Cloud Security Monitoring

Tsiv cov ntaub ntawv thiab cov ntawv thov mus rau huab nthuav qhia qhov kev sib tw tshiab rau cov koom haum SOCs, uas tsis yog ib txwm npaj los saib xyuas lwm tus neeg cov txheej txheem. Raws li Netoskope, kev lag luam nruab nrab (tseem ceeb hauv Asmeskas) siv 1246 qhov kev pabcuam huab sib txawv, uas yog 22% ntau dua ib xyoos dhau los. 1246 huab kev pabcuam !!! 175 ntawm lawv cuam tshuam nrog HR cov kev pabcuam, 170 muaj feem cuam tshuam nrog kev lag luam, 110 yog nyob rau hauv kev sib txuas lus thiab 76 yog nyiaj txiag thiab CRM. Cisco siv "tsuas yog" 700 cov kev pabcuam huab sab nraud. Yog li kuv tsis meej pem me ntsis ntawm cov lej no. Tab sis nyob rau hauv txhua rooj plaub, qhov teeb meem tsis yog nrog lawv, tab sis nrog lub fact tias huab yog pib siv heev nquag nquag siv los ntawm ib tug zuj zus tooj ntawm cov tuam txhab uas muag xav kom muaj ib tug tib lub peev xwm los saib xyuas huab infrastructure raws li nyob rau hauv lawv tus kheej network. Thiab qhov sib txawv no loj hlob - raws li raws li American Chamber of Accounts Txog xyoo 2023, 1200 lub chaw cov ntaub ntawv yuav raug kaw hauv Tebchaws Meskas (6250 tau kaw lawm). Tab sis kev hloov mus rau huab tsis yog "cia peb txav peb cov servers mus rau lwm tus neeg muab kev pabcuam." IT architecture tshiab, software tshiab, txheej txheem tshiab, kev txwv tshiab ... Tag nrho cov no coj cov kev hloov pauv tseem ceeb rau kev ua haujlwm tsis yog IT nkaus xwb, tab sis kuj tseem muaj kev ruaj ntseg cov ntaub ntawv. Thiab yog tias cov neeg muab kev pabcuam tau kawm txog kev tiv thaiv kev nyab xeeb ntawm huab nws tus kheej (zoo hmoo muaj ntau cov lus pom zoo), tom qab ntawd nrog huab cov ntaub ntawv kev nyab xeeb saib xyuas, tshwj xeeb tshaj yog ntawm SaaS platforms, muaj teeb meem loj, uas peb yuav tham txog.

Wb hais tias koj lub tuam txhab tau tsiv ib feem ntawm nws cov infrastructure rau huab... Nres. Tsis yog li no. Yog hais tias lub infrastructure tau raug xa mus, thiab koj tsuas yog tam sim no xav txog yuav ua li cas koj yuav saib xyuas nws, ces koj twb poob lawm. Tshwj tsis yog nws yog Amazon, Google, lossis Microsoft (thiab tom qab ntawd nrog kev tshwj tseg), tej zaum koj yuav tsis muaj peev xwm saib xyuas koj cov ntaub ntawv thiab cov ntawv thov. Nws yog qhov zoo yog tias koj muaj sijhawm los ua haujlwm nrog cov cav. Qee zaum cov ntaub ntawv muaj kev ruaj ntseg yuav muaj, tab sis koj yuav tsis nkag mus rau nws. Piv txwv li, Office 365. Yog tias koj muaj daim ntawv tso cai E1 pheej yig tshaj plaws, ces cov xwm txheej kev nyab xeeb tsis muaj rau koj txhua. Yog tias koj muaj daim ntawv tso cai E3, koj cov ntaub ntawv khaws cia tsuas yog 90 hnub, thiab tsuas yog tias koj muaj daim ntawv tso cai E5, lub sijhawm ntawm cov cav muaj nyob rau ib xyoos (txawm li cas los xij, qhov no kuj muaj nws tus kheej nuances ntsig txog qhov xav tau cais. thov kom muaj ntau txoj haujlwm rau kev ua haujlwm nrog cov ntaub ntawv los ntawm Microsoft kev txhawb nqa). Los ntawm txoj kev, daim ntawv tso cai E3 yog qhov tsis muaj zog nyob rau hauv cov nqe lus ntawm kev saib xyuas lub luag haujlwm tshaj li kev sib pauv lag luam. Txhawm rau ua tiav tib theem, koj xav tau daim ntawv tso cai E5 lossis daim ntawv tso cai Advanced Compliance, uas tej zaum yuav xav tau nyiaj ntxiv uas tsis suav nrog koj tus qauv nyiaj txiag rau kev txav mus rau huab cua. Thiab qhov no tsuas yog ib qho piv txwv ntawm underestimation ntawm cov teeb meem ntsig txog huab cov ntaub ntawv kev ruaj ntseg xyuas. Nyob rau hauv tsab xov xwm no, yam tsis tau ua piv txwv ua tiav, kuv xav kos xim rau qee qhov nuances uas yuav tsum tau coj mus rau hauv tus account thaum xaiv tus neeg muab kev pabcuam huab los ntawm qhov kev pom kev ruaj ntseg. Thiab thaum kawg ntawm tsab xov xwm, ib daim ntawv txheeb xyuas yuav muab uas tsim nyog ua kom tiav ua ntej txiav txim siab tias qhov teeb meem ntawm kev saib xyuas huab ntaub ntawv kev ruaj ntseg tau raug daws lawm.

Muaj ntau ntau yam teeb meem uas ua rau muaj xwm txheej hauv huab ib puag ncig, uas cov ntaub ntawv kev ruaj ntseg tsis muaj sijhawm los teb lossis tsis pom lawv txhua:

• Kev ruaj ntseg cav tsis muaj nyob. Qhov no yog qhov xwm txheej zoo sib xws, tshwj xeeb tshaj yog cov neeg tshiab tshiab hauv kev lag luam huab daws. Tab sis koj yuav tsum tsis txhob tso tseg rau lawv tam sim ntawd. Cov me me, tshwj xeeb tshaj yog cov neeg nyob hauv tsev, muaj kev nkag siab ntau dua rau cov neeg siv khoom xav tau thiab tuaj yeem siv tau sai sai rau qee qhov kev xav tau los ntawm kev hloov pauv txoj kev pom zoo rau lawv cov khoom. Yog lawm, qhov no yuav tsis yog qhov piv txwv ntawm GuardDuty los ntawm Amazon lossis "Proactive Protection" module los ntawm Bitrix, tab sis tsawg kawg yog qee yam.
• Cov ntaub ntawv kev ruaj ntseg tsis paub qhov chaw khaws cia lossis tsis muaj kev nkag mus rau lawv. Ntawm no nws yog ib qho tsim nyog yuav tsum tau nkag mus rau hauv kev sib tham nrog tus neeg muab kev pabcuam huab - tej zaum nws yuav muab cov ntaub ntawv zoo li no yog tias nws xav tias tus neeg siv khoom tseem ceeb rau nws. Tab sis feem ntau, nws tsis zoo heev thaum nkag mus rau cov cav yog muab "los ntawm kev txiav txim siab tshwj xeeb."
• Nws kuj tshwm sim tias tus neeg muab kev pabcuam huab muaj cov ntawv teev cia, tab sis lawv muab kev saib xyuas tsis pub dhau thiab kaw cov xwm txheej, uas tsis txaus los txheeb xyuas txhua qhov xwm txheej. Piv txwv li, koj tsuas yog tau txais cov ntawv teev cov kev hloov pauv ntawm lub vev xaib lossis cov ntawv teev cov neeg siv kev sim ua pov thawj, tab sis tsis yog lwm yam xwm txheej, xws li kev sib txuas hauv network, uas yuav nkaum ntawm koj tag nrho cov txheej xwm uas qhia txog kev sim nyiag koj cov huab cua.
• Muaj cov cav, tab sis kev nkag mus rau lawv yog qhov nyuaj rau automate, uas yuam kom lawv saib xyuas tsis tu ncua, tab sis raws sijhawm. Thiab yog tias koj tsis tuaj yeem rub tawm cov cav tau, ces rub tawm cov cav, piv txwv li, hauv Excel hom (raws li nrog ntau tus neeg muab kev pabcuam huab cua hauv tsev), tej zaum yuav ua rau muaj kev tsis txaus siab ntawm cov tuam txhab cov ntaub ntawv kev ruaj ntseg kev pabcuam rau tinker nrog lawv.
• Tsis muaj log saib xyuas. Qhov no yog kab tias qhov laj thawj tsis meej tshaj plaws rau qhov tshwm sim ntawm cov ntaub ntawv kev nyab xeeb xwm txheej hauv huab ib puag ncig. Nws zoo nkaus li tias muaj cov cav, thiab nws muaj peev xwm ua kom nkag mus rau lawv, tab sis tsis muaj leej twg ua qhov no. Vim li cas?

Sib koom huab kev ruaj ntseg tswvyim

Kev hloov pauv mus rau huab yog ib txwm tshawb nrhiav qhov sib npaug ntawm lub siab xav tswj hwm kev tswj hwm kev tsim kho vaj tse thiab hloov mus rau ntau tus kws tshaj lij ntawm cov neeg muab kev pabcuam huab uas tshwj xeeb hauv kev tswj hwm nws. Thiab nyob rau hauv kev nyab xeeb huab cua, qhov nyiaj tshuav no kuj yuav tsum tau nrhiav. Ntxiv mus, nyob ntawm huab cua kev pabcuam tus qauv siv (IaaS, PaaS, SaaS), qhov nyiaj tshuav no yuav txawv txhua lub sijhawm. Txawm li cas los xij, peb yuav tsum nco ntsoov tias txhua tus neeg muab kev pabcuam huab niaj hnub no ua raws li lub luag haujlwm hu ua kev sib koom tes thiab kev sib koom cov ntaub ntawv kev ruaj ntseg qauv. Cov huab yog lub luag haujlwm rau qee yam, thiab rau lwm tus neeg siv lub luag haujlwm, tso nws cov ntaub ntawv, nws cov ntawv thov, nws lub tshuab virtual thiab lwm yam khoom siv hauv huab. Nws yuav yog qhov tsis txaus ntseeg kom cia siab tias los ntawm kev mus rau huab, peb yuav hloov txhua lub luag haujlwm rau tus neeg muab kev pabcuam. Tab sis nws kuj tsis tsim nyog los tsim kom muaj kev ruaj ntseg ntawm koj tus kheej thaum tsiv mus rau huab. Yuav tsum muaj qhov sib npaug, uas yuav nyob ntawm ntau yam: - kev tswj hwm kev pheej hmoo, qauv kev hem thawj, kev ruaj ntseg mechanisms muaj rau huab muab kev pabcuam, kev cai lij choj, thiab lwm yam.

