʹΑΓϧʔϧͷඞཁੑ͕ͳ͘ͳͬͨ
νΣοΫ಺༰ͷมߋɺॏཁ౓ʢ4FWFSJUZʣͷมߋ ɺͳͲ
https://docs.aws.amazon.com/ja_jp/securityhub/latest/userguide/controls-change-log.html

View Slide

§ Ϛωʔδυͳ4FDVSJUZ)VCϧʔϧʹ਎ΛҕͶΔ
▸4FDVSJUZ)VCϧʔϧ͸ఆظతʹ6QEBUF͞ΕΔɻ
− αʔϏεΞοϓσʔτʹΑΓϧʔϧͷඞཁੑ͕ͳ͘ͳͬͨ
− νΣοΫ಺༰ͷมߋɺॏཁ౓ͷมߋ ͳͲ
https://docs.aws.amazon.com/ja_jp/securityhub/latest/userguide/controls-change-log.html
4FDVSJUZ)VC͕ఆٛ͢Δॏཁ౓ʢ4FWFSJUZʣΛ
ϕʔεʹ௨஌಺༰Λઃఆ͢Δύλʔϯ

View Slide

§ ͨͩ͠ɺ4FWFSJUZʹԠͨ͡௨஌νϟωϧͷ੾Γସ͑͸.645
▸௨஌खஈɺνϟοτπʔϧͷνϟωϧͳͲ
Amazon
EventBridge
AWS Security Hub
Rule
Amazon SNS
Incident
Manager
AWS
Systems Manager
AWS Chatbot
Amazon SNS
GuardDuty
Detective IAM AA
Firewall
Manager
Rule
Rule
AWS Chatbot
Event

Severity : HIGH
Status : NEW
Severity : CRITICAL
Status : NEW
Severity : MEDIUM
Status : NEW
Severity : LOW
は一括OFF
4".1-&

View Slide

§ ͨͩ͠ɺॏཁ౓ʹԠͨ͡௨஌νϟωϧͷ੾Γସ͑͸.645
▸௨஌खஈɺνϟοτπʔϧͷνϟωϧͳͲ
Amazon
EventBridge
AWS Security Hub
Rule
Amazon SNS
Incident
Manager
AWS
Systems Manager
AWS Chatbot
Amazon SNS
GuardDuty
Detective IAM AA
Firewall
Manager
Rule
Rule
AWS Chatbot
Event

Severity : HIGH
Status : NEW
Severity : CRITICAL
Status : NEW
Severity : MEDIUM
Status : NEW
Severity : LOW
は一括OFF
4".1-&
૊৫ମ੍΍ϙϦγʔʹΑͬͯ
ϧʔϧઃܭ΍ରԠϑϩʔ͸େ͖͘มΘΔ
4FDVSJUZ)VCͱ͏·͘෇͖߹͏͜ͱͰ
αεςφϒϧͳӡ༻Λ

View Slide

·ͱΊ
§ 4FDVSJUZ)VCͷείΞ͸ਅʹड͚ͳ͍
▸͋͘·Ͱͭͷࢦඪͱ͍͏ελϯεͰ
▸lείΞΛʹ͢Δ͜ͱzΛ໨తͱ͠ͳ͍
§ ࡶͳશϧʔϧ௨஌μϝઈର
▸ΦΦΧϛগ೥໰୊΍ΞϥʔτͷແҙຯԽʹ
▸ԿΑΓਫ਼ਆతʹΑΖ͘͠ͳ͍
▸4FDVSJUZ)VCʹৼΓճ͞ΕΔཁҼʹ
§ ͖ͪΜͱΞϥʔτʹؾ෇͍ͯϓϩΞΫςΟϒʹ
ΧΠθϯͰ͖Δମ੍ɾϑϩʔͷ੔උΛ
▸ηΩϡϦςΟ͸zશһࢀՃzͰ͢
§ ϚϧνΞΧ΢ϯτ؀ڥԼͩͱߋʹෳࡶ౓͕૿͠·͢
▸಺༰͕ؾʹͳΔํ͸࠙਌ձͳͲͰ͓੠ֻ͚͍ͩ͘͞

View Slide

͓·͚

ͨͱ͑ۓٸੑͷ௿͍಺༰Ͱ͋ͬͯ΋ɺ
ి࿩ɾςΩετΞϥʔτɾ໷தͷϓογϡ௨஌
ͱ͍ͬͨݺͼग़͠͸͢΂ͯɺ
ΦϯίʔϧΤϯδχΞͷετϨεཁҼͱͳΓ·͢ɻ
͜ΕΒͷετϨεཁҼ͸
ΑΓଟ͘ͷϑϥετϨʔγϣϯͱͳΓɺ
࢓ࣄͷຬ଍౓͸௿Լ͠ɺ
-JOLFE*OͰϦΫϧʔλ͔Βͷ
ϝοηʔδʹฦ౴͢ΔΑ͏ʹͳͬͯ͠·͍·͢ɻ
Ξϥʔτ͸ͲͷΑ͏ʹ௨஌͞Ε͍ͯΔ͔ʁΑΓ

View Slide

5IBOL:PV

View Slide

20230914_FinJAWS

20230914_FinJAWS

Takuya Yonezawa

More Decks by Takuya Yonezawa

Other Decks in Technology

Featured

Transcript