Mākaʻikaʻi ʻo Cloud Security

ʻO ka hoʻoneʻe ʻana i nā ʻikepili a me nā noi i ke ao he luʻi hou no nā SOC hui, ʻaʻole mākaukau mau e nānā i nā ʻoihana ʻē aʻe. Wahi a Netoskope, hoʻohana ka ʻoihana maʻamau (ʻike ʻia i ka US) i nā lawelawe kapuaʻi like ʻole 1246, ʻo ia ka 22% ʻoi aku ma mua o hoʻokahi makahiki i hala. 1246 lawelawe ao!!! ʻO 175 o lākou e pili ana i nā lawelawe HR, 170 e pili ana i ke kūʻai aku, 110 i ke kahua kamaʻilio a me 76 i ke kālā a me CRM. Hoʻohana ʻo Cisco i nā lawelawe kapuaʻi "wale nō" 700. No laila, huikau au i kēia mau helu. Akā i kekahi hihia, ʻaʻole me lākou ka pilikia, akā me ka hoʻomaka ʻana o ke ao e hoʻohana ikaika ʻia e ka nui o nā ʻoihana e makemake e loaʻa nā mana like no ka nānā ʻana i nā ʻōnaehana kapuaʻi e like me kā lākou pūnaewele. A ke ulu nei kēia ʻano - e like me e like me ka American Chamber of Accounts Ma 2023, 1200 mau kikowaena data e pani ʻia ma ʻAmelika Hui Pū ʻIa (6250 ua pani ʻia). Akā ʻo ka hoʻololi ʻana i ke ao ʻaʻole wale "e neʻe i kā mākou mau kikowaena i kahi mea hoʻolako waho." ʻO ka hoʻolālā IT hou, nā polokalamu hou, nā kaʻina hana hou, nā palena hou ... Ke lawe nei kēia mau mea i nā loli nui i ka hana o IT wale nō, akā, i ka palekanaʻike. A inā ua aʻo nā mea hoʻolako e hoʻokō me ka hōʻoia ʻana i ka palekana o ke ao ponoʻī (ʻoi aku ka nui o nā ʻōlelo aʻoaʻo), a laila me ka nānā ʻana i ka ʻike palekana o ke ao, ʻoi aku hoʻi ma nā kahua SaaS, aia nā pilikia nui, a mākou e kamaʻilio ai.

E ʻōlelo mākou ua hoʻoneʻe kāu ʻoihana i kahi ʻāpana o kāna ʻoihana i ke ao... Kāohi. ʻAʻole kēia ala. Inā ua hoʻololi ʻia ka ʻōnaehana, a ke noʻonoʻo nei ʻoe i ke ʻano o ka nānā ʻana iā ia, a laila ua nalowale ʻoe. Inā ʻaʻole ʻo Amazon, Google, a i ʻole Microsoft (a laila me nā hoʻopaʻa ʻana), ʻaʻole paha ʻoe e hiki ke nānā i kāu ʻikepili a me nā noi. He maikaʻi inā hāʻawi ʻia ʻoe i ka manawa e hana me nā lāʻau. I kekahi manawa e loaʻa ka ʻikepili hanana palekana, akā ʻaʻole ʻoe e loaʻa iā ia. No ka laʻana, Office 365. Inā loaʻa iā ʻoe ka laikini E1 liʻiliʻi loa, a laila ʻaʻole loaʻa nā hanana palekana iā ʻoe. Inā loaʻa iā ʻoe kahi laikini E3, mālama ʻia kāu ʻikepili no nā lā 90 wale nō, a inā loaʻa iā ʻoe kahi laikini E5, loaʻa ka lōʻihi o nā lāʻau no hoʻokahi makahiki (eia naʻe, loaʻa kēia i kāna mau nuances e pili ana i ka pono e hoʻokaʻawale. noi i kekahi mau hana no ka hana ʻana me nā lāʻau mai ke kākoʻo Microsoft). Ma ke ala, ʻoi aku ka nāwaliwali o ka laikini E3 ma ke ʻano o ka nānā ʻana i nā hana ma mua o Exchange hui. No ka loaʻa ʻana o ka pae like, pono ʻoe i ka laikini E5 a i ʻole ka laikini Advanced Compliance hou, e koi ana i ke kālā hou aʻe ʻaʻole i helu ʻia i loko o kāu kumu hoʻohālike kālā no ka neʻe ʻana i ka ʻōnaehana kapuaʻi. A he laʻana wale nō kēia o ka hoʻohaʻahaʻa ʻana i nā pilikia e pili ana i ka nānā ʻana i ka palekana ʻike kapua. Ma kēiaʻatikala, me ka hoʻohālikeʻole i ka piha, makemake wau e huki i ka nānāʻana i kekahi mau nuances e pono e noʻonoʻo i ke kohoʻana i kahi mea hāʻawi kapua mai kahiʻike palekana. A ma ka hopena o ka ʻatikala, e hāʻawi ʻia kahi papa inoa e pono e hoʻopau ma mua o ka noʻonoʻo ʻana ua hoʻoholo ʻia ka pilikia o ka nānā ʻana i ka palekana ʻike kapua.

Aia kekahi mau pilikia maʻamau e alakaʻi ai i nā hanana i loko o nā kaiapuni kapua, kahi i loaʻa ʻole i nā lawelawe palekana ʻike manawa e pane ai a ʻike ʻole paha iā lākou:

• ʻAʻole loaʻa nā moʻolelo palekana. He kūlana maʻamau kēia, ʻoi aku ma waena o nā mea pāʻani novice i ka mākeke solutions cloud. Akā ʻaʻole pono ʻoe e haʻalele koke iā lākou. ʻO nā mea pāʻani liʻiliʻi, ʻoi aku ka ʻoi aku o ka home, ʻoi aku ka maʻalahi i nā koi o ka mea kūʻai aku a hiki ke hoʻokō koke i kekahi mau hana i koi ʻia ma ka hoʻololi ʻana i ka palapala alanui i ʻae ʻia no kā lākou huahana. ʻAe, ʻaʻole kēia he analogue o GuardDuty mai Amazon a i ʻole ka "Proactive Protection" module mai Bitrix, akā ma ka liʻiliʻi loa.
• ʻAʻole ʻike ka palekana ʻike i kahi i mālama ʻia ai nā lāʻau a i ʻole ke komo ʻana iā lākou. Maanei pono e komo i loko o nā kūkākūkā me ka mea lawelawe kapuaʻi - malia paha e hāʻawi ʻo ia i kēlā ʻike inā manaʻo ʻo ia he mea nui ka mea kūʻai aku iā ia. Akā ma ka laulā, ʻaʻole maikaʻi loa ke komo ʻana i nā lāʻau "ma ka hoʻoholo kūikawā."
• Loaʻa nō hoʻi i ka mea hāʻawi kapua i nā lāʻau, akā hāʻawi lākou i ka nānā ʻana a me ka hoʻopaʻa ʻana i nā hanana, ʻaʻole lawa ia e ʻike i nā hanana āpau. No ka laʻana, hiki iā ʻoe ke loaʻa wale nā ​​loina o nā hoʻololi ma kahi pūnaewele a i ʻole nā ​​moʻolelo o nā hoʻāʻo hōʻoia o ka mea hoʻohana, akā ʻaʻole nā ​​hanana ʻē aʻe, e like me ke kaʻa pūnaewele, e hūnā iā ʻoe i kahi papa holoʻokoʻa o nā hanana e hōʻike ana i nā hoʻāʻo e hack i kāu ʻōnaehana ao.
• Aia nā lāʻau, akā paʻakikī ke komo iā lākou i ka automate, ka mea e koi iā lākou e nānā mau ʻole, akā ma ka papa kuhikuhi. A inā ʻaʻole hiki iā ʻoe ke hoʻoiho maʻalahi i nā lāʻau, a laila e hoʻoiho i nā lāʻau, no ka laʻana, ma ka format Excel (e like me ka nui o nā mea hoʻolako kapuaʻi kapuaʻi kūloko), hiki ke alakaʻi i ka makemake ʻole i ka ʻaoʻao o ka lawelawe palekana ʻike ʻoihana e tinker me lākou.
• ʻAʻohe mākaʻikaʻi lāʻau. ʻO kēia paha ke kumu maopopo ʻole o ka loaʻa ʻana o nā hanana palekana ʻike i nā kaiapuni ao. Me he mea lā aia nā lāʻau, a hiki ke hoʻokaʻawale i ke komo ʻana iā lākou, akā ʻaʻohe mea e hana i kēia. No ke aha mai?

Kaʻana like ʻana i ka manaʻo palekana ao

ʻO ka hoʻololi ʻana i ke ao he ʻimi mau ia i kahi kaulike ma waena o ka makemake e mālama i ka mana o ka ʻōnaehana a me ka hoʻoili ʻana i nā lima ʻoi aku ka ʻoihana o kahi mea hāʻawi kapuaʻi i loea i ka mālama ʻana. A ma ke kahua o ka palekana ao, pono e ʻimi ʻia kēia kaulike. Eia kekahi, ma muli o ke kumu hoʻohālike lawelawe lawelawe kapuaʻi i hoʻohana ʻia (IaaS, PaaS, SaaS), ʻokoʻa kēia kaulike i nā manawa āpau. I kēlā me kēia hihia, pono mākou e hoʻomanaʻo e hahai nā mea hoʻolako kapua i kēia lā i ka mea i kapa ʻia ke kuleana pili a me ke kumu hoʻohālike palekana ʻike. ʻO ke ao ke kuleana no kekahi mau mea, a no nā mea ʻē aʻe ke kuleana o ka mea kūʻai aku, e kau ana i kāna ʻikepili, kāna mau noi, kāna mau mīkini virtual a me nā kumuwaiwai ʻē aʻe i ke ao. He mea noʻonoʻo ka manaʻo ma ka hele ʻana i ke ao, e hoʻololi mākou i nā kuleana āpau i ka mea hāʻawi. Akā ʻaʻole naʻauao ke kūkulu ʻana i ka palekana āpau iā ʻoe iho i ka wā e neʻe ai i ke ao. Pono ʻia kahi kaulike, e hilinaʻi ʻia i nā kumu he nui: - ka hoʻolālā hoʻokele pilikia, ka hoʻohālike hoʻoweliweli, nā hana palekana i loaʻa i ka mea hāʻawi kapua, nā kānāwai, etc.