Piv txwv li, kev faib cov ntaub ntawv tuav hauv huab yog ib txwm ua lub luag haujlwm ntawm tus neeg siv khoom. Ib tus neeg muab kev pabcuam huab lossis ib tus neeg muab kev pabcuam sab nraud tuaj yeem pab nws nrog cov cuab yeej uas yuav pab khij cov ntaub ntawv hauv huab, txheeb xyuas kev ua txhaum cai, tshem tawm cov ntaub ntawv uas ua txhaum cai, lossis npog nws siv ib txoj hauv kev lossis lwm yam. Ntawm qhov tod tes, kev ruaj ntseg ntawm lub cev ib txwm yog lub luag haujlwm ntawm tus muab kev pabcuam huab, uas nws tsis tuaj yeem koom nrog cov neeg siv khoom. Tab sis txhua yam uas nyob nruab nrab ntawm cov ntaub ntawv thiab lub cev infrastructure yog qhov tseeb ntawm kev sib tham hauv kab lus no. Piv txwv li, qhov muaj huab cua yog lub luag haujlwm ntawm tus neeg muab kev pabcuam, thiab teeb tsa cov cai ntawm firewall lossis ua kom encryption yog lub luag haujlwm ntawm tus neeg siv khoom. Hauv tsab xov xwm no peb yuav sim saib seb cov ntaub ntawv kev nyab xeeb saib xyuas cov txheej txheem twg yog muab hnub no los ntawm ntau lub chaw pabcuam huab nrov hauv tebchaws Russia, dab tsi yog cov yam ntxwv ntawm lawv siv, thiab thaum twg nws tsim nyog saib rau cov kev daws teeb meem sab nraud (piv txwv li, Cisco E- mail Security) uas nthuav dav lub peev xwm ntawm koj cov huab raws li cybersecurity. Qee qhov xwm txheej, tshwj xeeb tshaj yog tias koj tab tom ua raws ntau lub tswv yim huab, koj yuav tsis muaj kev xaiv tab sis siv cov ntaub ntawv sab nraud kev ruaj ntseg xyuas cov kev daws teeb meem hauv ntau qhov chaw huab ib zaug (piv txwv li Cisco CloudLock lossis Cisco Stealthwatch Cloud). Zoo, qee zaum koj yuav paub tias tus neeg muab kev pabcuam huab uas koj tau xaiv (lossis yuam rau koj) tsis muaj cov ntaub ntawv muaj peev xwm saib xyuas kev nyab xeeb txhua. Qhov no tsis kaj siab, tab sis kuj tsis yog me ntsis, vim nws tso cai rau koj los ntsuas qhov kev pheej hmoo cuam tshuam nrog kev ua haujlwm nrog huab cua no.

Cloud Security Monitoring Lifecycle

Txhawm rau saib xyuas kev ruaj ntseg ntawm huab koj siv, koj tsuas muaj peb txoj kev xaiv:

• cia siab rau cov cuab yeej muab los ntawm koj tus kws kho mob huab,
• siv cov kev daws teeb meem los ntawm peb tog uas yuav saib xyuas IaaS, PaaS lossis SaaS platforms koj siv,
• tsim koj tus kheej huab saib xyuas infrastructure (tsuas yog rau IaaS / PaaS platforms).

Cia peb saib seb txhua qhov kev xaiv no muaj dab tsi. Tab sis ua ntej, peb yuav tsum nkag siab txog cov txheej txheem dav dav uas yuav siv tau thaum saib xyuas huab platforms. Kuv yuav hais txog 6 lub ntsiab ntawm cov ntaub ntawv kev ruaj ntseg xyuas cov txheej txheem hauv huab:

• Kev npaj ntawm infrastructure. Kev txiav txim siab tsim nyog cov ntawv thov thiab cov txheej txheem rau kev sau cov xwm txheej tseem ceeb rau cov ntaub ntawv kev ruaj ntseg rau hauv kev khaws cia.
• Sau. Nyob rau theem no, cov xwm txheej kev ruaj ntseg tau sib sau ua ke los ntawm ntau qhov chaw rau kev xa mus tom ntej rau kev ua haujlwm, khaws cia thiab tshuaj xyuas.
• Kev kho mob. Nyob rau theem no, cov ntaub ntawv hloov pauv thiab ua kom muaj txiaj ntsig zoo los pab txhawb kev txheeb xyuas tom ntej.
• Cia. Cov khoom no yog lub luag haujlwm rau lub sijhawm luv thiab ntev cia ntawm cov ntaub ntawv ua tiav thiab cov ntaub ntawv nyoos.
• Kev tsom xam. Nyob rau theem no, koj muaj peev xwm txheeb xyuas qhov xwm txheej thiab teb rau lawv tau los yog manually.
• Qhia. Cov theem no yuav pab tsim cov cim qhia tseem ceeb rau cov neeg koom nrog (kev tswj hwm, cov neeg soj ntsuam, cov neeg muab kev pabcuam huab, cov neeg siv khoom, thiab lwm yam) uas pab peb txiav txim siab qee yam, piv txwv li, hloov tus neeg muab kev pabcuam lossis ntxiv dag zog rau cov ntaub ntawv kev ruaj ntseg.

Kev nkag siab txog cov ntsiab lus no yuav tso cai rau koj txiav txim siab sai sai rau yav tom ntej yam koj tuaj yeem coj los ntawm koj tus kws kho mob thiab koj yuav tau ua dab tsi rau koj tus kheej lossis nrog kev koom tes ntawm cov kws pab tswv yim sab nraud.

Built-in huab kev pabcuam

Kuv twb tau sau saum toj no tias ntau qhov kev pabcuam huab hnub no tsis muab cov ntaub ntawv kev nyab xeeb saib xyuas kev muaj peev xwm. Feem ntau, lawv tsis them nyiaj ntau rau lub ntsiab lus ntawm kev ruaj ntseg cov ntaub ntawv. Piv txwv li, ib qho ntawm cov kev pabcuam Lavxias nrov rau kev xa cov ntawv ceeb toom rau tsoomfwv cov koomhaum hauv Is Taws Nem (Kuv yuav tsis hais tshwj xeeb nws lub npe). Tag nrho ntu hais txog kev ruaj ntseg ntawm qhov kev pabcuam no yog nyob ntawm kev siv CIPF ntawv pov thawj. Cov ntaub ntawv kev ruaj ntseg ntawm lwm qhov kev pabcuam huab cua hauv tsev rau kev tswj cov ntaub ntawv hluav taws xob tsis txawv. Nws hais txog cov ntawv pov thawj tseem ceeb rau pej xeem, muaj ntawv pov thawj cryptography, tshem tawm qhov tsis zoo hauv lub vev xaib, tiv thaiv DDoS tawm tsam, siv firewalls, backups, thiab txawm tias cov ntaub ntawv tshawb xyuas kev ruaj ntseg. Tab sis tsis muaj ib lo lus hais txog kev saib xyuas, thiab tsis hais txog qhov muaj peev xwm nkag mus rau cov ntaub ntawv kev nyab xeeb cov xwm txheej uas tej zaum yuav txaus siab rau cov neeg siv khoom ntawm qhov chaw pabcuam no.

Feem ntau, los ntawm txoj kev uas tus neeg muab kev pabcuam huab piav qhia txog cov teeb meem kev nyab xeeb ntawm nws lub vev xaib thiab hauv nws cov ntaub ntawv, koj tuaj yeem nkag siab tias nws yuav siv qhov teeb meem no li cas. Piv txwv li, yog tias koj nyeem phau ntawv qhia rau "Kuv Lub Chaw Haujlwm" cov khoom, tsis muaj ib lo lus hais txog kev ruaj ntseg, tab sis hauv cov ntaub ntawv rau cov khoom cais "Kuv Lub Chaw Haujlwm. KS3 ", tsim los tiv thaiv kev nkag mus tsis tau tso cai, muaj ib txwm teev cov ntsiab lus ntawm 17th kev txiav txim ntawm FSTEC, uas "Kuv Lub Chaw Haujlwm.KS3" siv, tab sis nws tsis tau piav qhia tias nws siv nws li cas thiab, qhov tseem ceeb tshaj, yuav ua li cas. koom ua ke cov txheej txheem no nrog cov ntaub ntawv ntiag tug kev ruaj ntseg. Tej zaum cov ntaub ntawv no muaj, tab sis kuv tsis pom nws nyob rau hauv pej xeem sau, ntawm "Kuv Lub Chaw Haujlwm" lub vev xaib. Txawm hais tias tej zaum kuv tsuas yog tsis muaj kev nkag mus rau cov ntaub ntawv zais cia? ..

Rau Bitrix, qhov xwm txheej zoo dua. Cov ntaub ntawv piav qhia txog cov qauv ntawm cov xwm txheej cav thiab, nthuav, lub cav nkag, uas muaj cov xwm txheej cuam tshuam txog kev hem thawj rau huab platform. Los ntawm qhov ntawd koj tuaj yeem rub tawm tus IP, tus neeg siv lossis tus qhua lub npe, qhov xwm txheej, sijhawm, Tus Neeg Siv Khoom, hom kev tshwm sim, thiab lwm yam. Muaj tseeb, koj tuaj yeem ua haujlwm nrog cov xwm txheej no los ntawm kev tswj hwm ntawm huab nws tus kheej, lossis xa cov ntaub ntawv hauv MS Excel hom. Nws yog tam sim no nyuaj rau automate ua hauj lwm nrog Bitrix cav thiab koj yuav tau ua ib co ntawm cov hauj lwm manually (uploading daim ntawv qhia thiab loading rau hauv koj SIEM). Tab sis yog tias peb nco qab tias txog thaum nyuam qhuav tsis ntev los no tsis muaj lub sijhawm zoo li no, ces qhov no yog qhov kev vam meej. Nyob rau tib lub sijhawm, kuv xav kom nco ntsoov tias ntau tus neeg muab kev pabcuam huab cua txawv tebchaws muaj cov haujlwm zoo sib xws "rau cov neeg pib tshiab" - saib cov cav nrog koj ob lub qhov muag los ntawm kev tswj vaj huam sib luag, lossis xa cov ntaub ntawv rau koj tus kheej (txawm li cas los xij, feem ntau upload cov ntaub ntawv hauv . csv format, tsis Excel).

