ããŒã¿ãšã¢ããªã±ãŒã·ã§ã³ãã¯ã©ãŠãã«ç§»åããããšã¯ãä»äººã®ã€ã³ãã©ã¹ãã©ã¯ãã£ãåžžã«ç£èŠããæºåãã§ããŠããããã§ã¯ãªãäŒæ¥ SOC ã«ãšã£ãŠæ°ããªèª²é¡ãšãªããŸãã Netoskope ã«ãããšãå¹³åçãªäŒæ¥ (ç±³åœãšã¿ããã) 㯠1246 ã®ç°ãªãã¯ã©ãŠã ãµãŒãã¹ã䜿çšããŠããããã㯠22 幎åãã 1246% å¢å ããŠããŸãã 175 ã®ã¯ã©ãŠã ãµãŒãã¹!!! ãã®ãã¡ 170 件ã¯äººäºãµãŒãã¹é¢é£ã110 件ã¯ããŒã±ãã£ã³ã°é¢é£ã76 件ã¯ã³ãã¥ãã±ãŒã·ã§ã³åéã700 件ã¯è²¡åãš CRM ã«é¢é£ããŠããŸãã ã·ã¹ã³ã¯ XNUMX ã®å€éšã¯ã©ãŠã ãµãŒãã¹ãã®ã¿ãã䜿çšããŠããŸãã ãããã£ãŠããã®æ°åã«ã¯å°ãæ··ä¹±ããŠããŸãã ãããããããã«ãããåé¡ã¯äŒæ¥åŽã«ããã®ã§ã¯ãªããã¯ã©ãŠã ã€ã³ãã©ã¹ãã©ã¯ãã£ãèªç€Ÿã®ãããã¯ãŒã¯ãšåãããã«ç£èŠã§ããæ©èœãåããããšèããäŒæ¥ãå¢å ããŠãããã¯ã©ãŠããéåžžã«ç©æ¥µçã«äœ¿çšããå§ããŠãããšããäºå®ã«ãããŸãã ãããŠãã®åŸåã¯ãŸããŸãé«ãŸã£ãŠããŸã - ã«ãããš
ããªãã®äŒç€Ÿãã€ã³ãã©ã¹ãã©ã¯ãã£ã®äžéšãã¯ã©ãŠãã«ç§»è¡ãããšããŸã...ãããŠãã ããã ãã®æ¹æ³ã§ã¯ãããŸããã ã€ã³ãã©ã¹ãã©ã¯ãã£ã移転ãããŠããŠããããã©ã®ããã«ç£èŠãããã«ã€ããŠèããŠããã ãã§ã¯ããã§ã«è² ããŠããŸãã AmazonãGoogleããŸã㯠Microsoft (ãã ãäºçŽå¶) ã§ãªãéããããŒã¿ãã¢ããªã±ãŒã·ã§ã³ãç£èŠããæ©èœã¯ããããããŸããããŸããã ãã°ãæ±ãæ©äŒãäžãããããšè¯ãã§ãããã ã»ãã¥ãªã㣠ã€ãã³ã ããŒã¿ãå©çšå¯èœãªå ŽåããããŸãããã¢ã¯ã»ã¹ããããšã¯ã§ããŸããã ããšãã°ãOffice 365 ã§ããæãå®äŸ¡ãª E1 ã©ã€ã»ã³ã¹ãææããŠããå Žåãã»ãã¥ãªã㣠ã€ãã³ãã¯ãŸã£ããå©çšã§ããŸããã E3 ã©ã€ã»ã³ã¹ãæã£ãŠããå ŽåãããŒã¿ã¯ 90 æ¥éã®ã¿ä¿åãããE5 ã©ã€ã»ã³ã¹ãæã£ãŠããå Žåã«éãããã°ã®æé㯠3 幎éå©çšã§ããŸã (ãã ããããã«ã¯ãåå¥ã«ãã°ãä¿åããå¿
èŠæ§ã«é¢é£ããç¬èªã®ãã¥ã¢ã³ã¹ããããŸã)ãã°ãæäœããããã®å€ãã®æ©èœã Microsoft ãµããŒãã«ãªã¯ãšã¹ãããŠãã ãã)ã ã¡ãªã¿ã«ãE5ã©ã€ã»ã³ã¹ã¯æ³äººåãExchangeã«æ¯ã¹ãŠç£èŠæ©èœãããªã匱ãã§ãã åãã¬ãã«ãéæããã«ã¯ãEXNUMX ã©ã€ã»ã³ã¹ãŸãã¯è¿œå ã® Advanced Compliance ã©ã€ã»ã³ã¹ãå¿
èŠã§ããããã«ã¯ãã¯ã©ãŠã ã€ã³ãã©ã¹ãã©ã¯ãã£ãžã®ç§»è¡ã®ããã®è²¡åã¢ãã«ã«èæ
®ãããŠããªãè¿œå ã®è²»çšãå¿
èŠã«ãªãå ŽåããããŸãã ããã¯ãã¯ã©ãŠãæ
å ±ã»ãã¥ãªãã£ã®ç£èŠã«é¢é£ããåé¡ãéå°è©äŸ¡ãããŠããäžäŸã«ãããŸããã ãã®èšäºã§ã¯ãå®å
šã§ãããµããããããšãªããã»ãã¥ãªãã£ã®èŠ³ç¹ããã¯ã©ãŠããããã€ããŒãéžæããéã«èæ
®ãã¹ãããã€ãã®ãã¥ã¢ã³ã¹ã«æ³šæãæããããšæããŸãã ãŸããèšäºã®æåŸã«ã¯ãã¯ã©ãŠãæ
å ±ã»ãã¥ãªãã£ã®ç£èŠã®åé¡ã解決ããããšèããåã«å®äºãã䟡å€ã®ãããã§ãã¯ãªã¹ãã瀺ãããŠããŸãã
ã¯ã©ãŠãç°å¢ã§ã¯ã€ã³ã·ãã³ãã«ã€ãªããå žåçãªåé¡ãããã€ããããæ å ±ã»ãã¥ãªã㣠ãµãŒãã¹ã察å¿ããæéããªããããŸã£ããèªèã§ããŸããã