No ka laʻana, ʻo ka hoʻokaʻawale ʻana o ka ʻikepili i mālama ʻia i ke ao ke kuleana mau o ka mea kūʻai. Hiki i ka mea hāʻawi kapuaʻi a i ʻole ka mea lawelawe waho ke kōkua iā ia me nā mea hana e kōkua i ka hōʻailona ʻana i ka ʻikepili i loko o ke ao, e ʻike i nā hewa, e holoi i ka ʻikepili i uhaki i ke kānāwai, a i ʻole e uhi iā ia me ka hoʻohana ʻana i kekahi ala a i ʻole. Ma ka ʻaoʻao ʻē aʻe, ʻo ka palekana kino ke kuleana mau o ka mea hāʻawi kapua, ʻaʻole hiki iā ia ke kaʻana like me nā mea kūʻai aku. Akā ʻo nā mea āpau ma waena o ka ʻikepili a me nā ʻōnaehana kino ke kumuhana o ke kūkākūkā ma kēia ʻatikala. No ka laʻana, ʻo ka loaʻa ʻana o ke ao ke kuleana o ka mea hoʻolako, a ʻo ka hoʻonohonoho ʻana i nā lula ahi a i ʻole ka hoʻopili ʻana i ke kuleana o ka mea kūʻai aku. Ma kēia ʻatikala e hoʻāʻo mākou e nānā i nā ʻōnaehana nānā palekana ʻikepili i hāʻawi ʻia i kēia lā e nā mea hoʻolako kapuaʻi kaulana ma Rūsia, he aha nā hiʻohiʻona o kā lākou hoʻohana ʻana, a i ka wā hea e pono ai ke nānā aku i nā hopena overlay waho (e laʻa, Cisco E- mail Security) e hoʻonui i nā hiki o kāu ao e pili ana i ka cybersecurity. I kekahi mau hihia, ʻoi aku ka nui inā e hahai ana ʻoe i kahi hoʻolālā multi-cloud, ʻaʻohe āu koho akā e hoʻohana i nā ʻōnaehana nānā palekana ʻike o waho i kekahi mau kapuaʻi i ka manawa hoʻokahi (no ka laʻana, Cisco CloudLock a i ʻole Cisco Stealthwatch Cloud). ʻAe, i kekahi mau hihia e ʻike ʻoe ʻaʻole hāʻawi ka mea hāʻawi kapuaʻi āu i koho ai (a i kau ʻia ma luna o ʻoe) i nā mana mālama mālama ʻike. He mea leʻaleʻa kēia, akā ʻaʻole liʻiliʻi, no ka mea hiki iā ʻoe ke loiloi pono i ka pae o ka pilikia e pili ana i ka hana ʻana me kēia ao.

Ka mālama ʻana i ke ao holoʻokoʻa

No ka nānā ʻana i ka palekana o nā ao āu e hoʻohana ai, ʻekolu wale nō kāu koho:

• hilinaʻi i nā mea hana i hāʻawi ʻia e kāu mea hāʻawi kapua,
• e hoʻohana i nā hāʻina mai nā ʻaoʻao ʻekolu e nānā i nā kahua IaaS, PaaS a i ʻole SaaS āu e hoʻohana ai,
• e kūkulu i kāu ʻōnaehana nānā ʻana i ke ao (no nā kahua IaaS/PaaS wale nō).

E ʻike kākou i nā hiʻohiʻona o kēlā me kēia koho. Akā ʻo ka mea mua, pono mākou e hoʻomaopopo i ke ʻano maʻamau e hoʻohana ʻia i ka nānā ʻana i nā paepae ao. E hōʻike aku au i 6 mau mea nui o ke kaʻina mālama mālama ʻike i ke ao:

• Ka hoʻomākaukau ʻana i nā ʻoihana. Ka hoʻoholo ʻana i nā noi a me nā ʻōnaehana pono no ka hōʻiliʻili ʻana i nā hanana koʻikoʻi no ka palekana ʻike i loko o kahi waihona.
• ʻOhi. I kēia manawa, hōʻuluʻulu ʻia nā hanana palekana mai nā kumu like ʻole no ka hoʻouna ʻana ma hope no ka hoʻoili ʻana, mālama a me ka nānā ʻana.
• Lapaʻau. I kēia pae, hoʻololi ʻia ka ʻikepili a hoʻonui ʻia e hoʻomaʻamaʻa i ka nānā ʻana ma hope.
• Waihona. ʻO kēia ʻāpana ke kuleana no ka mālama ʻana i ka wā pōkole a me ka wā lōʻihi o ka ʻikepili i hōʻiliʻili ʻia a me ka maka.
• Kānāwai. I kēia pae, hiki iā ʻoe ke ʻike i nā hanana a pane aku iā lākou me ka maʻalahi a i ʻole ka lima.
• Hōʻike. Kōkua kēia pae i ka hoʻokumu ʻana i nā hōʻailona koʻikoʻi no nā mea kuleana (ka hoʻokele, nā loiloi, ka mea hāʻawi kapua, nā mea kūʻai aku, a me nā mea ʻē aʻe) e kōkua iā mākou e hana i kekahi mau hoʻoholo, no ka laʻana, hoʻololi i kahi mea hoʻolako a hoʻoikaika i ka palekana ʻike.

ʻO ka hoʻomaopopo ʻana i kēia mau ʻāpana e ʻae iā ʻoe e hoʻoholo wikiwiki i ka wā e hiki mai ana i kāu mea e lawe ai mai kāu mea hoʻolako, a me kāu mea e hana ai iā ʻoe iho a i ʻole ke komo ʻana o nā mea aʻoaʻo waho.

Nā lawelawe kapua i kūkulu ʻia

Ua kākau mua wau ma luna o ka nui o nā lawelawe kapua i kēia lā ʻaʻole i hāʻawi i nā mana mālama mālama ʻike. Ma keʻano laulā,ʻaʻole lākou e nānā nui i ke kumuhana o ka palekanaʻike. No ka laʻana, kekahi o nā lawelawe Lūkini kaulana no ka hoʻouna ʻana i nā hōʻike i nā keʻena aupuni ma o ka Pūnaewele (ʻaʻole wau e haʻi kikoʻī i kona inoa). ʻO ka pauku holoʻokoʻa e pili ana i ka palekana o kēia lawelawe e pili ana i ka hoʻohana ʻana i ka CIPF i hōʻoia ʻia. ʻAʻole ʻokoʻa ka ʻāpana palekana ʻike o kekahi lawelawe kapuaʻi kūloko no ka hoʻokele palapala uila. Ke kamaʻilio nei e pili ana i nā palapala kī lehulehu, cryptography i hōʻoia ʻia, e hoʻopau ana i nā nāwaliwali o ka pūnaewele, ka pale ʻana i ka hoʻouka ʻana o DDoS, me ka hoʻohana ʻana i nā pā ahi, backup, a me nā loiloi palekana ʻike maʻamau. Akā ʻaʻohe huaʻōlelo e pili ana i ka nānā ʻana, ʻaʻole hoʻi e pili ana i ka hiki ke loaʻa i nā hanana palekana ʻike e pili ana i nā mea kūʻai aku o kēia mea lawelawe.

Ma keʻano laulā, ma ke ʻano o ka wehewehe ʻana o ka mea hāʻawi kapua i nā pilikia palekana ʻike ma kāna pūnaewele a ma kāna palapala, hiki iā ʻoe ke hoʻomaopopo i ke koʻikoʻi o kēia pilikia. No ka laʻana, inā heluhelu ʻoe i nā manual no nā huahana "My Office", ʻaʻohe huaʻōlelo e pili ana i ka palekana, akā ma ka palapala no ka huahana ʻokoʻa "My Office. KS3", i hoʻolālā ʻia e pale aku i ka ʻae ʻole ʻia, aia kahi papa inoa maʻamau o nā helu o ka kauoha 17th o ka FSTEC, i hoʻokō ʻia e "My Office.KS3", akā ʻaʻole ia i wehewehe ʻia pehea e hoʻokō ai a, ʻo ka mea nui loa, pehea e hana ai. hoʻohui i kēia mau mīkini me ka palekana ʻike ʻoihana. Loaʻa paha ia mau palapala, akā ʻaʻole i loaʻa iaʻu i ka lehulehu, ma ka pūnaewele "My Office". ʻOiai ʻaʻole hiki iaʻu ke komo i kēia ʻike huna?..

No Bitrix, ʻoi aku ka maikaʻi o ke kūlana. Hōʻike ka palapala i nā ʻano o nā moʻolelo hanana a, ʻo ka mea hoihoi, ka log intrusion, i loaʻa nā hanana e pili ana i nā mea hoʻoweliweli i ka paepae ao. Mai laila mai hiki iā ʻoe ke huki i ka IP, mea hoʻohana a inoa malihini paha, kumu hanana, manawa, mea hoʻohana, ʻano hanana, etc. ʻOiaʻiʻo, hiki iā ʻoe ke hana me kēia mau hanana mai ka papa hoʻokele o ke ao ponoʻī, a i ʻole e hoʻouka i ka ʻikepili ma ka format MS Excel. He mea paʻakikī kēia manawa e hoʻokaʻawale i ka hana me nā lāʻau Bitrix a pono ʻoe e hana i kekahi o ka hana me ka lima (hoʻouka ʻana i ka hōʻike a hoʻouka iā ia i kāu SIEM). Akā inā mākou e hoʻomanaʻo a hiki i kēia manawa ʻaʻole i loaʻa kahi manawa kūpono, a laila he holomua nui kēia. I ka manawa like, makemake wau e hoʻomaopopo i ka hāʻawi ʻana o nā mea hoʻolako ao ʻē aʻe i nā hana like "no ka poʻe hoʻomaka" - e nānā i nā lāʻau me kou mau maka ma o ka papa mana, a i ʻole e hoʻouka i ka ʻikepili iā ʻoe iho (akā, ʻo ka hapa nui o ka hoʻouka ʻana i ka ʻikepili ma . csv format, ʻaʻole Excel).