Yog tias tsis xav txog qhov kev xaiv tsis-logs, cov chaw muab huab feem ntau muab koj peb txoj hauv kev los saib xyuas cov xwm txheej kev nyab xeeb - dashboards, cov ntaub ntawv upload thiab API nkag. Thawj zaug zoo li yuav daws tau ntau yam teeb meem rau koj, tab sis qhov no tsis yog tag nrho - yog tias koj muaj ob peb phau ntawv xov xwm, koj yuav tsum hloov ntawm cov ntxaij vab tshaus uas pom lawv, poob tag nrho cov duab. Tsis tas li ntawd, tus neeg muab kev pabcuam huab tsis zoo li yuav muab koj lub peev xwm los txheeb xyuas cov xwm txheej kev nyab xeeb thiab feem ntau txheeb xyuas lawv los ntawm kev saib xyuas kev nyab xeeb (feem ntau koj tab tom cuam tshuam nrog cov ntaub ntawv nyoos, uas koj yuav tsum nkag siab koj tus kheej). Muaj kev zam thiab peb yuav tham txog lawv ntxiv. Thaum kawg, nws tsim nyog nug seb cov xwm txheej twg raug kaw los ntawm koj tus neeg muab kev pabcuam huab, hauv hom twg, thiab lawv ua li cas rau koj cov txheej txheem saib xyuas kev ruaj ntseg? Piv txwv li, kev txheeb xyuas thiab authentication ntawm cov neeg siv thiab cov qhua. Tib lub Bitrix tso cai rau koj, raws li cov xwm txheej no, sau hnub thiab lub sijhawm ntawm qhov kev tshwm sim, lub npe ntawm tus neeg siv lossis cov qhua (yog tias koj muaj "Web Analytics" module), cov khoom nkag thiab lwm cov ntsiab lus raug rau lub vev xaib. . Tab sis cov tuam txhab cov ntaub ntawv kev ruaj ntseg cov kev pab cuam yuav xav tau cov ntaub ntawv hais txog seb tus neeg siv tau nkag mus rau huab los ntawm cov cuab yeej ntseeg siab (piv txwv li, hauv kev sib koom tes haujlwm no yog ua los ntawm Cisco ISE). Yuav ua li cas txog cov haujlwm yooj yim xws li geo-IP muaj nuj nqi, uas yuav pab txiav txim siab seb huab cua cov neeg siv nyiaj tau raug nyiag lawm? Thiab txawm tias tus muab huab muab rau koj, qhov no tsis txaus. Tib Cisco CloudLock tsis yog tsuas yog txheeb xyuas geolocation, tab sis siv tshuab kev kawm rau qhov no thiab tshuaj xyuas cov ntaub ntawv keeb kwm rau txhua tus neeg siv thiab saib xyuas ntau yam tsis zoo hauv kev txheeb xyuas thiab txheeb xyuas qhov tseeb. Tsuas yog MS Azure muaj kev ua haujlwm zoo sib xws (yog tias koj muaj qhov kev tso npe tsim nyog).

Muaj lwm qhov nyuaj - txij li rau ntau tus neeg muab kev pabcuam huab cov ntaub ntawv saib xyuas kev nyab xeeb yog lub ntsiab lus tshiab uas lawv nyuam qhuav pib daws nrog, lawv niaj hnub hloov qee yam hauv lawv cov kev daws teeb meem. Niaj hnub no lawv muaj ib tug version ntawm API, tag kis lwm, hnub tom qab tag kis peb. Koj kuj yuav tsum tau npaj rau qhov no. Tib yam muaj tseeb nrog kev ua haujlwm, uas yuav hloov pauv, uas yuav tsum tau coj mus rau hauv tus account hauv koj cov ntaub ntawv kev ruaj ntseg saib xyuas. Piv txwv li, Amazon thawj zaug muaj kev saib xyuas huab cua sib cais - AWS CloudTrail thiab AWS CloudWatch. Tom qab ntawd ib qho kev pabcuam cais rau kev saib xyuas cov xwm txheej kev nyab xeeb tshwm sim - AWS GuardDuty. Tom qab qee lub sijhawm, Amazon tau tshaj tawm cov kev tswj hwm tshiab, Amazon Security Hub, uas suav nrog kev txheeb xyuas cov ntaub ntawv tau txais los ntawm GuardDuty, Amazon Inspector, Amazon Macie thiab ntau lwm tus. Lwm qhov piv txwv yog Azure cav kev koom ua ke nrog SIEM - AzLog. Nws tau nquag siv los ntawm ntau tus neeg muag khoom SIEM, kom txog rau thaum xyoo 2018 Microsoft tshaj tawm qhov kev txiav tawm ntawm nws txoj kev txhim kho thiab kev txhawb nqa, uas tau ntsib ntau tus neeg siv khoom siv qhov teeb meem no (peb mam li tham txog yuav daws li cas tom qab).

Yog li ntawd, ua tib zoo saib xyuas txhua yam kev saib xyuas uas koj tus kws kho mob muab rau koj. Los yog cia siab rau cov neeg muab kev daws teeb meem sab nraud uas yuav ua tus neeg nruab nrab ntawm koj SOC thiab huab koj xav saib xyuas. Yog, nws yuav kim dua (txawm tias tsis yog ib txwm), tab sis koj yuav hloov tag nrho lub luag haujlwm mus rau lwm tus lub xub pwg nyom. Los yog tsis yog tag nrho?.. Cia peb nco qab lub tswv yim ntawm kev ruaj ntseg sib koom thiab nkag siab tias peb tsis tuaj yeem hloov pauv dab tsi - peb yuav tsum nkag siab ntawm nws tus kheej li cas cov neeg muab kev pabcuam huab sib txawv muab kev saib xyuas cov ntaub ntawv kev nyab xeeb ntawm koj cov ntaub ntawv, kev siv, tshuab virtual thiab lwm yam kev pabcuam. tuav hauv huab. Thiab peb mam li pib nrog dab tsi Amazon muab rau hauv ntu no.

Piv txwv li: Kev saib xyuas kev ruaj ntseg hauv IaaS raws li AWS

Yog, yog, kuv nkag siab tias Amazon tsis yog qhov piv txwv zoo tshaj vim qhov tseeb tias qhov no yog kev pabcuam Asmeskas thiab nws tuaj yeem raug thaiv los ntawm kev tawm tsam kev tawm tsam kev phem thiab kev tshaj tawm cov ntaub ntawv txwv tsis pub nyob hauv Russia. Tab sis nyob rau hauv qhov kev tshaj tawm no kuv tsuas yog xav qhia seb cov huab platforms txawv li cas hauv lawv cov ntaub ntawv kev ruaj ntseg saib xyuas kev muaj peev xwm thiab qhov koj yuav tsum tau them sai sai rau thaum hloov koj cov txheej txheem tseem ceeb rau huab los ntawm kev saib xyuas kev ruaj ntseg. Zoo, yog tias qee tus Lavxias teb sab developers ntawm huab daws kawm ib yam dab tsi pab tau rau lawv tus kheej, ces qhov ntawd yuav zoo heev.

Thawj qhov uas yuav hais tau yog tias Amazon tsis yog lub fortress uas tsis muaj zog. Ntau yam xwm txheej tsis tu ncua tshwm sim rau nws cov neeg siv khoom. Piv txwv li, cov npe, chaw nyob, hnub yug, thiab xov tooj ntawm 198 lab tus neeg pov npav raug nyiag los ntawm Deep Root Analytics. Israeli tuam txhab Nice Systems nyiag 14 lab cov ntaub ntawv ntawm Verizon cov neeg siv khoom. Txawm li cas los xij, AWS's built-in muaj peev xwm tso cai rau koj los txheeb xyuas ntau yam xwm txheej. Piv txwv li:

• Impact on infrastructure (DDoS)
• node compromise (hais kom txhaj tshuaj)
• account compromise thiab nkag mus tsis tau tso cai
• tsis raug configuration thiab vulnerabilities
• tsis ruaj ntseg interfaces thiab APIs.

Qhov tsis sib xws no yog vim qhov tseeb tias, raws li peb pom saum toj no, tus neeg siv khoom nws tus kheej yog lub luag haujlwm rau kev ruaj ntseg ntawm cov neeg siv khoom cov ntaub ntawv. Thiab yog tias nws tsis thab qhib cov txheej txheem tiv thaiv thiab tsis qhib cov cuab yeej saib xyuas, ces nws tsuas yog kawm txog qhov xwm txheej los ntawm kev tshaj xov xwm lossis los ntawm nws cov neeg siv khoom.

Txhawm rau txheeb xyuas qhov xwm txheej, koj tuaj yeem siv ntau yam kev saib xyuas sib txawv tsim los ntawm Amazon (txawm tias cov no feem ntau ua tiav los ntawm cov cuab yeej sab nraud xws li osquery). Yog li, hauv AWS, txhua tus neeg siv kev ua haujlwm raug saib xyuas, tsis hais seb lawv yuav ua li cas - los ntawm kev tswj hwm console, kab hais kom ua, SDK lossis lwm yam kev pabcuam AWS. Tag nrho cov ntaub ntawv teev tseg ntawm txhua tus account AWS cov haujlwm (xws li username, action, service, activity parameters, and result) thiab API kev siv muaj nyob hauv AWS CloudTrail. Koj tuaj yeem saib cov xwm txheej no (xws li AWS IAM console logins) los ntawm CloudTrail console, txheeb xyuas lawv siv Amazon Athena, lossis "outsource" rau cov kev daws teeb meem sab nraud xws li Splunk, AlienVault, thiab lwm yam. AWS CloudTrail logs lawv tus kheej tau muab tso rau hauv koj lub thoob AWS S3.

Ob qhov kev pabcuam AWS muab ntau yam kev saib xyuas tseem ceeb. Ua ntej, Amazon CloudWatch yog kev saib xyuas rau AWS cov peev txheej thiab cov ntawv thov uas, ntawm lwm yam, tso cai rau koj txheeb xyuas ntau yam tsis zoo hauv koj huab. Tag nrho cov kev pabcuam AWS built-in, xws li Amazon Elastic Compute Cloud (servers), Amazon Relational Database Service (databases), Amazon Elastic MapReduce (cov ntaub ntawv tsom xam), thiab 30 lwm yam kev pabcuam Amazon, siv Amazon CloudWatch khaws lawv cov cav. Cov neeg tsim tawm tuaj yeem siv API qhib los ntawm Amazon CloudWatch txhawm rau ntxiv kev soj ntsuam kev ua haujlwm rau cov ntawv thov kev cai thiab cov kev pabcuam, tso cai rau lawv nthuav dav ntawm kev txheeb xyuas cov xwm txheej hauv cov ntsiab lus kev nyab xeeb.