- ã»ãã¥ãªãã£ãã°ã¯ååšããŸããã ããã¯ãç¹ã«ã¯ã©ãŠã ãœãªã¥ãŒã·ã§ã³åžå Žã®åå¿è ã®éã§ããèŠãããç¶æ³ã§ãã ããããããã«ããããè«ŠããŠã¯ãããŸããã å°èŠæš¡äŒæ¥ãç¹ã«åœå äŒæ¥ã¯é¡§å®¢ã®èŠä»¶ã«ææã§ãããæ¿èªããã補åã®ããŒãããããå€æŽããããšã§ãå¿ èŠãªæ©èœã®äžéšãè¿ éã«å®è£ ã§ããŸãã ã¯ãããã㯠Amazon ã® GuardDuty ã Bitrix ã®ãProactive Protectionãã¢ãžã¥ãŒã«ã®é¡äŒŒåã§ã¯ãããŸããããå°ãªããšãäœãã§ãã
- æ å ±ã»ãã¥ãªãã£æ åœè ã¯ããã°ãã©ãã«ä¿åãããŠãããããŸãã¯ãã°ã«ã¢ã¯ã»ã¹ã§ããªãããç¥ããŸããã ããã§ã¯ãã¯ã©ãŠããµãŒãã¹ãããã€ããŒãšã®äº€æžãéå§ããå¿ èŠããããŸãããããããã¯ã©ã€ã¢ã³ãã圌ã«ãšã£ãŠéèŠã§ãããšèããã°ãã¯ã©ãŠããµãŒãã¹ãããã€ããŒã¯ãã®ãããªæ å ±ãæäŸããã§ãããã ãããäžè¬ã«ããã°ãžã®ã¢ã¯ã»ã¹ããç¹å¥ãªæ±ºå®ã«ãã£ãŠãæäŸãããå ŽåãããŸãè¯ããšã¯èšããŸããã
- ã¯ã©ãŠã ãããã€ããŒããã°ãæã£ãŠããããšããããŸãããæäŸãããç£èŠãšã€ãã³ãã®èšé²ã¯éå®çã§ããããã¹ãŠã®ã€ã³ã·ãã³ããæ€åºããã«ã¯ååã§ã¯ãããŸããã ããšãã°ããµã€ãäžã®å€æŽã®ãã°ããŠãŒã¶ãŒèªèšŒè©Šè¡ã®ãã°ã®ã¿ãåä¿¡ã§ããŸããããããã¯ãŒã¯ ãã©ãã£ãã¯ãªã©ã®ä»ã®ã€ãã³ãã¯åä¿¡ã§ããŸãããããã«ãããã¯ã©ãŠã ã€ã³ãã©ã¹ãã©ã¯ãã£ã®ãããã³ã°ã®è©Šã¿ãç¹åŸŽä»ããã€ãã³ãã®ã¬ã€ã€ãŒå šäœãé èœãããŸãã ã
- ãã°ã¯ååšããŸããããã°ãžã®ã¢ã¯ã»ã¹ãèªååããã®ã¯é£ããããããã°ãç¶ç¶çã«ç£èŠããã®ã§ã¯ãªããã¹ã±ãžã¥ãŒã«ã«åŸã£ãŠç£èŠããå¿ èŠããããŸãã ãŸãããã°ãèªåçã«ããŠã³ããŒãã§ããªãå Žåã(å€ãã®åœå ã¯ã©ãŠã ãœãªã¥ãŒã·ã§ã³ ãããã€ããŒãšåæ§ã«) Excel 圢åŒã§ãã°ãããŠã³ããŒããããšãäŒæ¥ã®æ å ±ã»ãã¥ãªã㣠ãµãŒãã¹åŽããã°ããããããšã«æµæãæããå¯èœæ§ãããããŸãã
- ãã°ç£èŠã¯ãããŸããã ããã¯ãããããã¯ã©ãŠãç°å¢ã§æ å ±ã»ãã¥ãªã㣠ã€ã³ã·ãã³ããçºçããæãäžæçãªçç±ã§ãã ãã°ã¯ååšããããã§ããã°ãžã®ã¢ã¯ã»ã¹ãèªååããããšãå¯èœã§ããã誰ããããããŸããã ãªãïŒ
å ±æã¯ã©ãŠãã»ãã¥ãªãã£ã®æŠå¿µ
ã¯ã©ãŠããžã®ç§»è¡ã¯åžžã«ãã€ã³ãã©ã¹ãã©ã¯ãã£ã®å¶åŸ¡ãç¶æããããšãã欲æ±ãšãã€ã³ãã©ã¹ãã©ã¯ãã£ã®ä¿å®ãå°éãšããã¯ã©ãŠã ãããã€ããŒã®ããå°éçãªæã«ã€ã³ãã©ã¹ãã©ã¯ãã£ã移管ããããšãšã®éã®ãã©ã³ã¹ã暡玢ããããšã«ãªããŸãã ã¯ã©ãŠã ã»ãã¥ãªãã£ã®åéã§ãããã®ãã©ã³ã¹ãè¿œæ±ããå¿ èŠããããŸãã ããã«ã䜿çšãããã¯ã©ãŠã ãµãŒãã¹ã®æäŸã¢ãã« (IaaSãPaaSãSaaS) ã«å¿ããŠããã®ãã©ã³ã¹ã¯åžžã«ç°ãªããŸãã ãããã«ãããä»æ¥ã®ãã¹ãŠã®ã¯ã©ãŠã ãããã€ããŒã¯ããããã責任ã®å ±æãšæ å ±ã»ãã¥ãªãã£ã®å ±æã¢ãã«ã«åŸã£ãŠããããšãèŠããŠããå¿ èŠããããŸãã ã¯ã©ãŠãã¯ããã€ãã®ããšã«å¯ŸããŠè²¬ä»»ãè² ããŸããããã®ä»ã®ããšã«ã€ããŠã¯ã¯ã©ã€ã¢ã³ãã責任ãè² ããããŒã¿ãã¢ããªã±ãŒã·ã§ã³ãä»®æ³ãã·ã³ããã®ä»ã®ãªãœãŒã¹ãã¯ã©ãŠãã«é 