Me ka noʻonoʻo ʻole i ke koho no-logs, hāʻawi pinepine nā mea hāʻawi kapua iā ʻoe i ʻekolu mau koho no ka nānā ʻana i nā hanana palekana - dashboards, hoʻouka ʻikepili a me ke komo ʻana i ka API. ʻO ka mea mua e hoʻoponopono i nā pilikia he nui no ʻoe, akā ʻaʻole ʻoiaʻiʻo kēia - inā he nui kāu mau makasina, pono ʻoe e hoʻololi i waena o nā pale e hōʻike ana iā lākou, e nalowale ana ke kiʻi holoʻokoʻa. Eia kekahi, ʻaʻole hiki i ka mea hāʻawi kapua ke hāʻawi iā ʻoe i ka hiki ke hoʻoponopono i nā hanana palekana a nānā pinepine iā lākou mai kahi ʻike palekana (ʻo ka mea maʻamau ke hana nei ʻoe i ka ʻikepili maka, pono ʻoe e hoʻomaopopo iā ʻoe iho). Aia nā ʻokoʻa a e kamaʻilio hou mākou e pili ana iā lākou. ʻO ka mea hope loa, pono ke nīnau i nā hanana i hoʻopaʻa ʻia e kāu mea hāʻawi kapuaʻi, i ke ʻano he aha, a pehea lākou e pili ai i kāu kaʻina hana mālama mālama ʻike? No ka laʻana, ka ʻike a me ka hōʻoia o nā mea hoʻohana a me nā malihini. Hāʻawi ka Bitrix like iā ʻoe, e pili ana i kēia mau hanana, e hoʻopaʻa i ka lā a me ka manawa o ka hanana, ka inoa o ka mea hoʻohana a malihini paha (inā loaʻa iā ʻoe ka module "Web Analytics"), ka mea i komo a me nā mea ʻē aʻe maʻamau no kahi pūnaewele. . Akā, pono paha nā lawelawe palekana ʻike ʻoihana i ka ʻike e pili ana i ke komo ʻana o ka mea hoʻohana i ke ao mai kahi mea hilinaʻi (no ka laʻana, ma kahi ʻoihana hui e hoʻokō ʻia kēia hana e Cisco ISE). Pehea e pili ana i kahi hana maʻalahi e like me ka hana geo-IP, e kōkua i ka hoʻoholo inā ua ʻaihue ʻia kahi moʻokāki mea hoʻohana lawelawe kapua? A inā hāʻawi ka mea hāʻawi kapua iā ʻoe, ʻaʻole lawa kēia. ʻAʻole ʻo Cisco CloudLock wale nō e kālailai i ka geolocation, akā hoʻohana i ka mīkini aʻo no kēia a nānā i ka ʻikepili mōʻaukala no kēlā me kēia mea hoʻohana a nānā i nā anomalies like ʻole i ka ʻike a me nā hoʻāʻo hōʻoia. ʻO MS Azure wale nō ka hana like (inā loaʻa iā ʻoe ke kau inoa kūpono).

Aia kekahi paʻakikī - no ka mea, no ka nui o nā mea hoʻolako kapuaʻi ka nānā ʻana i ka palekana ʻike he kumuhana hou a lākou e hoʻomaka nei e hana, ke hoʻololi mau nei lākou i kahi mea i kā lākou hoʻonā. I kēia lā, loaʻa iā lākou hoʻokahi mana o ka API, ʻapōpō ʻē aʻe, ma ka lā ʻapōpō he kolu. Pono ʻoe e mākaukau no kēia. Pēlā nō me ka hana, hiki ke loli, pono e noʻonoʻo ʻia i kāu ʻōnaehana mālama mālama ʻike. No ka laʻana, ua loaʻa mua ʻo Amazon i nā lawelawe kiaʻi hanana hanana ʻokoʻa—AWS CloudTrail a me AWS CloudWatch. A laila ua puka mai kahi lawelawe ʻokoʻa no ka nānā ʻana i nā hanana palekana ʻike - AWS GuardDuty. Ma hope o kekahi manawa, ua hoʻokumu ʻo Amazon i kahi ʻōnaehana hoʻokele hou, ʻo Amazon Security Hub, kahi e hoʻopili ai i ka ʻikepili i loaʻa mai GuardDuty, Amazon Inspector, Amazon Macie a me nā mea ʻē aʻe. ʻO kekahi hiʻohiʻona ʻo ka Azure log integration tool me SIEM - AzLog. Ua hoʻohana ikaika ʻia e nā mea kūʻai SIEM he nui, a hiki i ka 2018 Microsoft hoʻolaha i ka pau ʻana o kāna hoʻomohala ʻana a me kāna kākoʻo, kahi i kū ai i nā mea kūʻai aku he nui i hoʻohana i kēia hāmeʻa me kahi pilikia (e kamaʻilio mākou e pili ana i ka hoʻoholo ʻana ma hope).

No laila, e nānā pono i nā hiʻohiʻona nānā āpau a kāu mea hāʻawi kapua e hāʻawi iā ʻoe. A i ʻole e hilinaʻi i nā mea hāʻawi hoʻonā o waho e hana ma ke ʻano he mea waena ma waena o kāu SOC a me ke ao āu e makemake ai e nānā. ʻAe, e ʻoi aku ke kumukūʻai (ʻoiai ʻaʻole i nā manawa a pau), akā e hoʻololi ʻoe i ke kuleana āpau ma luna o nā poʻohiwi o kekahi. ʻAʻole ʻo ia mau mea a pau?.. E hoʻomanaʻo kākou i ka manaʻo o ka palekana kaʻana like a hoʻomaopopo ʻaʻole hiki iā mākou ke hoʻololi i kekahi mea - pono mākou e hoʻomaopopo kūʻokoʻa i ka hāʻawi ʻana o nā mea hāʻawi kapua i ka nānā ʻana i ka palekana ʻike o kāu ʻikepili, nā noi, nā mīkini virtual a me nā kumuwaiwai ʻē aʻe. hookipaia ma ke ao. A e hoʻomaka mākou me ka mea a Amazon e hāʻawi ai i kēia ʻāpana.

Laʻana: Ka nānā ʻana i ka palekana ʻike ma IaaS ma muli o AWS

ʻAe, ʻae, maopopo iaʻu ʻaʻole ʻo Amazon ke kumu hoʻohālike maikaʻi loa no ka mea he lawelawe ʻAmelika kēia a hiki ke kāohi ʻia ma ke ʻano he ʻāpana o ka hakakā ʻana i ka extremism a me ka hoʻolaha ʻana o ka ʻike i pāpā ʻia ma Rusia. Akā ma kēia paʻi ʻana, makemake wau e hōʻike i ka ʻokoʻa o nā paepae ao ʻokoʻa i kā lākou hiki ke nānā i ka palekana ʻike a me ka mea e pono ai ʻoe e hoʻolohe i ka wā e hoʻololi ai i kāu mau kaʻina hana nui i nā ao mai kahi ʻike palekana. ʻAe, inā e aʻo kekahi o nā mea hoʻomohala Lūkini o nā hoʻonā kapua i kahi mea pono no lākou iho, a laila maikaʻi loa ia.

ʻO ka mea mua e ʻōlelo ai, ʻaʻole ʻo Amazon kahi paʻa paʻa ʻole. Loaʻa nā hanana like ʻole i kāna mau mea kūʻai aku. No ka laʻana, ua ʻaihue ʻia nā inoa, nā helu wahi, nā lā hānau, a me nā helu kelepona o 198 miliona poʻe koho mai Deep Root Analytics. Ua ʻaihue ʻo ʻIseraʻela ʻo Nice Systems i 14 miliona mau moʻolelo o nā mea kākau inoa Verizon. Eia nō naʻe, ʻae nā mana i kūkulu ʻia o AWS iā ʻoe e ʻike i kahi ākea o nā hanana. ʻo kahi laʻana:

• ka hopena i ka ʻoihana (DDoS)
• node compromise (kauoha kauoha)
• ka ʻae ʻana i ka moʻokāki a me ka ʻae ʻole ʻia
• hoʻonohonoho hewa ʻole a me nā nāwaliwali
• nā pilina palekana a me nā API.

ʻO kēia ʻokoʻa ma muli o ka mea, e like me kā mākou i ʻike ai ma luna, ʻo ka mea kūʻai aku ke kuleana no ka palekana o ka ʻikepili o ka mea kūʻai aku. A inā ʻaʻole ʻo ia i pilikia i ka hoʻohuli ʻana i nā mīkini pale a ʻaʻole i hoʻohuli i nā mea hana nānā, a laila e aʻo wale ʻo ia e pili ana i ka hanana mai ka media a i ʻole kāna mea kūʻai aku.

No ka ʻike ʻana i nā hanana, hiki iā ʻoe ke hoʻohana i kahi ākea o nā lawelawe nānā like ʻole i hoʻomohala ʻia e Amazon (ʻoiai ua hoʻokō pinepine ʻia kēia mau mea e nā mea hana waho e like me ka osquery). No laila, ma AWS, nānā ʻia nā hana a pau o ka mea hoʻohana, me ka nānā ʻole i ke ʻano o ka hana ʻana - ma o ka console hoʻokele, laina kauoha, SDK a i ʻole nā ​​​​lawelawe AWS. Loaʻa nā moʻolelo a pau o kēlā me kēia moʻokāki AWS (me ka inoa inoa, ka hana, ka lawelawe, nā ʻāpana hana, a me ka hopena) a me ka hoʻohana ʻana i ka API ma o AWS CloudTrail. Hiki iā ʻoe ke ʻike i kēia mau hanana (e like me AWS IAM console logins) mai ka CloudTrail console, e nānā iā lākou me ka hoʻohana ʻana iā Amazon Athena, a i ʻole "outsource" iā lākou i nā hopena o waho e like me Splunk, AlienVault, etc. Hoʻokomo ʻia nā lāʻau AWS CloudTrail iā lākou iho i kāu bakeke AWS S3.

ʻElua mau lawelawe AWS e hāʻawi i kekahi mau mana nānā koʻikoʻi. ʻO ka mea mua, ʻo Amazon CloudWatch kahi lawelawe kiaʻi no nā kumuwaiwai AWS a me nā noi, ma waena o nā mea ʻē aʻe, e ʻae iā ʻoe e ʻike i nā anomalies like ʻole i kāu ao. ʻO nā lawelawe AWS āpau i kūkulu ʻia, e like me Amazon Elastic Compute Cloud (servers), Amazon Relational Database Service (databases), Amazon Elastic MapReduce (data analysis), a me 30 mau lawelawe Amazon, e hoʻohana iā Amazon CloudWatch e mālama i kā lākou mau lāʻau. Hiki i nā mea hoʻomohala ke hoʻohana i ka API hāmama mai Amazon CloudWatch e hoʻohui i ka hana nānā log i nā noi maʻamau a me nā lawelawe, e ʻae iā lākou e hoʻonui i ke ʻano o ka loiloi hanana i loko o kahi pōʻaiapili palekana.