Qhov thib ob, qhov kev pabcuam VPC Flow Logs tso cai rau koj los txheeb xyuas cov tsheb khiav hauv lub network xa lossis tau txais los ntawm koj li AWS servers (sab nraud lossis sab hauv), nrog rau ntawm microservices. Thaum ib qho ntawm koj cov peev txheej AWS VPC cuam tshuam nrog lub network, VPC Flow Logs sau cov ntsiab lus hais txog kev khiav tsheb hauv lub network, suav nrog lub hauv paus thiab qhov chaw sib txuas network, nrog rau IP chaw nyob, chaw nres nkoj, raws tu qauv, tus lej ntawm bytes, thiab cov pob ntawv koj li. pom. Cov neeg uas tau ntsib nrog kev ruaj ntseg network hauv zos yuav pom qhov no ua piv txwv rau cov xov NetFlow, uas tuaj yeem tsim los ntawm cov keyboards, routers thiab enterprise-qib firewalls. Cov cav no yog qhov tseem ceeb rau kev saib xyuas kev ruaj ntseg cov ntaub ntawv vim hais tias, tsis zoo li cov xwm txheej hais txog kev ua ntawm cov neeg siv thiab cov ntawv thov, lawv kuj tso cai rau koj kom tsis txhob hnov ​​​​qab kev sib cuam tshuam hauv network hauv AWS virtual ntiag tug huab ib puag ncig.

Hauv cov ntsiab lus, peb cov kev pabcuam AWS-AWS CloudTrail, Amazon CloudWatch, thiab VPC Flow Logs-ua ke muab kev nkag siab zoo rau koj tus account siv, tus neeg siv tus cwj pwm, kev tswj hwm vaj tse, kev thov thiab kev pabcuam, thiab kev ua haujlwm hauv network. Piv txwv li, lawv tuaj yeem siv los txheeb xyuas cov kev tsis sib xws hauv qab no:

• Kev sim luam theej duab lub xaib, tshawb nrhiav qhov rov qab, tshawb nrhiav qhov tsis zoo los ntawm kev tawg ntawm "404 yuam kev".
• Txhaj tshuaj tiv thaiv (piv txwv li, SQL txhaj) los ntawm tawg ntawm "500 yuam kev".
• Paub cov cuab yeej tawm tsam yog sqlmap, nikto, w3af, nmap, thiab lwm yam. los ntawm kev txheeb xyuas ntawm Tus Neeg Siv Khoom siv teb.

Amazon Web Services kuj tau tsim lwm cov kev pabcuam rau cybersecurity lub hom phiaj uas tso cai rau koj los daws ntau yam teeb meem. Piv txwv li, AWS muaj cov kev pabcuam tsim rau kev tshuaj xyuas cov cai thiab kev teeb tsa - AWS Config. Qhov kev pabcuam no muab kev tshuaj xyuas tas li ntawm koj cov peev txheej AWS thiab lawv cov kev teeb tsa. Cia peb ua ib qho piv txwv yooj yim: Wb hais tias koj xav kom paub tseeb tias cov neeg siv cov passwords raug cuam tshuam rau tag nrho koj cov servers thiab qhov kev nkag tau tsuas yog ua tau raws li daim ntawv pov thawj. AWS Config ua rau nws yooj yim los xyuas qhov no rau tag nrho koj cov servers. Muaj lwm txoj cai uas tuaj yeem siv rau koj cov servers huab: "Tsis muaj server siv tau chaw nres nkoj 22", "Tsuas yog cov thawj coj tuaj yeem hloov cov cai ntawm firewall" lossis "Tsuas yog cov neeg siv Ivashko tuaj yeem tsim cov neeg siv nyiaj tshiab, thiab nws tuaj yeem ua tau tsuas yog hnub Tuesday xwb. " Nyob rau lub caij ntuj sov xyoo 2016, AWS Config kev pabcuam tau nthuav dav los ua kom paub tseeb txog kev ua txhaum cai ntawm cov cai tsim. AWS Config Rules yog qhov tseem ceeb txuas ntxiv kev thov rau Amazon cov kev pabcuam uas koj siv, uas tsim cov xwm txheej yog tias cov cai sib raug raug ua txhaum cai. Piv txwv li, tsis yog ib ntus khiav AWS Config cov lus nug los xyuas kom meej tias tag nrho cov disks ntawm lub server virtual raug encrypted, AWS Config Cov Cai tuaj yeem siv los txuas ntxiv xyuas cov server disks kom ntseeg tau tias cov xwm txheej no tau ua tiav. Thiab, qhov tseem ceeb tshaj plaws, hauv cov ntsiab lus ntawm qhov kev tshaj tawm no, txhua qhov kev ua txhaum cai tsim cov xwm txheej uas tuaj yeem txheeb xyuas los ntawm koj cov ntaub ntawv kev ruaj ntseg.

AWS kuj tseem muaj nws qhov sib npaug rau cov tuam txhab cov ntaub ntawv kev ruaj ntseg cov kev daws teeb meem, uas kuj tsim cov xwm txheej kev nyab xeeb uas koj tuaj yeem ua thiab yuav tsum txheeb xyuas:

• Intrusion Detection - AWS GuardDuty
• Information Leak Control - AWS Macie
• EDR (txawm hais tias nws hais txog cov ntsiab lus kawg hauv huab me ntsis txawv) - AWS Cloudwatch + qhib qhov chaw osquery lossis GRR cov kev daws teeb meem
• Netflow analysis - AWS Cloudwatch + AWS VPC Flow
• DNS analysis - AWS Cloudwatch + AWS Route53
• AD - AWS Directory Service
• Account Management - AWS IAM
• SSO - AWS SSO
• security analysis - AWS Inspector
• Configuration Management - AWS Config
• WAF - AWS WAF.

Kuv yuav tsis piav qhia meej txog txhua qhov kev pabcuam Amazon uas yuav muaj txiaj ntsig zoo hauv cov ntsiab lus ntawm kev ruaj ntseg cov ntaub ntawv. Qhov tseem ceeb tshaj plaws yog kom nkag siab tias txhua tus tuaj yeem tsim cov xwm txheej uas peb tuaj yeem ua thiab yuav tsum txheeb xyuas hauv cov ntsiab lus ntawm kev ruaj ntseg cov ntaub ntawv, siv rau lub hom phiaj no ob qho tib si tsim muaj peev xwm ntawm Amazon nws tus kheej thiab cov kev daws teeb meem sab nraud, piv txwv li, SIEM, uas tuaj yeem coj cov xwm txheej kev nyab xeeb rau koj qhov chaw saib xyuas thiab txheeb xyuas lawv nyob ntawd nrog rau cov xwm txheej los ntawm lwm cov kev pabcuam huab lossis los ntawm cov txheej txheem sab hauv, ib puag ncig lossis cov khoom siv txawb.

Txawm li cas los xij, nws tag nrho pib nrog cov ntaub ntawv qhov chaw uas muab cov ntaub ntawv kev nyab xeeb rau koj. Cov peev txheej no suav nrog, tab sis tsis txwv rau:

• CloudTrail - API Kev Siv thiab Cov Neeg Siv Ua Haujlwm
• Trusted Advisor - xyuas kev ruaj ntseg tiv thaiv kev coj ua zoo tshaj
• Config - cov khoom muag thiab teeb tsa ntawm cov nyiaj thiab kev pabcuam
• VPC Flow Logs - kev sib txuas rau virtual interfaces
• IAM - kev pabcuam kev txheeb xyuas thiab kev lees paub
• ELB Access Logs - Load Balancer
• Inspector - daim ntawv thov vulnerabilities
• S3 - cov ntaub ntawv khaws cia
• CloudWatch - Daim Ntawv Thov Kev Ua Haujlwm
• SNS yog qhov kev pabcuam ceeb toom.

Amazon, thaum muab ntau yam ntawm cov xwm txheej thiab cov cuab yeej rau lawv tiam, muaj kev txwv ntau hauv nws lub peev xwm los tshuaj xyuas cov ntaub ntawv khaws tseg hauv cov ntsiab lus ntawm kev ruaj ntseg cov ntaub ntawv. Koj yuav tau kawm ntawm nws tus kheej kawm cov ntaub ntawv muaj, nrhiav cov cim qhia txog kev sib haum xeeb hauv lawv. AWS Security Hub, uas Amazon nyuam qhuav pib, lub hom phiaj los daws qhov teeb meem no los ntawm kev ua huab SIEM rau AWS. Tab sis kom deb li deb nws tsuas yog thaum pib ntawm nws txoj kev taug kev thiab tsuas yog txwv ob qho tib si los ntawm cov xov tooj ntawm qhov chaw uas nws ua haujlwm thiab los ntawm lwm yam kev txwv tsim los ntawm architecture thiab subscriptions ntawm Amazon nws tus kheej.

Piv txwv li: Kev saib xyuas cov ntaub ntawv kev ruaj ntseg hauv IaaS raws li Azure

Kuv tsis xav nkag mus rau hauv kev sib cav ntev txog qhov twg ntawm peb lub chaw muab huab (Amazon, Microsoft lossis Google) zoo dua (tshwj xeeb tshaj yog vim lawv txhua tus tseem muaj nws tus kheej tshwj xeeb thiab tsim nyog rau kev daws nws cov teeb meem); Cia peb tsom mus rau cov ntaub ntawv kev nyab xeeb saib xyuas cov peev xwm uas cov players no muab. Nws yuav tsum raug lees paub tias Amazon AWS yog ib qho ntawm thawj zaug hauv ntu no thiab yog li ntawd tau nce siab tshaj plaws ntawm nws cov ntaub ntawv kev ruaj ntseg ua haujlwm (txawm tias ntau tus lees tias lawv nyuaj rau siv). Tab sis qhov no tsis txhais hais tias peb yuav tsis quav ntsej cov cib fim uas Microsoft thiab Google muab rau peb.