眮ããŸãã ã¯ã©ãŠãã«ç§»è¡ããããšã§ããã¹ãŠã®è²¬ä»»ããããã€ããŒã«ç§»ããããšæåŸ ããã®ã¯ç¡è¬ã§ãã ããããã¯ã©ãŠãã«ç§»è¡ãããšãã«ãã¹ãŠã®ã»ãã¥ãªãã£ãèªåã§æ§ç¯ããã®ãè³¢æã§ã¯ãããŸããã ãã©ã³ã¹ãå¿ èŠã§ãããããã¯æ¬¡ã®ãããªå€ãã®èŠå ã«ãã£ãŠç°ãªããŸãã - ãªã¹ã¯ç®¡çæŠç¥ãè åšã¢ãã«ãã¯ã©ãŠã ãããã€ããŒãå©çšã§ããã»ãã¥ãªã㣠ã¡ã«ããºã ãæ³åŸãªã©ã
ããšãã°ãã¯ã©ãŠãã§ãã¹ããããŠããããŒã¿ã®åé¡ã¯åžžã«ã客æ§ã®è²¬ä»»ãšãªããŸãã ã¯ã©ãŠã ãããã€ããŒãå€éšãµãŒãã¹ ãããã€ããŒã¯ãã¯ã©ãŠãå
ã®ããŒã¿ã«ããŒã¯ãä»ããããéåãç¹å®ããããæ³åŸã«éåããããŒã¿ãåé€ããããäœããã®æ¹æ³ã§ããŒã¿ããã¹ã¯ãããããã®ã«åœ¹ç«ã€ããŒã«ãæäŸããããšããã§ããŸããã äžæ¹ãç©ççãªã»ãã¥ãªãã£ã¯åžžã«ã¯ã©ãŠã ãããã€ããŒã®è²¬ä»»ã§ãããã¯ã©ã€ã¢ã³ããšå
±æããããšã¯ã§ããŸããã ããããããŒã¿ãšç©çã€ã³ãã©ã¹ãã©ã¯ãã£ã®éã«ãããã¹ãŠã®ãã®ãããããã®èšäºã®è°è«ã®äž»é¡ã§ãã ããšãã°ãã¯ã©ãŠãã®å¯çšæ§ã¯ãããã€ããŒã®è²¬ä»»ã§ããããã¡ã€ã¢ãŠã©ãŒã« ã«ãŒã«ã®èšå®ãæå·åã®æå¹åã¯ã¯ã©ã€ã¢ã³ãã®è²¬ä»»ã§ãã ãã®èšäºã§ã¯ãçŸåšãã·ã¢ã§äººæ°ã®ããããŸããŸãªã¯ã©ãŠã ãããã€ããŒã«ãã£ãŠã©ã®ãããªæ
å ±ã»ãã¥ãªãã£ç£èŠã¡ã«ããºã ãæäŸãããŠãããããã®äœ¿çšã®ç¹åŸŽã¯äœãããŸããå€éšãªãŒããŒã¬ã€ ãœãªã¥ãŒã·ã§ã³ (Cisco E- mail Security) ã¯ããµã€ããŒã»ãã¥ãªãã£ã®èŠ³ç¹ããã¯ã©ãŠãã®æ©èœãæ¡åŒµããŸãã å Žåã«ãã£ãŠã¯ãç¹ã«ãã«ãã¯ã©ãŠãæŠç¥ã«åŸã£ãŠããå Žåã¯ãè€æ°ã®ã¯ã©ãŠãç°å¢ã§å€éšã®æ
å ±ã»ãã¥ãªãã£ç£èŠãœãªã¥ãŒã·ã§ã³ãåæã«äœ¿çšãããããããŸããïŒCisco CloudLock ã Cisco Stealthwatch Cloud ãªã©ïŒã å Žåã«ãã£ãŠã¯ãéžæãã (ãŸãã¯æŒãä»ãã) ã¯ã©ãŠã ãããã€ããŒãæ
å ±ã»ãã¥ãªãã£ç£èŠæ©èœããŸã£ããæäŸããŠããªãããšã«æ°ã¥ãå ŽåããããŸãã ããã¯äžå¿«ãªããšã§ããããã®ã¯ã©ãŠãã®äœ¿çšã«äŒŽããªã¹ã¯ã®ã¬ãã«ãé©åã«è©äŸ¡ã§ãããããå°ãªãããäžå¿«ãªããšã§ããããŸãã
ã¯ã©ãŠãã»ãã¥ãªãã£ç£èŠã®ã©ã€ããµã€ã¯ã«
䜿çšããŠããã¯ã©ãŠãã®ã»ãã¥ãªãã£ãç£èŠããã«ã¯ã次㮠XNUMX ã€ã®ãªãã·ã§ã³ãããããŸããã
- ã¯ã©ãŠã ãããã€ããŒãæäŸããããŒã«ã«äŸåãã
- 䜿çšãã IaaSãPaaSããŸã㯠SaaS ãã©ãããã©ãŒã ãç£èŠãããµãŒãããŒãã£ã®ãœãªã¥ãŒã·ã§ã³ã䜿çšãã
- ç¬èªã®ã¯ã©ãŠãç£èŠã€ã³ãã©ã¹ãã©ã¯ãã£ãæ§ç¯ããŸã (IaaS/PaaS ãã©ãããã©ãŒã ã®ã¿)ã
ãããã®ãªãã·ã§ã³ã®ããããã«ã©ã®ãããªæ©èœãããããèŠãŠã¿ãŸãããã ãã ãããŸããã¯ã©ãŠã ãã©ãããã©ãŒã ãç£èŠãããšãã«äœ¿çšãããäžè¬çãªãã¬ãŒã ã¯ãŒã¯ãç解ããå¿ èŠããããŸãã ã¯ã©ãŠãã«ãããæ å ±ã»ãã¥ãªãã£ç£èŠããã»ã¹ã® 6 ã€ã®äž»èŠã³ã³ããŒãã³ããåãäžããŸãã