ʻO ka lua, ʻo ka lawelawe ʻo VPC Flow Logs e ʻae iā ʻoe e nānā i ke kahe o ka pūnaewele i hoʻouna ʻia a loaʻa paha e kāu mau kikowaena AWS (waho a i loko paha), a ma waena o nā microservices. Ke launa pū kekahi o kāu mau kumuwaiwai AWS VPC me ka pūnaewele, hoʻopaʻa ʻo VPC Flow Logs i nā kikoʻī e pili ana i ka neʻe ʻana o ka pūnaewele, me ke kumu a me ke kikowaena pūnaewele huakaʻi, a me nā helu IP, nā awa, ka protocol, ka helu o nā byte, a me ka helu o nā ʻeke. ʻike. E ʻike ka poʻe i ʻike me ka palekana pūnaewele kūloko i kēia e like me nā pae NetFlow, hiki ke hana ʻia e nā hoʻololi, nā mea hoʻokele a me nā pā ahi ʻoihana. He mea koʻikoʻi kēia mau lāʻau no ka nānā ʻana i ka palekana ʻike no ka mea, ʻaʻole like me nā hanana e pili ana i nā hana a nā mea hoʻohana a me nā noi, ʻae pū lākou iā ʻoe ʻaʻole e haʻalele i nā pilina pūnaewele ma ka AWS virtual private cloud environment.

I ka hōʻuluʻulu ʻana, hāʻawi pū kēia mau lawelawe AWS ʻekolu-AWS CloudTrail, Amazon CloudWatch, a me VPC Flow Logs i ka ʻike ikaika loa i ka hoʻohana ʻana i kāu moʻokāki, ka hana mea hoʻohana, ka hoʻokele waiwai, ka noi a me ka hana lawelawe, a me ka hana pūnaewele. No ka laʻana, hiki ke hoʻohana ʻia e ʻike i nā anomalies penei:

• Ke ho'āʻo nei e nānā i ka pūnaewele, e ʻimi i nā puka hope, e ʻimi i nā nāwaliwali ma o ka pahū ʻana o "404 hewa".
• Hoʻouka kaua (no ka laʻana, SQL injection) ma o ka pohā o "500 hewa".
• ʻO nā mea hoʻouka kaua i ʻike ʻia ʻo sqlmap, nikto, w3af, nmap, etc. ma o ke kālailai ʻana i ke kahua Mea Hoʻohana.

Ua hoʻomohala ʻo Amazon Web Services i nā lawelawe ʻē aʻe no nā kumu cybersecurity e ʻae iā ʻoe e hoʻoponopono i nā pilikia ʻē aʻe. No ka laʻana, loaʻa iā AWS kahi lawelawe i kūkulu ʻia no ka loiloi loiloi a me nā hoʻonohonoho - AWS Config. Hāʻawi kēia lawelawe i ka loiloi mau o kāu mau kumuwaiwai AWS a me kā lākou hoʻonohonoho. E lawe i kahi laʻana maʻalahi: E ʻōlelo mākou makemake ʻoe e hōʻoia i ka pio ʻana o nā ʻōlelo huna mea hoʻohana ma kāu mau kikowaena āpau a hiki ke komo ma muli o nā palapala hōʻoia. Maʻalahi ka AWS Config e nānā i kēia no kāu mau kikowaena āpau. Aia kekahi mau kulekele'ē aʻe i hiki ke hoʻohanaʻia i kāu mau kikowaena kapua: "ʻAʻole hiki i kahi kikowaena ke hoʻohana i ke awa 22", "ʻO nā luna hoʻomalu wale nō e hiki ke hoʻololi i nā rula o ke ahi" a iʻole "ʻO ka mea hoʻohana wale nōʻo Ivashko hiki ke hana i nā moʻokāki mea hoʻohana hou, a hiki iā ia ke hana Ma ka Poalua wale nō. " I ke kauwela o 2016, ua hoʻonui ʻia ka lawelawe ʻo AWS Config e hoʻomaʻamaʻa i ka ʻike ʻana i nā hewa o nā kulekele i kūkulu ʻia. ʻO AWS Config Rules he mau noi hoʻonohonoho hoʻomau no nā lawelawe Amazon āu e hoʻohana ai, e hoʻopuka ana i nā hanana inā e uhaki ʻia nā kulekele pili. No ka laʻana, ma kahi o ka holo ʻana i nā nīnau AWS Config i kēlā me kēia manawa no ka hōʻoia ʻana ua hoʻopili ʻia nā disks āpau ma kahi kikowaena virtual, hiki ke hoʻohana ʻia nā Rules Config AWS no ka nānā mau ʻana i nā disk server e hōʻoia i ka hoʻokō ʻia ʻana o kēia kūlana. A, ʻo ka mea nui loa, i loko o ka pōʻaiapili o kēia hoʻolaha, hoʻopuka nā hana hewa i nā hanana i hiki ke nānā ʻia e kāu lawelawe palekana ʻike.

Loaʻa iā AWS ka mea like me nā ʻōnaehana palekana ʻikepili kuʻuna, e hoʻopuka pū ana i nā hanana palekana e hiki ai iā ʻoe ke loiloi:

• ʻIke Hoʻokomo - AWS GuardDuty
• ʻIke Leak Control - AWS Macie
• EDR (ʻoiai ke kamaʻilio nei e pili ana i nā hopena i loko o ke ao kahi mea ʻē aʻe) - AWS Cloudwatch + open source osquery a i ʻole GRR solutions
• Ka nānā ʻana i ka Netflow - AWS Cloudwatch + AWS VPC Flow
• Nānā DNS - AWS Cloudwatch + AWS Route53
• AD - AWS Directory Service
• Hooponopono mooolelo - AWS IAM
• SSO - AWS SSO
• ka nānā ʻana i ka palekana - AWS Inspector
• hoʻonohonoho hoʻonohonoho - AWS Config
• WAF - AWS WAF.

ʻAʻole wau e wehewehe kikoʻī i nā lawelawe Amazon āpau e pono ai i ka pōʻaiapili o ka palekana ʻike. ʻO ka mea nui, ʻo ia ka hoʻomaopopo ʻana hiki iā lākou āpau ke hana i nā hanana i hiki iā mākou ke loiloi i ka pōʻaiapili o ka palekana ʻike, me ka hoʻohana ʻana no kēia kumu i nā mana i kūkulu ʻia o Amazon ponoʻī a me nā hoʻonā waho, no ka laʻana, SIEM, hiki ke lawe i nā hanana palekana i kāu kikowaena nānā a nānā iā lākou ma laila me nā hanana mai nā lawelawe kapuaʻi ʻē aʻe a i ʻole mai nā ʻōnaehana kūloko, perimeter a me nā polokalamu kelepona.

I kēlā me kēia hihia, hoʻomaka ia me nā kumu ʻikepili e hāʻawi iā ʻoe i nā hanana palekana ʻike. Aia kēia mau kumu, akā ʻaʻole i kaupalena ʻia i:

• CloudTrail - Hoʻohana API a me nā hana hoʻohana
• Kūkākūkā hilinaʻi - nānā palekana i nā hana maikaʻi loa
• Config - waihona a me ka hoʻonohonoho ʻana o nā moʻokāki a me nā hoʻonohonoho lawelawe
• VPC Flow Logs - pili i nā pilina pilikua
• IAM - lawelawe ʻike a hōʻoia
• ELB Access Logs - Load Balance
• Luna nānā - nā nāwaliwali o ka noi
• S3 - waihona waihona
• CloudWatch - Hana Hana
• He lawelawe hoʻolaha ʻo SNS.

ʻO Amazon, ʻoiai e hāʻawi ana i nā ʻano kumu hanana a me nā mea hana no kā lākou hanauna, ua kaupalena ʻia i kona hiki ke nānā i ka ʻikepili i hōʻiliʻili ʻia i loko o ka pōʻaiapili o ka palekana ʻike. Pono ʻoe e aʻo kūʻokoʻa i nā lāʻau i loaʻa, e ʻimi ana i nā hōʻailona kūpono o ka ʻae ʻana i loko o lākou. ʻO AWS Security Hub, ka mea i hoʻokuʻu ʻia e Amazon, e manaʻo e hoʻoponopono i kēia pilikia ma o ka lilo ʻana i kapua SIEM no AWS. Akā i kēia manawa aia wale nō i ka hoʻomaka ʻana o kāna huakaʻi a ua kaupalena ʻia e ka helu o nā kumu e hana ai a me nā palena ʻē aʻe i hoʻokumu ʻia e ka hoʻolālā a me nā kau inoa o Amazon ponoʻī.

Ka Laʻana: Ka nānā ʻana i ka ʻike palekana ma IaaS e pili ana iā Azure

ʻAʻole makemake wau e komo i kahi hoʻopaʻapaʻa lōʻihi e pili ana i kahi o nā mea hoʻolako kapuaʻi ʻekolu (Amazon, Microsoft a i ʻole Google) ʻoi aku ka maikaʻi (ʻoi aku ka maikaʻi o kēlā me kēia o lākou i kāna mau kikoʻī kikoʻī a kūpono no ka hoʻoponopono ʻana i kāna mau pilikia ponoʻī); E noʻonoʻo kākou i ka hiki ke nānā i ka palekana ʻike i kēia mau mea pāʻani. Pono e ʻae ʻia ʻo Amazon AWS kekahi o nā mea mua ma kēia ʻāpana a no laila ua holomua ʻo ia i ka ʻoi loa o kāna mau hana palekana ʻike (ʻoiai he nui ka poʻe i ʻae he paʻakikī lākou e hoʻohana). Akā ʻaʻole kēia manaʻo e haʻalele mākou i nā manawa a Microsoft a me Google e hāʻawi mai iā mākou.