Microsoft cov khoom lag luam ib txwm muaj qhov txawv ntawm lawv "qhib" thiab hauv Azure qhov xwm txheej zoo sib xws. Piv txwv li, yog tias AWS thiab GCP ib txwm ua los ntawm lub tswv yim ntawm "qhov tsis tso cai yog txwv tsis pub," ces Azure muaj qhov sib txawv kiag li. Piv txwv li, thaum tsim ib lub network virtual hauv huab thiab lub tshuab virtual hauv nws, txhua qhov chaw nres nkoj thiab cov txheej txheem qhib thiab tso cai los ntawm lub neej ntawd. Yog li ntawd, koj yuav tau siv zog me ntsis ntxiv rau kev teeb tsa thawj zaug ntawm kev nkag mus rau hauv huab los ntawm Microsoft. Thiab qhov no tseem ua rau cov kev cai nruj dua rau koj ntawm kev saib xyuas kev ua haujlwm hauv huab Azure.

AWS muaj qhov tshwj xeeb cuam tshuam nrog qhov tseeb tias thaum koj saib xyuas koj cov peev txheej virtual, yog tias lawv nyob hauv thaj chaw sib txawv, tom qab ntawd koj muaj teeb meem hauv kev sib txuas tag nrho cov xwm txheej thiab lawv cov kev txheeb xyuas kev sib koom ua ke, tshem tawm qhov uas koj yuav tsum tau siv ntau yam kev dag, xws li Tsim koj tus kheej code rau AWS Lambda uas yuav thauj cov xwm txheej ntawm cheeb tsam. Azure tsis muaj qhov teeb meem no - nws cov Activity Log mechanism taug qab txhua txoj haujlwm thoob plaws lub koom haum yam tsis muaj kev txwv. Tib yam siv rau AWS Security Hub, uas nyuam qhuav tsim los ntawm Amazon los sib sau ua ke ntau yam kev ruaj ntseg hauv ib lub chaw ruaj ntseg, tab sis tsuas yog hauv nws cheeb tsam, uas, txawm li cas los xij, tsis cuam tshuam rau Russia. Azure muaj nws qhov chaw ruaj ntseg, uas tsis yog khi los ntawm kev txwv hauv cheeb tsam, muab kev nkag mus rau txhua qhov kev nyab xeeb ntawm huab platform. Ntxiv mus, rau cov pab pawg sib txawv hauv zos nws tuaj yeem muab nws tus kheej cov peev txheej tiv thaiv, suav nrog cov xwm txheej kev ruaj ntseg tswj hwm los ntawm lawv. AWS Security Hub tseem nyob ntawm nws txoj hauv kev los ua zoo ib yam li Azure Security Center. Tab sis nws tsim nyog ntxiv yoov hauv cov tshuaj pleev - koj tuaj yeem nyem tawm ntawm Azure ntau yam uas tau piav qhia yav dhau los hauv AWS, tab sis qhov no yooj yim tshaj plaws tsuas yog ua rau Azure AD, Azure Monitor thiab Azure Security Center. Tag nrho lwm yam kev ruaj ntseg ntawm Azure, suav nrog kev txheeb xyuas qhov xwm txheej kev nyab xeeb, tseem tsis tau tswj hwm txoj hauv kev yooj yim tshaj plaws. Qhov teeb meem yog ib feem daws tau los ntawm API, uas permeates tag nrho Microsoft Azure cov kev pabcuam, tab sis qhov no yuav tsum tau siv zog ntxiv los ntawm koj los ua ke koj cov huab nrog koj SOC thiab muaj cov kws tshaj lij uas tsim nyog (qhov tseeb, ib yam li lwm yam SIEM uas ua haujlwm nrog huab. APIs). Qee qhov SIEMs, uas yuav tau tham tom qab, twb txhawb Azure thiab tuaj yeem ua haujlwm ntawm kev saib xyuas nws, tab sis nws kuj muaj nws cov teeb meem - tsis yog txhua tus tuaj yeem sau tag nrho cov cav uas Azure muaj.

Kev sau thiab saib xyuas hauv Azure yog muab los ntawm kev pabcuam Azure Monitor, uas yog lub cuab yeej tseem ceeb rau kev sau, khaws cia thiab tshuaj xyuas cov ntaub ntawv hauv Microsoft huab thiab nws cov peev txheej - Git repositories, ntim, tshuab virtual, kev siv, thiab lwm yam. Tag nrho cov ntaub ntawv sau los ntawm Azure Monitor tau muab faib ua ob pawg - kev ntsuas, sau nyob rau hauv lub sijhawm tiag tiag thiab piav qhia txog kev ua haujlwm tseem ceeb ntawm Azure huab, thiab cov ntaub ntawv teev tseg, muaj cov ntaub ntawv khaws tseg rau hauv cov ntaub ntawv qhia txog qee yam ntawm cov haujlwm ntawm Azure cov peev txheej thiab cov kev pabcuam. Tsis tas li ntawd, siv cov ntaub ntawv sau API, cov kev pabcuam Azure Monitor tuaj yeem sau cov ntaub ntawv los ntawm txhua qhov REST los tsim nws tus kheej cov xwm txheej saib xyuas.

Nov yog ob peb qhov xwm txheej kev nyab xeeb uas Azure muab rau koj thiab koj tuaj yeem nkag mus tau los ntawm Azure Portal, CLI, PowerShell, lossis REST API (thiab qee qhov tsuas yog los ntawm Azure Monitor / Insight API):

• Cov Ntawv Teev Npe Ua Haujlwm - lub cav no teb cov lus nug classic ntawm "leej twg," "dab tsi," thiab "thaum" hais txog kev sau ntawv (PUT, POST, DELETE) ntawm huab huab. Cov xwm txheej cuam tshuam txog kev nkag mus nyeem (GET) tsis suav nrog hauv daim ntawv teev npe no, zoo li ntau lwm tus.
• Diagnostic Logs - muaj cov ntaub ntawv ntawm kev ua haujlwm nrog cov peev txheej tshwj xeeb suav nrog hauv koj qhov kev tso npe.
• Azure AD qhia - muaj ob qho tib si cov neeg siv kev ua haujlwm thiab cov haujlwm ua haujlwm cuam tshuam nrog pab pawg thiab cov neeg siv kev tswj hwm.
• Windows Event Log thiab Linux Syslog - muaj cov xwm txheej los ntawm cov tshuab virtual tuav hauv huab.
• Metrics - muaj telemetry txog kev ua haujlwm thiab kev noj qab haus huv ntawm koj cov kev pabcuam huab thiab cov peev txheej. Ntsuas txhua feeb thiab khaws cia. hauv 30 hnub.
• Network Security Group Flow Logs - muaj cov ntaub ntawv ntawm cov xwm txheej kev ruaj ntseg network sau los ntawm kev pabcuam Network Watcher thiab kev saib xyuas cov peev txheej ntawm qib network.
• Cov Ntawv Teev Tseg - muaj cov xwm txheej cuam tshuam txog kev nkag mus rau cov chaw cia khoom.

Rau kev saib xyuas, koj tuaj yeem siv SIEMs sab nraud lossis lub built-in Azure Monitor thiab nws txuas ntxiv. Peb mam li tham txog cov ntaub ntawv kev nyab xeeb kev tswj hwm cov txheej txheem tom qab, tab sis tam sim no cia peb pom dab tsi Azure nws tus kheej muab rau peb rau kev tshuaj xyuas cov ntaub ntawv hauv cov ntsiab lus ntawm kev ruaj ntseg. Lub vijtsam tseem ceeb rau txhua yam kev ruaj ntseg ntsig txog hauv Azure Monitor yog Log Analytics Security thiab Audit Dashboard (cov ntawv pub dawb txhawb nqa qhov txwv ntawm qhov xwm txheej cia rau ib lub lis piam). Lub dashboard no tau muab faib ua 5 qhov chaw tseem ceeb uas pom cov ntsiab lus txheeb cais ntawm qhov tshwm sim hauv huab ib puag ncig koj siv:

• Kev Ruaj Ntseg Domains - cov ntsuas qhov tseem ceeb muaj feem xyuam rau cov ntaub ntawv kev ruaj ntseg - tus naj npawb ntawm cov xwm txheej, tus naj npawb ntawm cov kev cuam tshuam, cov nodes tsis tau kho, cov xwm txheej kev ruaj ntseg network, thiab lwm yam.
• Cov teeb meem tseem ceeb - qhia txog tus lej thiab qhov tseem ceeb ntawm cov ntaub ntawv muaj kev ruaj ntseg teeb meem
• Kev kuaj pom - qhia cov qauv ntawm kev tawm tsam siv tawm tsam koj
• Threat Intelligence - nthuav qhia thaj chaw cov ntaub ntawv ntawm cov kab sab nraud uas tawm tsam koj
• Cov lus nug txog kev ruaj ntseg zoo ib yam - cov lus nug uas yuav pab koj saib xyuas koj cov ntaub ntawv kev ruaj ntseg zoo dua.

Azure Monitor txuas ntxiv suav nrog Azure Key Vault (kev tiv thaiv cov yuam sij cryptographic hauv huab), Kev Ntsuam Xyuas Malware (kev tshuaj xyuas kev tiv thaiv kev tiv thaiv tsis zoo ntawm cov tshuab virtual), Azure Application Gateway Analytics (kev tshuaj xyuas, ntawm lwm yam, huab firewall cav), thiab lwm yam. . Cov cuab yeej no, ntxiv rau qee cov cai rau kev ua cov txheej xwm, tso cai rau koj pom ntau yam ntawm kev ua haujlwm ntawm huab kev pabcuam, suav nrog kev ruaj ntseg, thiab txheeb xyuas qee qhov sib txawv ntawm kev ua haujlwm. Tab sis, raws li feem ntau tshwm sim, ib qho kev ua haujlwm ntxiv yuav tsum tau them nyiaj rau qhov sib xws, uas yuav xav tau kev nqis peev nyiaj txiag los ntawm koj, uas koj yuav tsum tau npaj ua ntej.

Azure muaj ntau lub peev xwm saib xyuas kev hem thawj uas tau koom ua ke hauv Azure AD, Azure Monitor, thiab Azure Security Center. Ntawm lawv, piv txwv li, nrhiav pom kev sib cuam tshuam ntawm cov tshuab virtual nrog cov paub tsis zoo IPs (vim muaj kev koom ua ke nrog Cov Kev Pabcuam Kev Txawj Ntse los ntawm Microsoft), nrhiav pom cov malware hauv huab tsim los ntawm kev txais lub tswb los ntawm cov tshuab virtual tuav hauv huab, lo lus zais. kwv yees kev tawm tsam "ntawm cov tshuab virtual, qhov tsis zoo hauv kev teeb tsa ntawm tus neeg siv kev txheeb xyuas qhov system, nkag mus rau hauv lub kaw lus los ntawm cov neeg tsis qhia npe lossis cov kab mob, cov nyiaj xau, nkag mus rau hauv lub kaw lus los ntawm qhov chaw txawv, thiab lwm yam. Azure hnub no yog ib qho ntawm ob peb lub chaw muab kev pabcuam huab uas muab koj lub peev xwm ua rau muaj peev xwm ua rau muaj kev cuam tshuam txog kev nyab xeeb.