- ã€ã³ãã©ã®æºåã æ å ±ã»ãã¥ãªãã£ã«ãšã£ãŠéèŠãªã€ãã³ããã¹ãã¬ãŒãžã«åéããããã«å¿ èŠãªã¢ããªã±ãŒã·ã§ã³ãšã€ã³ãã©ã¹ãã©ã¯ãã£ã決å®ããŸãã
- ã³ã¬ã¯ã·ã§ã³ã ãã®æ®µéã§ã¯ãã»ãã¥ãªã㣠ã€ãã³ããããŸããŸãªãœãŒã¹ããéçŽããããã®åŸã®åŠçãä¿åãåæã®ããã«éä¿¡ãããŸãã
- åŠçã ãã®æ®µéã§ã¯ããã®åŸã®åæã容æã«ããããã«ããŒã¿ãå€æããã³åŒ·åãããŸãã
- ã¹ãã¬ãŒãžã ãã®ã³ã³ããŒãã³ãã¯ãåéãããåŠçæžã¿ããŒã¿ãšçããŒã¿ã®çæããã³é·æã®ä¿ç®¡ãæ åœããŸãã
- åæã ãã®æ®µéã§ã¯ãã€ã³ã·ãã³ããæ€åºããèªåãŸãã¯æåã§å¯Ÿå¿ããããšãã§ããŸãã
- å ±åã ãã®æ®µéã¯ããããã€ããŒã®å€æŽãæ å ±ã»ãã¥ãªãã£ã®åŒ·åãªã©ãç¹å®ã®ææ決å®ãè¡ãéã«åœ¹ç«ã€ãå©å®³é¢ä¿è (çµå¶é£ãç£æ»äººãã¯ã©ãŠã ãããã€ããŒãã¯ã©ã€ã¢ã³ããªã©) åãã®éèŠãªææšãçå®ããã®ã«åœ¹ç«ã¡ãŸãã
ãããã®ã³ã³ããŒãã³ããç解ããããšã§ãå°æ¥çã«ãããã€ããŒããäœãå©çšã§ãããããŸãèªåèªèº«ãŸãã¯å€éšã³ã³ãµã«ã¿ã³ãã®ååãåŸãŠäœãè¡ãå¿ èŠãããããè¿ éã«æ±ºå®ã§ããããã«ãªããŸãã
çµã¿èŸŒã¿ã®ã¯ã©ãŠããµãŒãã¹
çŸåšã®å€ãã®ã¯ã©ãŠã ãµãŒãã¹ã¯æ å ±ã»ãã¥ãªãã£ç£èŠæ©èœãæäŸããŠããªãããšã¯ãã§ã«äžã§æžããŸããã äžè¬ã«ã圌ãã¯æ å ±ã»ãã¥ãªãã£ã®è©±é¡ã«ããŸã泚æãæã£ãŠããŸããã ããšãã°ãã€ã³ã¿ãŒãããçµç±ã§æ¿åºæ©é¢ã«ã¬ããŒããéä¿¡ããããã®ãã·ã¢ã§äººæ°ã®ãããµãŒãã¹ã® XNUMX 〠(ååã¯ç¹ã«èšåããŸãã)ã ãã®ãµãŒãã¹ã®ã»ãã¥ãªãã£ã«é¢ããã»ã¯ã·ã§ã³å šäœã¯ãèªå®ããã CIPF ã®äœ¿çšãäžå¿ã«å±éãããŸãã å¥ã®åœå é»åææžç®¡çã¯ã©ãŠããµãŒãã¹ã®æ å ±ã»ãã¥ãªãã£éšéãåæ§ã ã å ¬éããŒèšŒææžãèªå®æå·åãWeb è匱æ§ã®æé€ãDDoS æ»æããã®ä¿è·ããã¡ã€ã¢ãŠã©ãŒã«ã®äœ¿çšãããã¯ã¢ãããããã«ã¯å®æçãªæ å ±ã»ãã¥ãªãã£ç£æ»ã«ã€ããŠã説æãããŠããŸãã ããããç£èŠã«ã€ããŠã¯äžèšã觊ããããŠãããããã®ãµãŒãã¹ ãããã€ããŒã®é¡§å®¢ãé¢å¿ãæã€å¯èœæ§ã®ããæ å ±ã»ãã¥ãªã㣠ã€ãã³ãã«ã¢ã¯ã»ã¹ã§ããå¯èœæ§ã«ã€ããŠãèšåãããŠããŸããã
äžè¬ã«ãã¯ã©ãŠã ãããã€ããŒã Web ãµã€ããããã¥ã¡ã³ãã§æ å ±ã»ãã¥ãªãã£ã®åé¡ã«ã€ããŠã©ã®ããã«èª¬æããŠããããèŠãã°ããã®åé¡ãã©ãã»ã©çå£ã«åãæ¢ããŠããããããããŸãã ããšãã°ããMy Officeã補åã®ããã¥ã¢ã«ãèªããšãã»ãã¥ãªãã£ã«ã€ããŠã¯ãŸã£ãã觊ããããŠããŸããããå¥ã®è£œåã§ãããMy Officeãã®ããã¥ã¢ã«ã«ã¯ã»ãã¥ãªãã£ã«é¢ããèšè¿°ããããŸããã KS3ãã¯ãäžæ£ã¢ã¯ã»ã¹ããä¿è·ããããã«èšèšãããŠããããMy Office.KS17ããå®è£ ãã FSTEC ã® 3 次ã®ãã€ã³ãã®éåžžã®ãªã¹ãããããŸããããããã©ã®ããã«å®è£ ãããããããŠæãéèŠãªæ¹æ³ã«ã€ããŠã¯èª¬æãããŠããŸããããããã®ã¡ã«ããºã ãäŒæ¥ã®æ å ±ã»ãã¥ãªãã£ãšçµ±åããŸãã ãããããã®ãããªããã¥ã¡ã³ãã¯ååšããŸããããããªã㯠ãã¡ã€ã³ã®ãMy OfficeãWeb ãµã€ãã«ã¯èŠã€ãããŸããã§ããã ããããããç§ããã®æ©å¯æ å ±ã«ã¢ã¯ã»ã¹ã§ããªãã ããããããŸããã?...