Ua ʻike mau ʻia nā huahana Microsoft e ko lākou "openness" a ma Azure ua like ke kūlana. No ka laʻana, inā e hoʻomau mau ʻia ʻo AWS a me GCP mai ka manaʻo o "ka mea i ʻae ʻole ʻia i pāpā ʻia," a laila aia ʻo Azure i ke ala kūʻē. No ka laʻana, i ka wā e hana ai i kahi pūnaewele virtual i ke ao a me kahi mīkini uila i loko, ua wehe ʻia nā awa a me nā protocols āpau a ʻae ʻia e ka paʻamau. No laila, pono ʻoe e hoʻolilo i kahi hoʻoikaika liʻiliʻi ma ka hoʻonohonoho mua ʻana o ka ʻōnaehana mana komo i ke ao mai Microsoft. A ke kau nei kēia i nā koi koʻikoʻi iā ʻoe e pili ana i ka nānā ʻana i ka hana ma ke ao Azure.

He ʻokoʻa ka AWS e pili ana i ka ʻoiaʻiʻo ke nānā ʻoe i kāu mau kumuwaiwai virtual, inā aia lākou ma nā wahi like ʻole, a laila pilikia ʻoe i ka hoʻohui ʻana i nā hanana āpau a me kā lākou loiloi lokahi, e hoʻopau i nā mea āu e pono ai e hoʻohana i nā ʻano hoʻopunipuni, e like me E hana i kāu code ponoʻī no AWS Lambda e lawe i nā hanana ma waena o nā wahi. ʻAʻole pilikia ʻo Azure - ʻo kāna hana Log Activity e hoʻopaʻa i nā hana āpau ma ka hui holoʻokoʻa me ka ʻole o ka palena. Hoʻohana like ia i ka AWS Security Hub, i hoʻomohala hou ʻia e Amazon e hoʻohui i nā hana palekana he nui i loko o kahi kikowaena palekana hoʻokahi, akā i loko wale nō o kona ʻāina, akā naʻe, ʻaʻole kūpono ia no Rūsia. Loaʻa iā Azure kāna kikowaena palekana, ʻaʻole i hoʻopaʻa ʻia e nā palena ʻāina, e hāʻawi ana i ke komo ʻana i nā hiʻohiʻona palekana āpau o ke ao. Eia kekahi, no nā hui kūloko ʻē aʻe hiki iā ia ke hāʻawi i kāna pūʻulu ponoʻī o nā mana pale, me nā hanana palekana i mālama ʻia e lākou. Ke hele nei ʻo AWS Security Hub e like me Azure Security Center. Akā ʻoi aku ka maikaʻi o ka hoʻohui ʻana i kahi lele i ka ʻaila - hiki iā ʻoe ke ʻoki i waho o Azure i ka nui o nā mea i wehewehe mua ʻia ma AWS, akā ʻoi aku ka maʻalahi o kēia hana no Azure AD, Azure Monitor a me Azure Security Center. ʻAʻole i mālama ʻia nā ʻōnaehana palekana Azure āpau, me ka nānā ʻana i ka hanana hanana palekana, i ke ala kūpono loa. Hoʻopau ʻia ka pilikia e ka API, ka mea e komo i nā lawelawe Microsoft Azure āpau, akā pono kēia i ka hoʻoikaika hou ʻana mai iā ʻoe e hoʻohui i kāu ao me kāu SOC a me ke alo o nā loea loea (ʻoiaʻiʻo, e like me nā SIEM ʻē aʻe e hana me ke ao. API). ʻO kekahi mau SIEM, e kūkākūkā ʻia ma hope, ua kākoʻo iā Azure a hiki iā ia ke hoʻomaʻamaʻa i ka hana o ka nānā ʻana iā ia, akā loaʻa iā ia nā pilikia ponoʻī - ʻaʻole hiki iā lākou ke hōʻiliʻili i nā lāʻau āpau a Azure.

Hāʻawi ʻia ka hōʻiliʻili hanana a me ka nānā ʻana ma Azure me ka hoʻohana ʻana i ka lawelawe ʻo Azure Monitor, ʻo ia ka mea hana nui no ka hōʻiliʻili ʻana, mālama ʻana a me ka nānā ʻana i ka ʻikepili i ke ao Microsoft a me kāna mau kumuwaiwai - Git repositories, containers, virtual machines, applications, etc. ʻO nā ʻikepili a pau i hōʻiliʻili ʻia e Azure Monitor ua māhele ʻia i ʻelua mau ʻāpana - metric, hōʻiliʻili ʻia i ka manawa maoli a me ka wehewehe ʻana i nā hōʻailona hana koʻikoʻi o ke ao Azure, a me nā lāʻau, nā ʻikepili i hoʻonohonoho ʻia i loko o nā moʻolelo e hōʻike ana i kekahi mau ʻano o ka hana o nā kumuwaiwai Azure a me nā lawelawe. Eia kekahi, me ka hoʻohana ʻana i ka Data Collector API, hiki i ka lawelawe ʻo Azure Monitor ke hōʻiliʻili i ka ʻikepili mai kekahi kumu REST e kūkulu i kāna mau hiʻohiʻona nānā ponoʻī.

Eia kekahi mau kumu hanana palekana i hāʻawi ʻia e Azure iā ʻoe a hiki iā ʻoe ke komo ma o ka Azure Portal, CLI, PowerShell, a i ʻole REST API (a me kekahi ma o ka Azure Monitor/Insight API wale nō):

• Nā Papa Hana Hana - pane kēia moʻolelo i nā nīnau maʻamau o "ʻo wai," "he aha," a me "wa" e pili ana i kekahi hana kākau (PUT, POST, DELETE) ma nā kumuwaiwai kapua. ʻAʻole i hoʻokomo ʻia nā hanana e pili ana i ke komo heluhelu (GET) i loko o kēia log, e like me nā mea ʻē aʻe.
• Diagnostic Logs - loaʻa nā ʻikepili e pili ana i nā hana me kahi kumuwaiwai i komo i kāu kau inoa.
• Hōʻike ʻo Azure AD - loaʻa i nā hana mea hoʻohana a me nā hana ʻōnaehana e pili ana i ka hui a me ka hoʻokele mea hoʻohana.
• Windows Event Log a me Linux Syslog - loaʻa nā hanana mai nā mīkini virtual i mālama ʻia ma ke ao.
• Metrics - loaʻa ka telemetry e pili ana i ka hana a me ke kūlana olakino o kāu mau lawelawe kapuaʻi a me nā kumuwaiwai. Ana ʻia i kēlā me kēia minuke a mālama ʻia. i loko o 30 lā.
• Pūʻulu Pūʻulu Pūʻulu Pūnaewele - loaʻa nā ʻikepili ma nā hanana palekana pūnaewele i hōʻiliʻili ʻia me ka lawelawe ʻo Network Watcher a me ka nānā ʻana i nā kumuwaiwai ma ka pae pūnaewele.
• Waihona Logs - loaʻa nā hanana e pili ana i ke komo ʻana i nā hale waihona.

No ka nānā ʻana, hiki iā ʻoe ke hoʻohana i nā SIEM waho a i ʻole ka Azure Monitor i kūkulu ʻia a me kāna mau hoʻonui. E kamaʻilio mākou e pili ana i nā ʻōnaehana hoʻokele hanana ʻike ma hope, akā i kēia manawa e ʻike i ka mea a Azure e hāʻawi mai iā mākou no ka ʻikepili ʻikepili i ka pōʻaiapili o ka palekana. ʻO ka ʻaoʻao nui no nā mea āpau e pili ana i ka palekana ma Azure Monitor ʻo ia ka Log Analytics Security a me Audit Dashboard (kākoʻo ka mana manuahi i kahi palena palena o ka mālama hanana no hoʻokahi pule wale nō). Ua māhele ʻia kēia dashboard i 5 mau wahi nui e nānā ana i nā helu helu hōʻuluʻulu o nā mea e hana nei i ke ao ao āu e hoʻohana nei:

• Nā Kahuna Palekana - nā hōʻailona helu nui e pili ana i ka palekana ʻike - ka helu o nā hanana, ka helu o nā nodes i hoʻopaʻa ʻia, nā nodes i hoʻopaʻa ʻole ʻia, nā hanana palekana pūnaewele, etc.
• Nā Kūlana Kūlana - hōʻike i ka helu a me ke koʻikoʻi o nā pilikia palekana ʻike
• ʻIke - hōʻike i nā ʻano hoʻouka kaua i hoʻohana ʻia iā ʻoe
• ʻIke Hoʻoweliweli - hōʻike i ka ʻike kikoʻī ma nā node waho e hoʻouka nei iā ʻoe
• Nā nīnau palekana maʻamau - nā nīnau maʻamau e kōkua iā ʻoe e nānā pono i kāu palekana ʻike.

ʻO nā hoʻonui ʻo Azure Monitor e pili ana iā Azure Key Vault (pale i nā kī cryptographic i ke ao), Malware Assessment (ka nānā ʻana o ka pale ʻana i nā code malicious ma nā mīkini virtual), Azure Application Gateway Analytics (ka nānā ʻana o, ma waena o nā mea ʻē aʻe, nā lāʻau ahi ahi ahi), etc. . ʻO kēia mau mea hana, hoʻonui ʻia me kekahi mau lula no ka hoʻoponopono ʻana i nā hanana, e ʻae iā ʻoe e nānā i nā ʻano like ʻole o ka hana o nā lawelawe kapuaʻi, me ka palekana, a ʻike i kekahi mau deviations mai ka hana. Akā, e like me ka hana pinepine ʻana, pono nā hana hou aʻe i kahi kau inoa i uku ʻia, e koi ana i nā hoʻopukapuka kālā e pili ana iā ʻoe, pono ʻoe e hoʻolālā ma mua.

Loaʻa iā Azure kekahi mau mana hoʻoweliweli hoʻoweliweli i hoʻohui ʻia i loko o Azure AD, Azure Monitor, a me Azure Security Center. I waena o lākou, no ka laʻana, ka ʻike ʻana i ka launa pū ʻana o nā mīkini virtual me nā IP maikaʻi ʻole i ʻike ʻia (ma muli o ke ʻano o ka hoʻohui ʻana me nā lawelawe Threat Intelligence mai Microsoft), ka ʻike ʻana i ka malware i ka ʻōnaehana ao ma o ka loaʻa ʻana o nā mea hoʻāla mai nā mīkini virtual i mālama ʻia i ke ao, ʻōlelo huna. kuhi hewa "ma nā mīkini virtual, nāwaliwali i ka hoʻonohonoho ʻana o ka ʻōnaehana ʻike mea hoʻohana, ke komo ʻana i loko o ka ʻōnaehana mai nā mea inoa ʻole a i ʻole nā ​​​​nodes i maʻi ʻia, nā leaks moʻokāki, ke komo ʻana i ka ʻōnaehana mai nā wahi maʻamau, etc. ʻO Azure i kēia lā kekahi o nā mea hāʻawi kapuaʻi liʻiliʻi e hāʻawi iā ʻoe i kūkulu ʻia i loko o ka Threat Intelligence hiki ke hoʻonui i nā hanana palekana ʻike.