Raws li tau hais los saum no, kev ua haujlwm ruaj ntseg thiab, vim li ntawd, cov xwm txheej kev nyab xeeb tsim los ntawm nws tsis muaj rau txhua tus neeg siv sib npaug, tab sis yuav tsum muaj qee qhov kev tso npe uas suav nrog kev ua haujlwm koj xav tau, uas tsim cov xwm txheej tsim nyog rau kev saib xyuas kev ruaj ntseg cov ntaub ntawv. Piv txwv li, qee qhov haujlwm tau piav qhia hauv kab lus dhau los rau kev saib xyuas qhov tsis zoo hauv cov nyiaj tsuas yog muaj nyob hauv daim ntawv tso cai P2 hwm rau Azure AD kev pabcuam. Yog tsis muaj nws, koj, raws li nyob rau hauv cov ntaub ntawv ntawm AWS, yuav tsum tau soj ntsuam cov txheej xwm kev ruaj ntseg sau "manually". Thiab, tseem, nyob ntawm hom Azure AD daim ntawv tso cai, tsis yog txhua qhov xwm txheej yuav muaj rau kev tshuaj xyuas.

Ntawm Azure portal, koj tuaj yeem tswj xyuas ob qho kev tshawb nrhiav cov ntaub ntawv xav tau rau koj thiab teeb tsa dashboards kom pom cov ntaub ntawv tseem ceeb ntawm kev ruaj ntseg ntsuas. Tsis tas li ntawd, nyob ntawd koj tuaj yeem xaiv Azure Monitor txuas ntxiv, uas tso cai rau koj nthuav dav kev ua haujlwm ntawm Azure Monitor cav thiab tau txais kev tshuaj xyuas tob dua ntawm cov xwm txheej los ntawm kev saib xyuas kev nyab xeeb.

Yog tias koj xav tau tsis yog tsuas yog muaj peev xwm ua haujlwm nrog cov cav, tab sis lub chaw ruaj ntseg zoo rau koj lub Azure huab platform, suav nrog cov ntaub ntawv kev tswj hwm kev nyab xeeb, ces koj tuaj yeem tham txog qhov yuav tsum tau ua haujlwm nrog Azure Security Center, feem ntau ntawm cov haujlwm muaj txiaj ntsig uas. muaj rau qee cov nyiaj, piv txwv li, kev hem thawj, kev saib xyuas sab nraud ntawm Azure, kev ntsuas kev ua raws cai, thiab lwm yam. (hauv qhov dawb version, koj tsuas yog nkag mus rau qhov kev ntsuam xyuas kev nyab xeeb thiab cov lus pom zoo kom tshem tawm cov teeb meem uas pom tau). Nws consolidates tag nrho cov teeb meem kev ruaj ntseg nyob rau hauv ib qho chaw. Qhov tseeb, peb tuaj yeem tham txog qib siab ntawm cov ntaub ntawv kev nyab xeeb dua li Azure Monitor muab rau koj, txij li qhov no cov ntaub ntawv khaws cia thoob plaws hauv koj lub Hoobkas huab tau txhawb nqa siv ntau qhov chaw, xws li Azure, Office 365, Microsoft CRM online, Microsoft Dynamics AX , outlook .com, MSN.com, Microsoft Digital Crimes Unit (DCU) thiab Microsoft Security Response Center (MSRC), uas muaj ntau yam kev kawm tshuab txawj ntse thiab kev coj cwj pwm analytics algorithms yog superimposed, uas thaum kawg yuav tsum txhim kho qhov kev ua tau zoo ntawm kev tshawb nrhiav thiab teb rau kev hem. .

Azure kuj muaj nws tus kheej SIEM - nws tau tshwm sim thaum pib ntawm 2019. Qhov no yog Azure Sentinel, uas tso siab rau cov ntaub ntawv los ntawm Azure Monitor thiab tuaj yeem koom nrog. cov kev daws teeb meem sab nraud (piv txwv li, NGFW lossis WAF), cov npe uas pheej loj tuaj. Tsis tas li ntawd, los ntawm kev sib koom ua ke ntawm Microsoft Graph Security API, koj muaj peev xwm txuas koj tus kheej threat Intelligence feeds rau Sentinel, uas txhawb nqa lub peev xwm los tshuaj xyuas qhov xwm txheej hauv koj huab Azure. Nws tuaj yeem sib cav tias Azure Sentinel yog thawj "haiv neeg" SIEM uas tshwm sim los ntawm cov chaw muab kev pabcuam huab (tib yam Splunk lossis ELK, uas tuaj yeem tuav hauv huab, piv txwv li, AWS, tseem tsis tau tsim los ntawm cov chaw muab kev pabcuam huab cua). Azure Sentinel thiab Security Center tuaj yeem raug hu ua SOC rau Azure huab thiab tuaj yeem txwv rau lawv (nrog qee qhov tshwj xeeb) yog tias koj tsis muaj kev tsim kho ntxiv lawm thiab koj tau pauv tag nrho koj cov peev txheej hauv huab thiab nws yuav yog Microsoft huab Azure.

Tab sis txij li thaum muaj peev xwm ua tau ntawm Azure (txawm tias koj muaj kev tso npe rau Sentinel) feem ntau tsis txaus rau lub hom phiaj ntawm kev saib xyuas cov ntaub ntawv kev ruaj ntseg thiab kev koom ua ke cov txheej txheem no nrog rau lwm qhov chaw ntawm kev ruaj ntseg xwm txheej (ob huab thiab sab hauv), muaj yuav tsum tau xa cov ntaub ntawv khaws tseg rau sab nraud, uas yuav suav nrog SIEM. Qhov no yog ua tiav ob qho tib si siv API thiab siv cov kev txuas tshwj xeeb, uas tam sim no tsuas yog muaj rau SIEMs hauv qab no - Splunk (Azure Monitor Add-On rau Splunk), IBM QRadar (Microsoft Azure DSM), SumoLogic, ArcSight thiab ELK. Txog thaum tsis ntev los no, muaj ntau yam SIEMs, tab sis txij lub Rau Hli 1, 2019, Microsoft tau tso tseg kev txhawb nqa Azure Log Integration Tool (AzLog), uas thaum kaj ntug ntawm lub neej ntawm Azure thiab nyob rau hauv qhov tsis muaj tus qauv kev ua haujlwm nrog cov cav (Azure Saib kuj tseem tsis tau muaj) ua kom yooj yim integrate sab nraud SIEM nrog Microsoft huab. Tam sim no qhov xwm txheej tau hloov pauv thiab Microsoft pom zoo rau Azure Event Hub platform ua lub ntsiab kev sib koom ua ke rau lwm yam SIEMs. Ntau tus twb tau ua raws li kev sib koom ua ke, tab sis ceev faj - lawv yuav tsis ntes tag nrho Azure cav, tab sis tsuas yog qee qhov (saib hauv cov ntaub ntawv rau koj SIEM).

Los xaus qhov kev mus ncig luv luv rau hauv Azure, Kuv xav muab cov lus qhia dav dav txog qhov kev pabcuam huab no - ua ntej koj hais dab tsi txog cov ntaub ntawv saib xyuas kev nyab xeeb hauv Azure, koj yuav tsum teeb tsa lawv ua tib zoo thiab sim tias lawv ua haujlwm raws li sau rau hauv cov ntaub ntawv thiab raws li cov kws pab tswv yim hais rau koj Microsoft (thiab lawv yuav muaj kev sib txawv ntawm kev ua haujlwm ntawm Azure functions). Yog tias koj muaj peev nyiaj txiag, koj tuaj yeem nyem tawm ntau cov ntaub ntawv tseem ceeb los ntawm Azure hais txog kev saib xyuas cov ntaub ntawv kev ruaj ntseg. Yog tias koj cov peev txheej raug txwv, ces, zoo li AWS, koj yuav tsum tso siab rau koj tus kheej lub zog thiab cov ntaub ntawv nyoos uas Azure Monitor muab rau koj. Thiab nco ntsoov tias ntau qhov kev saib xyuas ua haujlwm raug nqi nyiaj thiab nws yog qhov zoo dua los ua kom paub koj tus kheej nrog tus nqi txoj cai ua ntej. Piv txwv li, pub dawb koj tuaj yeem khaws 31 hnub ntawm cov ntaub ntawv mus txog qhov siab tshaj plaws ntawm 5 GB rau ib tus neeg siv khoom - ntau dua cov txiaj ntsig no yuav xav kom koj rho nyiaj ntxiv (kwv yees li $ 2 + rau khaws cia txhua GB ntxiv ntawm tus neeg siv khoom thiab $ 0,1 rau khaws cia 1 GB txhua hli ntxiv). Ua hauj lwm nrog daim ntawv thov telemetry thiab metrics kuj yuav xav tau nyiaj ntxiv, nrog rau kev ua haujlwm nrog kev ceeb toom thiab kev ceeb toom (ib qho kev txwv muaj pub dawb, uas yuav tsis txaus rau koj cov kev xav tau).

Piv txwv: Kev saib xyuas cov ntaub ntawv kev nyab xeeb hauv IaaS raws li Google Cloud Platform

Google Cloud Platform zoo li tus menyuam yaus piv rau AWS thiab Azure, tab sis qhov no yog ib feem zoo. Tsis zoo li AWS, uas nce nws lub peev xwm, suav nrog kev ruaj ntseg, maj mam, muaj teeb meem nrog kev sib koom ua ke; GCP, zoo li Azure, zoo dua tswj hwm hauv nruab nrab, uas txo cov kev ua yuam kev thiab kev siv sijhawm thoob plaws lub lag luam. Los ntawm kev pom kev ruaj ntseg, GCP yog, oddly txaus, nruab nrab ntawm AWS thiab Azure. Nws kuj muaj ib qho kev tshwm sim rau tag nrho lub koom haum, tab sis nws tsis tiav. Qee lub luag haujlwm tseem nyob hauv beta hom, tab sis maj mam qhov tsis txaus no yuav tsum raug tshem tawm thiab GCP yuav dhau los ua lub hauv paus loj dua ntawm kev saib xyuas cov ntaub ntawv kev ruaj ntseg.