Bitrix ã«ãšã£ãŠãç¶æ³ã¯ã¯ããã«è¯ããªããŸãã ãã®ããã¥ã¡ã³ãã§ã¯ãã€ãã³ã ãã°ã®åœ¢åŒãšãèå³æ·±ãããšã«ãã¯ã©ãŠã ãã©ãããã©ãŒã ã«å¯Ÿããæœåšçãªè
åšã«é¢é£ããã€ãã³ããå«ãŸãã䟵å
¥ãã°ã«ã€ããŠèª¬æããŠããŸãã ãããããIPããŠãŒã¶ãŒãŸãã¯ã²ã¹ãåãã€ãã³ã ãœãŒã¹ãæéããŠãŒã¶ãŒ ãšãŒãžã§ã³ããã€ãã³ã ã¿ã€ããªã©ãåŒãåºãããšãã§ããŸãã 確ãã«ãã¯ã©ãŠãèªäœã®ã³ã³ãããŒã« ããã«ãããããã®ã€ãã³ããæäœããããšããMS Excel 圢åŒã§ããŒã¿ãã¢ããããŒãããããšãã§ããŸãã Bitrix ãã°ã䜿çšããäœæ¥ãèªååããããšã¯çŸåšå°é£ã§ãããäžéšã®äœæ¥ (ã¬ããŒãã®ã¢ããããŒããš SIEM ãžã®ããŒã) ãæåã§è¡ãå¿
èŠããããŸãã ããããæ¯èŒçæè¿ãŸã§ãã®ãããªæ©äŒã¯ååšããªãã£ãããšãæãåºãã°ãããã¯å€§ããªé²æ©ã§ãã åæã«ãå€ãã®å€åœã®ã¯ã©ãŠããããã€ããŒããåå¿è
åããã®åæ§ã®æ©èœãæäŸããŠããããšã«ã泚æããŠãã ãããã³ã³ãããŒã«ããã«ãããã°ãç®ã§èŠãããããŒã¿ãèªåã«ã¢ããããŒããããã®ããããã§ãïŒãã ããã»ãšãã©ã®å ŽåãããŒã¿ã¯. Excelã§ã¯ãªãcsv圢åŒïŒã
ãã°ãªããªãã·ã§ã³ãèæ
®ããã«ãã¯ã©ãŠã ãããã€ããŒã¯éåžžãã»ãã¥ãªã㣠ã€ãã³ããç£èŠããããã® XNUMX ã€ã®ãªãã·ã§ã³ (ããã·ã¥ããŒããããŒã¿ ã¢ããããŒããAPI ã¢ã¯ã»ã¹) ãæäŸããŸãã æåã®æ¹æ³ã¯å€ãã®åé¡ã解決ããããã«èŠããŸãããããã¯å®å
šã«çå®ã§ã¯ãããŸãããéèªãè€æ°ããå Žåãéèªã衚瀺ããç»é¢ãåãæ¿ããå¿
èŠããããå
šäœåãèŠããªããªããŸãã ããã«ãã¯ã©ãŠã ãããã€ããŒã¯ãã»ãã¥ãªã㣠ã€ãã³ããé¢é£ä»ããããäžè¬ã«ã»ãã¥ãªãã£ã®èŠ³ç¹ããåæãããããæ©èœãæäŸããŠããªãå¯èœæ§ããããŸã (éåžžãçããŒã¿ãæ±ãã®ã§ããããèªåã§ç解ããå¿
èŠããããŸã)ã äŸå€ããããŸãã®ã§ãããã«ã€ããŠã¯åŸã§èª¬æããŸãã æåŸã«ãã¯ã©ãŠã ãããã€ããŒã«ãã£ãŠã©ã®ãããªã€ãã³ããã©ã®ãããªåœ¢åŒã§èšé²ãããæ
å ±ã»ãã¥ãªãã£ç£èŠããã»ã¹ã«ã©ã®ããã«å¯Ÿå¿ããŠããããå°ãã䟡å€ããããŸãã ããšãã°ããŠãŒã¶ãŒãšã²ã¹ãã®èå¥ãšèªèšŒã§ãã åã Bitrix ã䜿çšãããšããããã®ã€ãã³ãã«åºã¥ããŠãã€ãã³ãã®æ¥æããŠãŒã¶ãŒãŸãã¯ã²ã¹ãã®åå (ãWeb Analyticsãã¢ãžã¥ãŒã«ãããå Žå)ãã¢ã¯ã»ã¹ããããªããžã§ã¯ããããã³ Web ãµã€ãã«å
žåçãªãã®ä»ã®èŠçŽ ãèšé²ã§ããŸãã ã ãã ããäŒæ¥ã®æ
å ±ã»ãã¥ãªã㣠ãµãŒãã¹ã§ã¯ããŠãŒã¶ãä¿¡é Œã§ããããã€ã¹ããã¯ã©ãŠãã«ã¢ã¯ã»ã¹ãããã©ããã«é¢ããæ
å ±ãå¿
èŠã«ãªãå ŽåããããŸãïŒããšãã°ãäŒæ¥ãããã¯ãŒã¯ã§ã¯ããã®ã¿ã¹ã¯ã¯ Cisco ISE ã«ãã£ãŠå®è£
ãããŸãïŒã ã¯ã©ãŠã ãµãŒãã¹ã®ãŠãŒã¶ãŒ ã¢ã«ãŠã³ããçãŸãããã©ãããå€æããã®ã«åœ¹ç«ã€ geo-IP æ©èœã®ãããªåçŽãªã¿ã¹ã¯ã«ã€ããŠã¯ã©ãã§ãããã? ããšãã¯ã©ãŠããããã€ããŒããããæäŸãããšããŠããããã ãã§ã¯ååã§ã¯ãããŸããã åã Cisco CloudLock ã¯å°çäœçœ®æ