E like me ka mea i ʻōlelo ʻia ma luna nei, ʻo ka hana palekana a me ka hopena, ʻaʻole i loaʻa nā hanana palekana i hana ʻia e ia i nā mea hoʻohana a pau, akā koi i kahi kau inoa e komo pū ana i ka hana āu e pono ai, e hoʻopuka ana i nā hanana kūpono no ka nānā ʻana i ka palekana ʻike. No ka laʻana, aia kekahi o nā hana i wehewehe ʻia ma ka paukū mua no ka nānā ʻana i nā anomalies i loko o nā moʻokāki i loaʻa wale i ka laikini P2 premium no ka lawelawe Azure AD. Me ka ʻole o ia, ʻo ʻoe, e like me ka hihia o AWS, e nānā i nā hanana palekana i hōʻiliʻili ʻia "ma ka lima". A, e pili ana i ke ʻano o ka laikini Azure AD, ʻaʻole e loaʻa nā hanana āpau no ka nānā ʻana.

Ma ka Azure portal, hiki iā ʻoe ke hoʻokele i nā nīnau ʻimi ʻelua no nā lāʻau hoihoi iā ʻoe a hoʻonohonoho i nā dashboards e nānā i nā hōʻailona palekana ʻike. Eia kekahi, ma laila hiki iā ʻoe ke koho i nā hoʻonui ʻia ʻo Azure Monitor, e ʻae iā ʻoe e hoʻonui i ka hana o nā logs Azure Monitor a loaʻa i kahi loiloi hohonu o nā hanana mai kahi ʻike palekana.

Inā makemake ʻoe ʻaʻole wale i ka hiki ke hana me nā lāʻau, akā he kikowaena palekana piha no kāu kahua ʻo Azure cloud, me ka hoʻokele ʻana i nā kulekele palekana ʻike, a laila hiki iā ʻoe ke kamaʻilio e pili ana i ka pono e hana pū me Azure Security Center, ka hapa nui o nā hana pono. Loaʻa i kekahi kālā, no ka laʻana, ka ʻike hoʻoweliweli, ka nānā ʻana ma waho o Azure, loiloi hoʻokō, etc. (ma ka mana manuahi, hiki iā ʻoe ke komo i kahi loiloi palekana a me nā ʻōlelo aʻoaʻo no ka hoʻopau ʻana i nā pilikia i ʻike ʻia). Hoʻohui ia i nā pilikia palekana a pau ma kahi hoʻokahi. I ka ʻoiaʻiʻo, hiki iā mākou ke kamaʻilio e pili ana i kahi pae kiʻekiʻe o ka palekana ʻike ma mua o ka hāʻawi ʻana iā Azure Monitor iā ʻoe, no ka mea, ma kēia hihia, ua hoʻonui ʻia ka ʻikepili i hōʻiliʻili ʻia ma kāu hale hana kapua me ka hoʻohana ʻana i nā kumu he nui, e like me Azure, Office 365, Microsoft CRM online, Microsoft Dynamics AX , outlook .com, MSN.com, Microsoft Digital Crimes Unit (DCU) a me Microsoft Security Response Center (MSRC), kahi i hoʻopaʻa ʻia ai nā ʻano algorithm aʻo ʻana i nā mīkini maʻalahi a me nā ʻano loiloi ʻano, e hoʻomaikaʻi i ka maikaʻi o ka ʻike ʻana a me ka pane ʻana i nā hoʻoweliweli. .

Loaʻa iā Azure kāna SIEM ponoʻī - ʻike ʻia i ka hoʻomaka o 2019. ʻO Azure Sentinel kēia, e hilinaʻi nei i ka ʻikepili mai Azure Monitor a hiki ke hoʻohui pū me. nā hoʻonā palekana waho (no ka laʻana, NGFW a i ʻole WAF), ke ulu mau nei ka papa inoa. Eia kekahi, ma o ka hoʻohui ʻana o ka Microsoft Graph Security API, hiki iā ʻoe ke hoʻohui i kāu mau meaʻai Threat Intelligence iā Sentinel, kahi e hoʻonui ai i ka hiki ke nānā i nā hanana i kāu ao Azure. Hiki ke hoʻopaʻapaʻa ʻia ʻo Azure Sentinel ʻo ia ka SIEM "ʻōiwi" mua i ʻike ʻia mai nā mea hāʻawi kapuaʻi (ʻo ia Splunk a i ʻole ELK, hiki ke hoʻokipa ʻia i ke ao, no ka laʻana, AWS, ʻaʻole i hoʻomohala ʻia e nā mea lawelawe kapuaʻi kahiko). Hiki ke kapa ʻia ʻo Azure Sentinel a me Security Center ʻo SOC no ke ao Azure a hiki ke kaupalena ʻia iā lākou (me kekahi mau hoʻomaha) inā ʻaʻole ʻoe i loaʻa hou kahi ʻōnaehana a ua hoʻololi ʻoe i kāu mau kumuwaiwai āpau i ke ao a ʻo ia ka Microsoft cloud Azure.

Akā no ka mea ʻaʻole lawa nā mana i kūkulu ʻia o Azure (ʻoiai inā he kau inoa ʻoe iā Sentinel) no ka nānā ʻana i ka palekana o ka ʻike a me ka hoʻohui ʻana i kēia kaʻina hana me nā kumu o nā hanana palekana (ʻo ke ao a me loko), aia kahi pono e hoʻokuʻu aku i ka ʻikepili i hōʻiliʻili ʻia i nā ʻōnaehana waho, kahi e komo pū ai me SIEM. Hana ʻia kēia me ka hoʻohana ʻana i ka API a me ka hoʻohana ʻana i nā hoʻonui kūikawā, i loaʻa i kēia manawa no nā SIEM e hiki mai ana - Splunk (Azure Monitor Add-On for Splunk), IBM QRadar (Microsoft Azure DSM), SumoLogic, ArcSight a me ELK. A hiki i kēia manawa, ua nui aʻe nā SIEM, akā mai Iune 1, 2019, ua kāpae ʻo Microsoft i ke kākoʻo ʻana i ka Azure Log Integration Tool (AzLog), i ka wanaʻao o ke ola ʻana o Azure a me ka ʻole o ka hana maʻamau o ka hana ʻana me nā lāʻau (Azure). ʻAʻole i loaʻa ka Monitor) i maʻalahi i ka hoʻohui ʻana i waho SIEM me ke ao Microsoft. I kēia manawa ua loli ke kūlana a ua paipai ʻo Microsoft i ka platform Azure Event Hub ma ke ʻano he mea hoʻohui nui no nā SIEM ʻē aʻe. He nui ka poʻe i hoʻokō i ia hoʻohui, akā e makaʻala - ʻaʻole paha lākou e hopu i nā lāʻau Azure āpau, akā kekahi wale nō (nānā i ka palapala no kāu SIEM).

Ke hoʻopau nei i kahi huakaʻi pōkole i Azure, makemake wau e hāʻawi i kahi ʻōlelo aʻoaʻo nui e pili ana i kēia lawelawe kapua - ma mua o kou ʻōlelo ʻana i kekahi mea e pili ana i nā hana mālama mālama ʻike ma Azure, pono ʻoe e hoʻonohonoho pono iā lākou a hoʻāʻo e hana lākou e like me ka mea i kākau ʻia ma ka palapala a e like me kā nā mea aʻoaʻo i ʻōlelo ai iā Microsoft (a he ʻokoʻa paha ko lākou manaʻo i ka hana o nā hana Azure). Inā loaʻa iā ʻoe nā kumuwaiwai kālā, hiki iā ʻoe ke ʻoki i nā ʻike he nui mai Azure e pili ana i ka nānā ʻana i ka ʻike palekana. Inā kaupalena kāu mau kumuwaiwai, a laila, e like me ka hihia o AWS, pono ʻoe e hilinaʻi wale i kou ikaika ponoʻī a me ka ʻikepili maka a Azure Monitor e hāʻawi iā ʻoe. A e hoʻomanaʻo i ka nui o nā hana nānā i ke kālā a ʻoi aku ka maikaʻi o ka hoʻomaʻamaʻa ʻana iā ʻoe iho me ke kulekele kumu kūʻai ma mua. No ka laʻana, no ka manuahi hiki iā ʻoe ke mālama i nā lā 31 o ka ʻikepili a hiki i ka 5 GB kiʻekiʻe no kēlā me kēia mea kūʻai aku - ʻoi aku ka nui o kēia mau waiwai e koi ʻia ʻoe e ʻoki kālā hou (ma kahi o $2+ no ka mālama ʻana i kēlā me kēia GB hou mai ka mea kūʻai aku a me $0,1 no ka mea kūʻai aku. e mālama ana i 1 GB i kēlā me kēia mahina hou). ʻO ka hana ʻana me ka telemetry noiʻi a me nā metric hiki ke koi aku i nā kālā hou, a me ka hana pū ʻana me nā mākaʻikaʻi a me nā leka hoʻomaopopo (loaʻa kahi palena no ka manuahi, ʻaʻole lawa paha no kāu mau pono).

Laʻana: Ka nānā ʻana i ka palekana ʻike ma IaaS ma muli o Google Cloud Platform

He ʻōpio ʻo Google Cloud Platform i hoʻohālikelike ʻia me AWS a me Azure, akā he hapa maikaʻi kēia. ʻAʻole like me AWS, ka mea i hoʻonui i kona hiki, me nā mea palekana, me ka mālie, me nā pilikia me ka centralization; ʻO GCP, e like me Azure, ʻoi aku ka maikaʻi o ka hoʻokele waena, e hōʻemi ana i nā hewa a me ka manawa hoʻokō ma waena o ka ʻoihana. Mai kahi hiʻohiʻona palekana, ʻo GCP, ʻokoʻa loa, ma waena o AWS a me Azure. Loaʻa iā ia kahi papa inoa hanana hoʻokahi no ka hui holoʻokoʻa, akā ʻaʻole i piha. Aia kekahi mau hana ma ke ʻano beta, akā pono e hoʻopau ʻia kēia hemahema a lilo ʻo GCP i kahua ʻoi aku ka makua ma ke ʻano o ka nānā ʻana i ka palekana ʻike.