Cov cuab yeej tseem ceeb rau kev kaw cov xwm txheej hauv GCP yog Stackdriver Logging (zoo ib yam li Azure Monitor), uas tso cai rau koj los sau cov xwm txheej thoob plaws koj cov huab hwm coj tag nrho (zoo li los ntawm AWS). Los ntawm kev pom kev ruaj ntseg hauv GCP, txhua lub koom haum, qhov project lossis folders muaj plaub lub cav:

• Admin Activity - muaj tag nrho cov xwm txheej ntsig txog kev nkag mus rau kev tswj hwm, piv txwv li, tsim lub tshuab virtual, hloov txoj cai nkag, thiab lwm yam. Daim ntawv teev npe no yeej ib txwm sau, tsis hais koj xav li cas, thiab khaws nws cov ntaub ntawv rau 400 hnub.
• Data Access - muaj tag nrho cov xwm txheej cuam tshuam nrog kev ua haujlwm nrog cov ntaub ntawv los ntawm cov neeg siv huab (tsim, hloov kho, nyeem ntawv, thiab lwm yam). Los ntawm lub neej ntawd, lub cav no tsis yog sau, vim nws ntim tau nrawm heev. Vim li no, nws lub txee lub neej tsuas yog 30 hnub xwb. Tsis tas li ntawd, tsis yog txhua yam sau rau hauv phau ntawv no. Piv txwv li, cov xwm txheej cuam tshuam txog cov peev txheej uas tuaj yeem siv tau rau pej xeem rau txhua tus neeg siv lossis cov uas siv tau yam tsis tau nkag mus rau GCP tsis tau sau rau nws.
• Cov Txheej Txheem Txheej Txheem - muaj cov txheej xwm txheej txheem tsis cuam tshuam rau cov neeg siv, lossis kev ua haujlwm ntawm tus thawj coj uas hloov pauv kev teeb tsa ntawm huab huab. Nws yog ib txwm sau thiab khaws cia rau 400 hnub.
• Access Transparency yog ib qho piv txwv tshwj xeeb ntawm lub cav uas ntes txhua qhov kev ua ntawm Google cov neeg ua haujlwm (tab sis tseem tsis tau muaj rau txhua qhov kev pabcuam GCP) uas nkag mus rau koj cov kev tsim kho vaj tsev ua ib feem ntawm lawv txoj haujlwm. Cov cav no tau khaws cia rau 400 hnub thiab tsis muaj rau txhua tus neeg siv GCP, tab sis tsuas yog yog tias muaj ntau tus neeg mob tau ntsib (txawm tias kub lossis Platinum kev txhawb nqa qib, lossis muaj 4 lub luag haujlwm ntawm qee yam uas yog ib feem ntawm kev txhawb nqa lag luam). Ib qho haujlwm zoo sib xws kuj muaj, piv txwv li, hauv Office 365 - Lockbox.

Log piv txwv: Access Transparency

{
 insertId:  "abcdefg12345"
 jsonPayload: {
  @type:  "type.googleapis.com/google.cloud.audit.TransparencyLog"
  location: {
   principalOfficeCountry:  "US"
   principalEmployingEntity:  "Google LLC"
   principalPhysicalLocationCountry:  "CA"
  }
  product: [
   0:  "Cloud Storage"
  ]
  reason: [
    detail:  "Case number: bar123"
    type:  "CUSTOMER_INITIATED_SUPPORT"
  ]
  accesses: [
   0: {
    methodName: "GoogleInternal.Read"
    resourceName: "//googleapis.com/storage/buckets/[BUCKET_NAME]/objects/foo123"
    }
  ]
 }
 logName:  "projects/[PROJECT_NAME]/logs/cloudaudit.googleapis.com%2Faccess_transparency"
 operation: {
  id:  "12345xyz"
 }
 receiveTimestamp:  "2017-12-18T16:06:37.400577736Z"
 resource: {
  labels: {
   project_id:  "1234567890"
  }
  type:  "project"
 }
 severity:  "NOTICE"
 timestamp:  "2017-12-18T16:06:24.660001Z"
}

Kev nkag mus rau cov cav no muaj peev xwm ua tau ntau txoj hauv kev (ntau yam tib yam li yav dhau los tham Azure thiab AWS) - los ntawm Log Viewer interface, los ntawm API, los ntawm Google Cloud SDK, lossis los ntawm nplooj ntawv Kev Ua Haujlwm ntawm koj qhov project uas koj txaus siab rau cov xwm txheej. Nyob rau hauv tib txoj kev, lawv tuaj yeem raug xa tawm mus rau cov kev daws teeb meem sab nraud rau kev tshuaj xyuas ntxiv. Cov tom kawg yog ua tiav los ntawm kev xa cov cav mus rau BigQuery lossis Cloud Pub / Sub cia.

Ntxiv rau Stackdriver Logging, GCP platform kuj muaj kev ua haujlwm ntawm Stackdriver Monitoring, uas tso cai rau koj los saib xyuas cov kev ntsuas tseem ceeb (kev ua tau zoo, MTBF, kev noj qab haus huv tag nrho, thiab lwm yam) ntawm huab kev pabcuam thiab kev siv. Cov ntaub ntawv ua tiav thiab pom pom tuaj yeem ua rau nws yooj yim dua los nrhiav cov teeb meem hauv koj qhov chaw huab cua, suav nrog hauv cov ntsiab lus ntawm kev ruaj ntseg. Tab sis nws yuav tsum raug sau tseg tias qhov kev ua haujlwm no yuav tsis nplua nuj nyob rau hauv cov ntsiab lus ntawm kev ruaj ntseg cov ntaub ntawv, txij li niaj hnub no GCP tsis muaj qhov sib piv ntawm tib AWS GuardDuty thiab tsis tuaj yeem txheeb xyuas qhov tsis zoo ntawm txhua qhov xwm txheej sau npe (Google tau tsim Kev Tshawb Fawb Txog Kev Nyab Xeeb, tab sis nws tseem tab tom txhim kho hauv beta thiab nws ntxov dhau los tham txog nws qhov txiaj ntsig). Stackdriver Monitoring tuaj yeem siv los ua ib qho kev kuaj xyuas qhov tsis txaus ntseeg, uas yuav raug tshawb xyuas kom pom qhov ua rau lawv tshwm sim. Tab sis vim tias tsis muaj cov neeg ua haujlwm tsim nyog hauv thaj tsam ntawm GCP cov ntaub ntawv kev ruaj ntseg hauv kev ua lag luam, txoj haujlwm tam sim no zoo li nyuaj.

Nws kuj tseem tsim nyog muab cov npe ntawm qee cov ntaub ntawv kev ruaj ntseg modules uas tuaj yeem siv hauv koj cov huab GCP, thiab uas zoo ib yam li AWS muaj:

• Cloud Security Command Center yog ib qho piv txwv ntawm AWS Security Hub thiab Azure Security Center.
• Huab DLP - Tsis siv neeg tshawb pom thiab kho (xws li npog) ntawm cov ntaub ntawv tuav hauv huab siv ntau dua 90 txoj cai kev faib ua ntej.
• Huab Scanner yog lub tshuab luam theej rau qhov tsis zoo (XSS, Flash Txhaj, tsis muaj cov tsev qiv ntawv, thiab lwm yam) hauv App Engine, Compute Engine thiab Google Kubernetes.
• Huab IAM - Tswj kev nkag mus rau tag nrho cov peev txheej GCP.
• Cloud Identity - Tswj GCP cov neeg siv, ntaus ntawv thiab daim ntawv thov nyiaj los ntawm ib lub console.
• Huab HSM - tiv thaiv cov yuam sij cryptographic.
• Cloud Key Management Service - kev tswj cov yuam sij cryptographic hauv GCP.
• VPC Kev Pabcuam Tswjhwm - Tsim kom muaj kev ruaj ntseg ib puag ncig koj GCP cov peev txheej los tiv thaiv lawv los ntawm kev xau.
• Titan Security Key - tiv thaiv phishing.

Ntau ntawm cov qauv no tsim cov txheej xwm kev ruaj ntseg uas tuaj yeem xa mus rau BigQuery cia rau kev tshuaj xyuas lossis xa tawm mus rau lwm lub tshuab, suav nrog SIEM. Raws li tau hais los saum toj no, GCP yog lub platform nquag tsim thiab tam sim no Google tab tom tsim ntau cov ntaub ntawv kev ruaj ntseg tshiab rau nws lub platform. Ntawm lawv yog Event Threat Detection (tam sim no muaj nyob rau hauv beta), uas scans Stackdriver cav hauv kev tshawb nrhiav cov cim ntawm kev ua haujlwm tsis raug tso cai (analogous rau GuardDuty hauv AWS), lossis Txoj Cai Kev Txawj Ntse (muaj nyob hauv alpha), uas yuav tso cai rau koj los tsim cov cai ntse rau nkag mus rau GCP cov peev txheej.

Kuv tau ua ib qho luv luv ntawm lub peev xwm saib xyuas hauv cov huab nrov platforms. Tab sis koj puas muaj cov kws tshaj lij uas muaj peev xwm ua haujlwm nrog "raws" IaaS cov chaw muab kev pabcuam (tsis yog txhua tus tau npaj los yuav cov peev txheej siab tshaj ntawm AWS lossis Azure lossis Google)? Tsis tas li ntawd, ntau tus paub txog cov lus hais tias "kev ntseeg siab, tab sis tshawb xyuas," uas yog qhov tseeb dua li puas tau nyob rau hauv kev ruaj ntseg. Koj ntseeg ntau npaum li cas lub peev xwm ua tau los ntawm cov neeg muab kev pabcuam huab uas xa cov ntaub ntawv kev nyab xeeb rau koj? Lawv tsom mus rau kev ruaj ntseg ntawm cov ntaub ntawv ntau npaum li cas?

Qee lub sij hawm nws tsim nyog saib overlay cloud infrastructure saib xyuas cov kev daws teeb meem uas tuaj yeem ua tiav kev ruaj ntseg hauv huab, thiab qee zaum cov kev daws teeb meem no tsuas yog kev xaiv kom nkag siab txog kev ruaj ntseg ntawm koj cov ntaub ntawv thiab cov ntawv thov hauv huab. Tsis tas li ntawd, lawv yooj yim dua, txij li lawv ua txhua yam haujlwm ntawm kev tshuaj xyuas cov cav tsim nyog tsim los ntawm cov kev pabcuam huab sib txawv los ntawm cov chaw muab huab sib txawv. Ib qho piv txwv ntawm cov kev daws teeb meem zoo li no yog Cisco Stealthwatch Huab, uas tau tsom mus rau ib txoj haujlwm - saib xyuas cov ntaub ntawv kev ruaj ntseg tsis zoo hauv huab ib puag ncig, suav nrog tsis yog Amazon AWS, Microsoft Azure thiab Google Cloud Platform, tab sis kuj tseem huab huab.