å ±ãåæããã ãã§ãªããããã«æ©æ¢°åŠç¿ã䜿çšããåãŠãŒã¶ãŒã®å±¥æŽããŒã¿ãåæããèå¥ãšèªèšŒã®è©Šè¡ã«ãããããŸããŸãªç°åžžãç£èŠããŸãã åæ§ã®æ©èœãåããŠããã®ã¯ MS Azure ã ãã§ã (é©åãªãµãã¹ã¯ãªãã·ã§ã³ãæã£ãŠããå Žå)ã
ãã 2018 ã€ã®åé¡ããããŸããå€ãã®ã¯ã©ãŠã ãããã€ããŒã«ãšã£ãŠãæ
å ±ã»ãã¥ãªãã£ã®ç£èŠã¯åãçµã¿å§ããã°ããã®æ°ãããããã¯ã§ããããããœãªã¥ãŒã·ã§ã³ã®äœããåžžã«å€æŽããŠããŸãã ä»æ¥ã¯ API ã® XNUMX ã€ã®ããŒãžã§ã³ããããææ¥ã¯å¥ã®ããŒãžã§ã³ãæåŸæ¥ã¯ XNUMX çªç®ã®ããŒãžã§ã³ã«ãªããŸãã ããã«å¯Ÿããæºåãå¿
èŠã§ãã æ©èœã«ã€ããŠãåæ§ã§ãããå€æŽãããå¯èœæ§ããããããæ
å ±ã»ãã¥ãªãã£ç£èŠã·ã¹ãã ã§èæ
®ããå¿
èŠããããŸãã ããšãã°ãAmazon ã¯åœåãAWS CloudTrail ãš AWS CloudWatch ãšããåå¥ã®ã¯ã©ãŠã ã€ãã³ãç£èŠãµãŒãã¹ãæã£ãŠããŸããã ãã®åŸãæ
å ±ã»ãã¥ãªã㣠ã€ãã³ããç£èŠããããã®å¥ã®ãµãŒãã¹ãAWS GuardDuty ãç»å ŽããŸããã ãã°ããããŠãAmazon ã¯æ°ãã管çã·ã¹ãã ã§ãã Amazon Security Hub ãç«ã¡äžããŸãããããã«ã¯ãGuardDutyãAmazon InspectorãAmazon Macie ãªã©ããåãåã£ãããŒã¿ã®åæãå«ãŸããŠããŸãã ãã XNUMX ã€ã®äŸã¯ãSIEM ãšã® Azure ãã°çµ±åããŒã« - AzLog ã§ãã ãã®ããŒã«ã¯ãXNUMX 幎㫠Microsoft ãéçºãšãµããŒãã®çµäºãçºè¡šãããŸã§ãå€ãã® SIEM ãã³ããŒã«ãã£ãŠç©æ¥µçã«äœ¿çšãããŠããŸããããã®ããããã®ããŒã«ã䜿çšããŠããå€ãã®ã¯ã©ã€ã¢ã³ãã¯åé¡ã«çŽé¢ããŸãã (åé¡ãã©ã®ããã«è§£æ±ºããããã«ã€ããŠã¯åŸã§èª¬æããŸã)ã
ãããã£ãŠãã¯ã©ãŠã ãããã€ããŒãæäŸãããã¹ãŠã®ç£èŠæ©èœã泚ææ·±ãç£èŠããŠãã ããã ãŸãã¯ãSOC ãšç£èŠå¯Ÿè±¡ã®ã¯ã©ãŠãã®éã®ä»²ä»è ãšããŠæ©èœããå€éšãœãªã¥ãŒã·ã§ã³ ãããã€ããŒã«äŸåããŸãã ã¯ããè²»çšã¯é«ããªããŸãã (åžžã«ã§ã¯ãããŸããã)ããã¹ãŠã®è²¬ä»»ãä»äººã®è©ã«æŒãä»ããããšã«ãªããŸãã ãããšããã¹ãŠã§ã¯ãããŸããã?. å ±æã»ãã¥ãªãã£ã®æŠå¿µãæãåºããäœãå€æŽã§ããªãããšãç解ããŸããããããŸããŸãªã¯ã©ãŠã ãããã€ããŒãããŒã¿ãã¢ããªã±ãŒã·ã§ã³ãä»®æ³ãã·ã³ããã®ä»ã®ãªãœãŒã¹ã®æ å ±ã»ãã¥ãªãã£ã®ç£èŠãã©ã®ããã«æäŸããŠããããåå¥ã«ç解ããå¿ èŠããããŸããã¯ã©ãŠãã§ãã¹ããããŸãã ãã®ããŒãã§ã¯ãAmazon ãæäŸãããã®ããå§ããŸãã
äŸïŒAWSãããŒã¹ãšããIaaSã«ãããæ å ±ã»ãã¥ãªãã£ç£èŠ