ʻO ka mea hana nui no ka hoʻopaʻa ʻana i nā hanana ma GCP ʻo Stackdriver Logging (e like me Azure Monitor), e hiki ai iā ʻoe ke hōʻiliʻili i nā hanana ma kāu ʻōnaehana kapuaʻi holoʻokoʻa (a me AWS). Mai kahi hiʻohiʻona palekana ma GCP, ʻehā mau moʻolelo i kēlā me kēia hui, papahana a waihona paha:

• Admin Activity - loaʻa nā hanana āpau e pili ana i ke komo hoʻokele, no ka laʻana, ka hana ʻana i kahi mīkini virtual, hoʻololi i nā kuleana komo, etc. Ua kākau mau ʻia kēia log, me ka nānā ʻole i kou makemake, a mālama i kāna ʻikepili no 400 mau lā.
• Loaʻa i ka ʻikepili - loaʻa nā hanana āpau e pili ana i ka hana ʻana me ka ʻikepili e nā mea hoʻohana kapua (hana, hoʻololi, heluhelu, etc.). ʻO ka mea maʻamau, ʻaʻole i kākau ʻia kēia log, no ka mea, ʻoi loa ka pehu o kona leo. No kēia kumu, he 30 lā wale nō kona ola. Eia kekahi, ʻaʻole i kākau ʻia nā mea a pau ma kēia nūpepa. No ka laʻana, ʻaʻole i kākau ʻia nā hanana e pili ana i nā kumuwaiwai i hiki i nā mea hoʻohana āpau a i ʻole hiki ke komo me ka ʻole ʻana i ka GCP.
• Pūnaehana Pūnaehana - loaʻa nā hanana ʻōnaehana pili ʻole i nā mea hoʻohana, a i ʻole nā ​​hana a kahi luna hoʻomalu nāna e hoʻololi i ka hoʻonohonoho ʻana o nā kumuwaiwai ao. Ua kākau mau ʻia a mālama ʻia no 400 mau lā.
• He laʻana kū hoʻokahi ʻo Access Transparency o kahi log e hopu ana i nā hana a pau a nā limahana Google (akā ʻaʻole naʻe no nā lawelawe GCP āpau) i komo i kāu ʻoihana ma ke ʻano he ʻāpana o kā lākou mau hana. Mālama ʻia kēia log no nā lā 400 a ʻaʻole i loaʻa i kēlā me kēia mea kūʻai aku GCP, akā inā i hoʻokō ʻia kekahi mau kūlana (ʻo ke kākoʻo pae gula a Platinum paha, a i ʻole ka loaʻa ʻana o nā kuleana 4 o kekahi ʻano ma ke ʻano o ke kākoʻo hui). Loaʻa kekahi hana like, no ka laʻana, ma Office 365 - Lockbox.

Laʻana moʻolelo: Access Transparency

{
 insertId:  "abcdefg12345"
 jsonPayload: {
  @type:  "type.googleapis.com/google.cloud.audit.TransparencyLog"
  location: {
   principalOfficeCountry:  "US"
   principalEmployingEntity:  "Google LLC"
   principalPhysicalLocationCountry:  "CA"
  }
  product: [
   0:  "Cloud Storage"
  ]
  reason: [
    detail:  "Case number: bar123"
    type:  "CUSTOMER_INITIATED_SUPPORT"
  ]
  accesses: [
   0: {
    methodName: "GoogleInternal.Read"
    resourceName: "//googleapis.com/storage/buckets/[BUCKET_NAME]/objects/foo123"
    }
  ]
 }
 logName:  "projects/[PROJECT_NAME]/logs/cloudaudit.googleapis.com%2Faccess_transparency"
 operation: {
  id:  "12345xyz"
 }
 receiveTimestamp:  "2017-12-18T16:06:37.400577736Z"
 resource: {
  labels: {
   project_id:  "1234567890"
  }
  type:  "project"
 }
 severity:  "NOTICE"
 timestamp:  "2017-12-18T16:06:24.660001Z"
}

Hiki ke komo i kēia mau lāʻau ma nā ʻano like ʻole (e like me ka mea i kūkākūkā mua ʻia ʻo Azure a me AWS) - ma o ka Log Viewer interface, ma o ka API, ma o Google Cloud SDK, a i ʻole ma o ka ʻaoʻao Activity o kāu papahana āu e hana ai. hoihoi i na hanana. Ma ke ala like, hiki ke hoʻokuʻu ʻia i nā hoʻonā o waho no ka nānā hou ʻana. Hana ʻia ka mea hope ma ka lawe ʻana i nā lāʻau i BigQuery a i ʻole Cloud Pub/Sub storage.

Ma waho aʻe o Stackdriver Logging, hāʻawi ka GCP platform i ka Stackdriver Monitoring functionality, e hiki ai iā ʻoe ke nānā i nā metric koʻikoʻi (hana, MTBF, olakino holoʻokoʻa, etc.) o nā lawelawe kapuaʻi a me nā noi. Hiki ke maʻalahi ka ʻikepili i hana ʻia a ʻike ʻia i ka loaʻa ʻana o nā pilikia i kāu ʻōnaehana kapuaʻi, me ka pōʻaiapili o ka palekana. Akā e hoʻomaopopo ʻia ʻaʻole e waiwai nui kēia hana i ka pōʻaiapili o ka palekana ʻike, ʻoiai i kēia lā ʻaʻohe analogue o GCP o ka AWS GuardDuty like a ʻaʻole hiki ke ʻike i nā mea ʻino i waena o nā hanana i hoʻopaʻa ʻia (Ua hoʻomohala ʻo Google i ka Hōʻike Hōʻike Hōʻikeʻike, akā ke hoʻomohala ʻia nei i ka beta a ʻaʻole hiki ke kamaʻilio e pili ana i kona pono). Hiki ke hoʻohana ʻia ʻo Stackdriver Monitoring ma ke ʻano he ʻōnaehana no ka ʻike ʻana i nā anomalies, a laila e noiʻi ʻia e ʻike i nā kumu o ko lākou hanana. Akā no ka nele o nā limahana i kūpono i ke kahua o ka palekana ʻike GCP ma ka mākeke, ʻano paʻakikī kēia hana i kēia manawa.

He mea kūpono hoʻi e hāʻawi i kahi papa inoa o kekahi mau modula palekana ʻike hiki ke hoʻohana ʻia i loko o kāu ao GCP, a ua like ia me ka mea a AWS e hāʻawi ai:

• ʻO Cloud Security Command Center kahi mea hoʻohālikelike o AWS Security Hub a me Azure Security Center.
• Cloud DLP - ʻIke a me ka hoʻoponopono ʻokoʻa (e laʻa.
• ʻO Cloud Scanner kahi scanner no nā nāwaliwali i ʻike ʻia (XSS, Flash Injection, hale waihona puke ʻaʻole i hoʻopaʻa ʻia, etc.) ma App Engine, Compute Engine a me Google Kubernetes.
• Cloud IAM - E hoʻomalu i ke komo ʻana i nā kumuwaiwai GCP āpau.
• Cloud Identity - Hoʻoponopono i ka mea hoʻohana GCP, ka mea hoʻohana a me ka moʻokāki noi mai hoʻokahi console.
• Cloud HSM - pale i nā kī cryptographic.
• Cloud Key Management Service - hoʻokele i nā kī cryptographic ma GCP.
• Ka Mana Hana VPC - E hana i kahi palena paʻa a puni kāu kumu waiwai GCP e pale aku iā lākou mai nā leak.
• Titan Security Key - pale i ka phishing.

Hoʻopuka ka nui o kēia mau modula i nā hanana palekana i hiki ke hoʻouna ʻia i kahi waihona BigQuery no ka nānā ʻana a i ʻole ka hoʻokuʻu ʻana i nā ʻōnaehana ʻē aʻe, me ka SIEM. E like me ka mea i ʻōlelo ʻia ma luna, he kahua hoʻomohala ikaika ʻo GCP a ke hoʻomohala nei ʻo Google i kekahi mau modula palekana ʻike hou no kāna paepae. Ma waena o lākou ʻo Event Threat Detection (loaʻa i kēia manawa ma ka beta), e nānā ana i nā log Stackdriver e ʻimi i nā ʻāpana o ka hana ʻae ʻole (e like me GuardDuty ma AWS), a i ʻole Policy Intelligence (loaʻa i ka alpha), e hiki ai iā ʻoe ke hoʻomohala i nā kulekele naʻauao no komo i nā kumuwaiwai GCP.

Ua hana wau i kahi ʻike pōkole o nā mana nānā i kūkulu ʻia i loko o nā paepae ao kaulana. Akā, loaʻa iā ʻoe nā loea i hiki ke hana me nā lāʻau hoʻolako "raw" IaaS (ʻaʻole mākaukau nā mea a pau e kūʻai i nā mana holomua o AWS a i ʻole Azure a i ʻole Google)? Eia kekahi, he nui ka poʻe i kamaʻāina i ka ʻōlelo "hilinaʻi, akā hōʻoia," ʻoi aku ka ʻoiaʻiʻo ma mua o ka ʻoihana palekana. Pehea ka nui o kou hilinaʻi ʻana i nā mana i kūkulu ʻia o ka mea hāʻawi kapua e hoʻouna iā ʻoe i nā hanana palekana ʻike? Pehea ka nui o kā lākou nānā ʻana i ka palekana ʻike?

I kekahi manawa he mea kūpono ke nānā aku i nā ʻōnaehana nānā ʻana i nā ʻōnaehana kapuaʻi i hiki ke hoʻokō i ka palekana kapuaʻi i kūkulu ʻia, a i kekahi manawa ʻo ia wale nō ke koho e loaʻa ai ka ʻike i ka palekana o kāu ʻikepili a me nā noi i mālama ʻia ma ke ao. Eia kekahi, ʻoi aku ka maʻalahi o lākou, no ka mea, lawe lākou i nā hana āpau o ka nānā ʻana i nā lāʻau pono i hana ʻia e nā lawelawe kapuaʻi like ʻole mai nā mea hāʻawi kapuaʻi like ʻole. ʻO kahi laʻana o ia ʻano hoʻonā overlay ʻo Cisco Stealthwatch Cloud, kahi i kālele ʻia ma kahi hana hoʻokahi - ka nānā ʻana i nā anomalies palekana ʻike i nā ʻano ao, ʻaʻole wale ʻo Amazon AWS, Microsoft Azure a me Google Cloud Platform, akā i nā ao pilikino pū kekahi.