Piv txwv li: Kev Saib Xyuas Kev Ruaj Ntseg Cov Ntaub Ntawv Siv Stealthwatch Huab

AWS muab lub platform hloov tau yooj yim, tab sis qhov hloov pauv no ua rau nws yooj yim dua rau cov tuam txhab ua yuam kev uas ua rau muaj teeb meem kev nyab xeeb. Thiab cov ntaub ntawv qhia txog kev ruaj ntseg qauv tsuas yog pab txhawb rau qhov no. Khiav software hauv huab nrog qhov tsis paub txog qhov tsis zoo (cov neeg paub txog tuaj yeem sib ntaus sib tua, piv txwv li, los ntawm AWS Inspector lossis GCP Cloud Scanner), cov password tsis muaj zog, kev teeb tsa tsis raug, cov neeg sab hauv, thiab lwm yam. Thiab tag nrho cov no tau tshwm sim hauv kev coj tus cwj pwm ntawm huab kev pab cuam, uas tuaj yeem saib xyuas los ntawm Cisco Stealthwatch Cloud, uas yog cov ntaub ntawv saib xyuas kev nyab xeeb thiab kev tawm tsam kev tawm tsam. pej xeem thiab ntiag tug huab.

Ib qho ntawm cov yam ntxwv tseem ceeb ntawm Cisco Stealthwatch Huab yog lub peev xwm los ua qauv rau cov koom haum. Nrog nws, koj tuaj yeem tsim cov qauv software (uas yog, qhov ze-lub sijhawm simulation) ntawm txhua qhov ntawm koj cov peev txheej huab (nws tsis muaj teeb meem txawm tias nws yog AWS, Azure, GCP, lossis lwm yam). Cov no tuaj yeem suav nrog cov servers thiab cov neeg siv, nrog rau cov peev txheej tshwj xeeb rau koj qhov chaw huab cua, xws li pab pawg kev nyab xeeb thiab pab pawg pib ntsuas. Cov qauv no siv cov txheej txheem cov ntaub ntawv ntws los ntawm cov kev pabcuam huab raws li kev nkag. Piv txwv li, rau AWS cov no yuav yog VPC Flow Logs, AWS CloudTrail, AWS CloudWatch, AWS Config, AWS Inspector, AWS Lambda, thiab AWS IAM. Qhov chaw ua qauv cia li pom lub luag haujlwm thiab tus cwj pwm ntawm ib qho ntawm koj cov peev txheej (koj tuaj yeem tham txog profileing txhua qhov haujlwm huab). Cov luag haujlwm no suav nrog Android lossis Apple lub xov tooj ntawm tes, Citrix PVS server, RDP server, mail gateway, VoIP tus thov kev pabcuam, davhlau ya nyob twg server, tus tswj hwm sau npe, thiab lwm yam. Nws mam li saib xyuas lawv tus cwj pwm tsis tu ncua los txiav txim siab thaum muaj kev pheej hmoo lossis kev nyab xeeb-kev coj tus cwj pwm tshwm sim. Koj tuaj yeem txheeb xyuas tus password twv, DDoS tawm tsam, cov ntaub ntawv xau, kev nkag mus rau cov chaw taws teeb tsis raug cai, cov haujlwm tsis zoo, kev kuaj xyuas qhov tsis zoo thiab lwm yam kev hem thawj. Piv txwv li, qhov no yog qhov nrhiav tau qhov kev sim nkag mus rau tej thaj chaw deb los ntawm lub teb chaws atypical rau koj lub koom haum (South Kauslim) mus rau Kubernetes pawg ntawm SSH zoo li:

Thiab qhov no yog qhov kev iab liam ntawm cov ntaub ntawv los ntawm Postgress database rau lub teb chaws uas peb tsis tau ntsib yav dhau los zoo li:

Thaum kawg, qhov no yog qhov ua tsis tau zoo SSH ntau dhau los ntawm Tuam Tshoj thiab Indonesia los ntawm cov khoom siv sab nraud zoo li:

Los yog, xav tias tus neeg rau zaub mov piv txwv hauv VPC yog, los ntawm txoj cai, tsis txhob ua qhov chaw nkag mus rau thaj chaw deb. Cia peb xav ntxiv tias lub khoos phis tawj no tau ntsib qhov chaw taws teeb nkag vim tias muaj kev hloov pauv yuam kev hauv txoj cai firewall. Lub Koom Haum Modeling feature yuav ntes thiab tshaj tawm cov haujlwm no ("Unusual Remote Access") nyob ze ntawm lub sijhawm tiag tiag thiab taw rau qhov tshwj xeeb AWS CloudTrail, Azure Monitor, lossis GCP Stackdriver Logging API hu (xws li username, hnub tim thiab lub sijhawm, ntawm lwm cov ntsiab lus ). uas tau ua kom hloov pauv rau txoj cai ITU. Thiab tom qab ntawd cov ntaub ntawv no tuaj yeem xa mus rau SIEM rau kev tshuaj xyuas.

Cov peev xwm zoo sib xws yog siv rau txhua qhov chaw huab cua txhawb nqa los ntawm Cisco Stealthwatch huab:

Qhov chaw qauv yog ib daim ntawv tshwj xeeb ntawm kev ruaj ntseg automation uas tuaj yeem nthuav tawm qhov teeb meem yav dhau los tsis paub nrog koj cov neeg, txheej txheem lossis thev naus laus zis. Piv txwv li, nws tso cai rau koj mus ntes, ntawm lwm yam, teeb meem kev ruaj ntseg xws li:

• Puas muaj ib tus neeg nrhiav pom qhov backdoor hauv software peb siv?
• Puas muaj lwm yam software lossis khoom siv hauv peb huab?
• Puas yog tus neeg siv tau tso cai ua txhaum cai?
• Puas muaj qhov teeb meem yuam kev uas tso cai rau kev nkag mus rau tej thaj chaw deb lossis lwm yam kev siv cov peev txheej uas tsis xav tau?
• Puas muaj cov ntaub ntawv xau los ntawm peb cov servers?
• Puas yog ib tug neeg sim txuas rau peb los ntawm qhov chaw nyob atypical?
• Puas yog peb huab kis kab mob phem?

Kev kuaj pom cov ntaub ntawv kev ruaj ntseg tuaj yeem xa tuaj rau hauv daim ntawv ntawm daim pib sib raug rau Slack, Cisco Spark, PagerDuty kev tswj qhov xwm txheej, thiab tseem xa mus rau ntau yam SIEMs, suav nrog Splunk lossis ELK. Txhawm rau ua kom tiav, peb tuaj yeem hais tias yog tias koj lub tuam txhab siv ntau lub tswv yim huab thiab tsis txwv rau ib tus neeg muab kev pabcuam huab, cov ntaub ntawv kev nyab xeeb saib xyuas muaj peev xwm tau piav qhia saum toj no, tom qab ntawd siv Cisco Stealthwatch Cloud yog qhov kev xaiv zoo kom tau txais kev sib koom ua ke ntawm kev saib xyuas. muaj peev xwm rau cov huab players - Amazon, Microsoft thiab Google. Qhov nthuav tshaj plaws yog tias yog tias koj sib piv cov nqi rau Stealthwatch Cloud nrog cov ntawv tso cai siab heev rau kev saib xyuas cov ntaub ntawv kev ruaj ntseg hauv AWS, Azure lossis GCP, nws yuav tig tawm tias Cisco cov tshuaj yuav pheej yig dua li cov peev txheej tsim ntawm Amazon, Microsoft. thiab Google cov kev daws teeb meem. Nws yog paradoxical, tab sis nws muaj tseeb. Thiab qhov ntau huab thiab lawv lub peev xwm koj siv, qhov pom tseeb dua qhov zoo ntawm kev sib sau ua ke yuav yog.

Tsis tas li ntawd, Stealthwatch Huab tuaj yeem saib xyuas cov huab ntiag tug xa mus rau hauv koj lub koom haum, piv txwv li, raws li Kubernetes ntim lossis los ntawm kev saib xyuas Netflow ntws lossis network tsheb tau txais los ntawm kev tsom iav hauv cov khoom siv network (txawm tias tsim tawm hauv tsev), AD cov ntaub ntawv lossis DNS servers thiab lwm yam. Tag nrho cov ntaub ntawv no yuav ua kom muaj txiaj ntsig zoo nrog cov ntaub ntawv hem kev txawj ntse sau los ntawm Cisco Talos, lub ntiaj teb cov pab pawg tsis yog tsoomfwv loj tshaj plaws ntawm cybersecurity hem cov kws tshawb fawb.

Qhov no tso cai rau koj los siv cov kev soj ntsuam sib koom ua ke rau ob qho tib si pej xeem thiab huab cua sib xyaw uas koj lub tuam txhab siv tau. Cov ntaub ntawv khaws cia tuaj yeem raug txheeb xyuas siv Stealthwatch Cloud lub peev xwm ua tau los yog xa mus rau koj lub SIEM (Splunk, ELK, SumoLogic thiab ntau lwm tus tau txais kev txhawb nqa los ntawm lub neej ntawd).

Nrog rau qhov no, peb yuav ua kom tiav thawj ntu ntawm tsab xov xwm, uas kuv tau tshuaj xyuas cov cuab yeej built-in thiab sab nraud rau kev saib xyuas cov ntaub ntawv kev ruaj ntseg ntawm IaaS / PaaS platforms, uas tso cai rau peb tshawb xyuas sai thiab teb rau cov xwm txheej tshwm sim hauv huab ib puag ncig. peb lub tuam txhab tau xaiv. Hauv ntu thib ob, peb yuav txuas ntxiv cov ncauj lus thiab saib cov kev xaiv rau kev saib xyuas SaaS platforms siv cov piv txwv ntawm Salesforce thiab Dropbox, thiab peb tseem yuav sim ua kom tiav thiab muab txhua yam ua ke los ntawm kev tsim cov ntaub ntawv kev ruaj ntseg saib xyuas kev sib koom ua ke rau cov chaw muab kev pabcuam huab sib txawv.

Tau qhov twg los: www.hab.com