ã¯ããã¯ããAmazon ãæè¯ã®äŸã§ã¯ãªãããšã¯ç解ããŠããŸããããã¯ã¢ã¡ãªã«ã®ãµãŒãã¹ã§ãããéæ¿äž»çŸ©ãšã®æŠãããã·ã¢ã§çŠæ¢ãããŠããæ å ±ã®æ¡æ£ã®äžç°ãšããŠãããã¯ãããå¯èœæ§ãããããã§ãã ãã ãããã®åºçç©ã§ã¯ãããŸããŸãªã¯ã©ãŠã ãã©ãããã©ãŒã ã®æ å ±ã»ãã¥ãªãã£ç£èŠæ©èœãã©ã®ããã«ç°ãªãã®ãããŸããã»ãã¥ãªãã£ã®èŠ³ç¹ããäž»èŠãªããã»ã¹ãã¯ã©ãŠãã«è»¢éããéã«äœã«æ³šæãã¹ããªã®ãã説æããããšæããŸãã ããã§ããããã·ã¢ã®ã¯ã©ãŠã ãœãªã¥ãŒã·ã§ã³éçºè ã®äžã«ãèªåã«ãšã£ãŠåœ¹ç«ã€ããšãåŠã¹ãã°ãããã¯çŽ æŽãããããšã§ãã
ãŸãæåã«èšã£ãŠããããã®ã¯ãã¢ããŸã³ã¯é£æ»äžèœã®èŠå¡ã§ã¯ãªããšããããšã§ãã 圌ã®äŸé Œäººã«ã¯å®æçã«æ§ã
ãªäºä»¶ãèµ·ããã ããšãã°ã198 å 14 äžäººã®ææš©è
ã®ååãäœæãç幎ææ¥ãé»è©±çªå·ã Deep Root Analytics ããçãŸããŸããã ã€ã¹ã©ãšã«ã®äŒæ¥ Nice Systems ã¯ãVerizon å å
¥è
ã® XNUMX äžä»¶ã®èšé²ãçã¿ãŸããã ãã ããAWS ã®çµã¿èŸŒã¿æ©èœã䜿çšãããšãå¹
åºãã€ã³ã·ãã³ããæ€åºã§ããŸãã äŸãã°ïŒ
- ã€ã³ãã©ã¹ãã©ã¯ãã£ãžã®åœ±é¿ (DDoS)
- ããŒã䟵害 (ã³ãã³ãã€ã³ãžã§ã¯ã·ã§ã³)
- ã¢ã«ãŠã³ã䟵害ãšäžæ£ã¢ã¯ã»ã¹
- äžé©åãªæ§æãšè匱æ§
- å®å šã§ãªãã€ã³ã¿ãŒãã§ã€ã¹ãš APIã
ãã®ççŸã¯ãäžèšã§å€æããããã«ã顧客ããŒã¿ã®ã»ãã¥ãªãã£ã«ã€ããŠã¯é¡§å®¢èªèº«ã責任ãè² ã£ãŠãããšããäºå®ã«ãããã®ã§ãã ãããŠããã圌ãä¿è·ã¡ã«ããºã ãããããæå¹ã«ãããç£èŠããŒã«ãæå¹ã«ããªãã£ãå Žåã圌ã¯ãã®äºä»¶ã«ã€ããŠã¡ãã£ã¢ã顧客ããã®ã¿ç¥ãããšã«ãªãã§ãããã
ã€ã³ã·ãã³ããç¹å®ããã«ã¯ãAmazon ãéçºããããŸããŸãªç£èŠãµãŒãã¹ãå¹ åºã䜿çšã§ããŸã (ãã ããããã㯠osquery ãªã©ã®å€éšããŒã«ã«ãã£ãŠè£å®ãããããšããããããŸã)ã ãã®ãããAWS ã§ã¯ã管çã³ã³ãœãŒã«ãã³ãã³ãã©ã€ã³ãSDKããŸãã¯ãã®ä»ã® AWS ãµãŒãã¹ãéããŠå®è¡ãããæ¹æ³ã«é¢ä¿ãªãããã¹ãŠã®ãŠãŒã¶ãŒã¢ã¯ã·ã§ã³ãç£èŠãããŸãã å AWS ã¢ã«ãŠã³ãã®ã¢ã¯ãã£ãã㣠(ãŠãŒã¶ãŒåãã¢ã¯ã·ã§ã³ããµãŒãã¹ãã¢ã¯ãã£ããã£ãã©ã¡ãŒã¿ãçµæãå«ã) ãš API ã®äœ¿çšç¶æ³ã®ãã¹ãŠã®èšé²ã¯ãAWS CloudTrail ãéããŠå©çšã§ããŸãã ãããã®ã€ãã³ã (AWS IAM ã³ã³ãœãŒã«ã®ãã°ã€ã³ãªã©) ã CloudTrail ã³ã³ãœãŒã«ãã衚瀺ããããAmazon Athena ã䜿çšããŠåæããããSplunkãAlienVault ãªã©ã®å€éšãœãªã¥ãŒã·ã§ã³ã«ãã¢ãŠããœãŒã·ã³ã°ããããã§ããŸãã AWS CloudTrail ãã°èªäœã¯ AWS S3 ãã±ããã«é 眮ãããŸãã
ä»ã® 30 ã€ã® AWS ãµãŒãã¹ã¯ããã®ä»ã®éèŠãªç£èŠæ©èœãå€æ°æäŸããŸãã ãŸããAmazon CloudWatch 㯠AWS ã®ãªãœãŒã¹ãšã¢ããªã±ãŒã·ã§ã³ã®ç£èŠãµãŒãã¹ã§ãããç¹ã«ã¯ã©ãŠãå