Laʻana: Ka nānā ʻana i ka ʻike palekana me ka hoʻohana ʻana i ka Stealthwatch Cloud

Hāʻawi ʻo AWS i kahi kahua hoʻopili maʻalahi, akā ʻo kēia maʻalahi e maʻalahi i nā ʻoihana e hana hewa e alakaʻi i nā pilikia palekana. A ʻo ke kumu hoʻohālike palekana ʻike i hāʻawi wale i kēia. Ke holo nei i nā polokalamu i loko o ke ao me nā nāwaliwali ʻike ʻole (hiki ke hakakā ʻia nā mea i ʻike ʻia, no ka laʻana, e AWS Inspector a i ʻole GCP Cloud Scanner), nā ʻōlelo huna nāwaliwali, nā hoʻonohonoho hewa ʻole, nā insiders, etc. A ʻike ʻia kēia mau mea a pau i ke ʻano o nā kumuwaiwai kapuaʻi, hiki ke nānā ʻia e Cisco Stealthwatch Cloud, ʻo ia ka ʻike palekana ʻike a me ka ʻōnaehana ʻike hoʻouka kaua. ao lehulehu a pilikino.

ʻO kekahi o nā hiʻohiʻona nui o Cisco Stealthwatch Cloud ʻo ia ka hiki ke hoʻohālike i nā hui. Me ia, hiki iā ʻoe ke hana i kahi hiʻohiʻona polokalamu (ʻo ia hoʻi, kahi simulation kokoke i ka manawa maoli) o kēlā me kēia o kāu mau kumuwaiwai ao (ʻaʻole ia he mea nui inā ʻo AWS, Azure, GCP, a i ʻole kekahi mea ʻē aʻe). Hiki i kēia mau mea ke komo i nā kikowaena a me nā mea hoʻohana, a me nā ʻano kumuwaiwai kikoʻī i kāu kaiapuni kapua, e like me nā pūʻulu palekana a me nā pūʻulu auto-scale. Hoʻohana kēia mau hiʻohiʻona i nā kahawai ʻikepili i hoʻolako ʻia e nā lawelawe kapuaʻi ma ke ʻano he hoʻokomo. No ka laʻana, no AWS kēia mau VPC Flow Logs, AWS CloudTrail, AWS CloudWatch, AWS Config, AWS Inspector, AWS Lambda, a me AWS IAM. ʻIke ʻokoʻa ka hoʻohālikelike ʻana i ka hana a me ke ʻano o kekahi o kāu mau kumuwaiwai (hiki iā ʻoe ke kamaʻilio e pili ana i ka hoʻopili ʻana i nā hana ao āpau). Loaʻa kēia mau hana i ka polokalamu kelepona Android a Apple paha, Citrix PVS server, RDP server, mail gateway, VoIP client, terminal server, domain controller, etc. A laila nānā mau ʻo ia i kā lākou ʻano e hoʻoholo ai i ka wā e kū mai ai ka hana hoʻoweliweli a palekana paha. Hiki iā ʻoe ke ʻike i ka koho ʻana i ka huaʻōlelo, ka hoʻouka ʻana o DDoS, ka leaks data, ke komo mamao ʻole, ka hana code malicious, vulnerability scanning a me nā mea hoʻoweliweli ʻē aʻe. No ka laʻana, ʻo kēia ka mea e ʻike ai i kahi hoʻāʻo e komo mamao mai kahi ʻāina atypical no kāu hui (South Korea) i kahi pūʻulu Kubernetes ma o SSH e like me:

A ʻo kēia ke ʻano o ka leak o ka ʻike mai ka ʻikepili Postgress i kahi ʻāina a mākou i ʻike ʻole ai ma mua o ka launa pū ʻana:

ʻO ka mea hope loa, ʻo ia ka nui o nā hoʻāʻo SSH i hāʻule ʻole mai Kina a me Indonesia mai kahi ʻaoʻao mamao waho e like me:

A i ʻole, e manaʻo paha ʻo ke kikowaena kikowaena i ka VPC, ma ke kulekele, ʻaʻole ia he wahi hoʻopaʻa inoa mamao. E noʻonoʻo hou kākou ua loaʻa kēia kamepiula i kahi logon mamao ma muli o ka hoʻololi hewa ʻana i ke kulekele lula ahi. E ʻike a hōʻike ka hiʻohiʻona Entity Modeling i kēia hana ("Unusual Remote Access") ma kahi kokoke i ka manawa maoli a kuhikuhi i ke kelepona AWS CloudTrail, Azure Monitor, a i ʻole GCP Stackdriver Logging API (me ka inoa inoa, ka lā a me ka manawa, me nā kikoʻī ʻē aʻe. ). A laila hiki ke hoʻouna ʻia kēia ʻike i SIEM no ka nānā ʻana.

Hoʻokō ʻia nā mana like no kēlā me kēia ao ao i kākoʻo ʻia e Cisco Stealthwatch Cloud:

He ʻano kū hoʻokahi ʻo ka hoʻohālikelike ʻana o ka hui e hiki ke wehe i kahi pilikia i ʻike mua ʻole ʻia me kāu poʻe, kaʻina hana a i ʻole ka ʻenehana. No ka laʻana, hiki iā ʻoe ke ʻike, ma waena o nā mea ʻē aʻe, nā pilikia palekana e like me:

• Ua ʻike anei kekahi i kahi puka hope ma ka polokalamu a mākou e hoʻohana ai?
• Aia kekahi polokalamu ʻaoʻao ʻekolu a i ʻole mea hana ma kā mākou ao?
• Ke hoʻohana ʻino nei ka mea hoʻohana i nā pono?
• Ua hewa paha ka hoʻonohonoho ʻana i hiki ke komo mamao a i ʻole ka hoʻohana ʻole ʻia ʻana o nā kumuwaiwai?
• Aia kahi leak data mai kā mākou mau kikowaena?
• Ke hoʻāʻo nei kekahi e hoʻopili iā mākou mai kahi wahi ʻāina atypical?
• Ua maʻi ʻia kā mākou ao me nā code malicious?

Hiki ke hoʻouna ʻia kahi hanana palekana ʻike i ʻike ʻia ma ke ʻano o kahi tikiki pili iā Slack, Cisco Spark, ka ʻōnaehana hoʻokele hanana hanana PagerDuty, a hoʻouna pū ʻia i nā SIEM like ʻole, me Splunk a i ʻole ELK. No ka hōʻuluʻulu ʻana, hiki iā mākou ke ʻōlelo inā hoʻohana kāu ʻoihana i kahi hoʻolālā multi-cloud a ʻaʻole i kaupalena ʻia i kekahi mea hāʻawi kapuaʻi, ʻo ka hiki ke nānā ʻana i ka ʻikepili i hōʻike ʻia ma luna, a laila hoʻohana ʻo Cisco Stealthwatch Cloud kahi koho maikaʻi e kiʻi i kahi hoʻonohonoho hoʻokahi o ka nānā. hiki i nā mea pāʻani ao alakaʻi - Amazon, Microsoft a me Google. ʻO ka mea hoihoi loa inā ʻoe e hoʻohālikelike i nā kumukūʻai no Stealthwatch Cloud me nā laikini kiʻekiʻe no ka nānā ʻana i ka palekana ʻike ma AWS, Azure a i ʻole GCP, hiki ke ʻike ʻia e ʻoi aku ka liʻiliʻi o ka hopena Cisco ma mua o nā mea i kūkulu ʻia o Amazon, Microsoft. a me nā hoʻonā Google. He kuʻikahi, akā he ʻoiaʻiʻo. A ʻoi aku ka nui o nā ao a me ko lākou hiki ke hoʻohana ʻia, ʻoi aku ka maopopo o ka pono o kahi hoʻonā hoʻohui.

Eia hou, hiki iā Stealthwatch Cloud ke nānā i nā ao pilikino i hoʻonohonoho ʻia i kāu hui, no ka laʻana, e pili ana i nā pahu Kubernetes a i ʻole ka nānā ʻana i nā kahe Netflow a i ʻole nā ​​​​pili pūnaewele i loaʻa ma o ka hoʻohālikelike ʻana i nā lako pūnaewele (ʻoiai i hana ʻia ma ka home), ʻikepili AD a i ʻole nā ​​kikowaena DNS a pēlā aku. E hoʻonui ʻia kēia ʻikepili āpau me ka ʻike Threat Intelligence i hōʻiliʻili ʻia e Cisco Talos, ka hui nui ʻole o ke aupuni o nā mea noiʻi hoʻoweliweli cybersecurity.

Hāʻawi kēia iā ʻoe e hoʻokō i kahi ʻōnaehana kiaʻi hoʻokahi no nā ao ākea a me nā ao hybrid e hoʻohana ai kāu hui. Hiki ke kālailai ʻia ka ʻike i hōʻiliʻili ʻia me ka hoʻohana ʻana i nā mana i kūkulu ʻia ʻo Stealthwatch Cloud a i hoʻouna ʻia i kāu SIEM (Splunk, ELK, SumoLogic a me nā mea ʻē aʻe i kākoʻo ʻia e ka paʻamau).

Me kēia, e hoʻopau mākou i ka ʻāpana mua o ka ʻatikala, kahi aʻu i nānā ai i nā mea hana i kūkulu ʻia a me waho no ka nānā ʻana i ka palekana ʻike o nā platform IaaS/PaaS, e ʻae iā mākou e ʻike koke a pane aku i nā hanana e kū mai ana i loko o ke ao. ua koho kā mākou ʻoihana. Ma ka ʻaoʻao ʻelua, e hoʻomau mākou i ke kumuhana a nānā i nā koho no ka nānā ʻana i nā platform SaaS me ka hoʻohana ʻana i ka laʻana o Salesforce a me Dropbox, a e hoʻāʻo pū mākou e hōʻuluʻulu a hoʻohui i nā mea āpau ma o ka hoʻokumu ʻana i kahi ʻōnaehana nānā palekana ʻike i hui ʻia no nā mea hāʻawi kapuaʻi like ʻole.

Source: www.habr.com