ã®ããŸããŸãªç°åžžãç¹å®ã§ããŸãã Amazon Elastic Compute Cloud (ãµãŒããŒ)ãAmazon Relational Database Service (ããŒã¿ããŒã¹)ãAmazon Elastic MapReduce (ããŒã¿åæ)ããã®ä» XNUMX ã® Amazon ãµãŒãã¹ãªã©ããã¹ãŠã®çµã¿èŸŒã¿ AWS ãµãŒãã¹ã¯ãAmazon CloudWatch ã䜿çšããŠãã°ãä¿åããŸãã éçºè
ã¯ãAmazon CloudWatch ã®ãªãŒãã³ API ã䜿çšããŠãã«ã¹ã¿ã ã¢ããªã±ãŒã·ã§ã³ããµãŒãã¹ã«ãã°ç£èŠæ©èœãè¿œå ããã»ãã¥ãªã㣠ã³ã³ããã¹ãå
ã®ã€ãã³ãåæã®ç¯å²ãæ¡åŒµã§ããŸãã
次ã«ãVPC ãã㌠ãã° ãµãŒãã¹ã䜿çšãããšãAWS ãµãŒã㌠(å€éšãŸãã¯å
éš) ããã³ãã€ã¯ããµãŒãã¹éã§éåä¿¡ããããããã¯ãŒã¯ ãã©ãã£ãã¯ãåæã§ããŸãã AWS VPC ãªãœãŒã¹ã®ããããããããã¯ãŒã¯ãšå¯Ÿè©±ãããšãVPC ãã㌠ãã°ã¯ãéä¿¡å
ããã³å®å
ã®ãããã¯ãŒã¯ ã€ã³ã¿ãŒãã§ã€ã¹ãIP ã¢ãã¬ã¹ãããŒãããããã³ã«ããã€ãæ°ããã±ããæ°ãªã©ã®ãããã¯ãŒã¯ ãã©ãã£ãã¯ã«é¢ãã詳现ãèšé²ããŸããèŠãã ããŒã«ã« ãããã¯ãŒã¯ ã»ãã¥ãªãã£ã®çµéšããã人ã¯ããããã¹ã¬ããã«äŒŒãŠãããšèªèããã§ãããã
èŠçŽãããšãããã XNUMX ã€ã® AWS ãµãŒãã¹ (AWS CloudTrailãAmazon CloudWatchãVPC Flow Logs) ãçµã¿åãããããšã§ãã¢ã«ãŠã³ãã®äœ¿çšç¶æ³ããŠãŒã¶ãŒã®è¡åãã€ã³ãã©ã¹ãã©ã¯ãã£ç®¡çãã¢ããªã±ãŒã·ã§ã³ãšãµãŒãã¹ã®ã¢ã¯ãã£ããã£ããããã¯ãŒã¯ ã¢ã¯ãã£ããã£ã«ã€ããŠã®éåžžã«åŒ·åãªæŽå¯ãåŸãããŸãã ããšãã°ã次ã®ç°åžžãæ€åºããããã«äœ¿çšã§ããŸãã
- ãµã€ãã®ã¹ãã£ã³ãããã¯ãã¢ã®æ€çŽ¢ãã404 ãšã©ãŒãã®ããŒã¹ãã«ããè匱æ§ã®æ€çŽ¢ãè©Šã¿ãŸãã
- ã500 ãšã©ãŒãã®ããŒã¹ãã«ããã€ã³ãžã§ã¯ã·ã§ã³æ»æ (SQL ã€ã³ãžã§ã¯ã·ã§ã³ãªã©)ã
- æ¢ç¥ã®æ»æããŒã«ã«ã¯ãsqlmapãniktoãw3afãnmap ãªã©ããããŸãã ãŠãŒã¶ãŒãšãŒãžã§ã³ããã£ãŒã«ãã®åæãéããŠã
ã¢ããŸã³ ãŠã§ã ãµãŒãã¹ã¯ãä»ã®å€ãã®åé¡ã解決ã§ãããµã€ããŒã»ãã¥ãªãã£ç®çã®ä»ã®ãµãŒãã¹ãéçºããŸããã ããšãã°ãAWS ã«ã¯ãããªã·ãŒãšæ§æãç£æ»ããããã®çµã¿èŸŒã¿ãµãŒãã¹ã§ãã AWS Config ããããŸãã ãã®ãµãŒãã¹ã¯ãAWS ãªãœãŒã¹ãšãã®æ§æã®ç¶ç¶çãªç£æ»ãæäŸããŸãã ç°¡åãªäŸãèŠãŠã¿ãŸãããããã¹ãŠã®ãµãŒããŒã§ãŠãŒã¶ãŒ ãã¹ã¯ãŒããç¡å¹ã«ãªã£ãŠããŠãã¢ã¯ã»ã¹ã蚌ææžã«åºã¥ããŠã®ã¿å¯èœã§ããããšã確èªããããšããŸãã AWS Config ã䜿çšãããšããã¹ãŠã®ãµãŒããŒã«ã€ããŠãããç°¡åã«ç¢ºèªã§ããŸãã ã¯ã©ãŠã ãµãŒããŒã«é©çšã§ããããªã·ãŒã¯ä»ã«ããããŸãããããŒã 22 ã䜿çšã§ãããµãŒããŒã¯ååšããªãããã管çè ã®ã¿ããã¡ã€ã¢ãŠã©ãŒã« ã«ãŒã«ãå€æŽã§ãããããŸãã¯ããŠãŒã¶ãŒ Ivashko ã®ã¿ãæ°ãããŠãŒã¶ãŒ ã¢ã«ãŠã³ããäœæã§ãã圌ã¯ç«ææ¥ã«ã®ã¿äœæã§ããŸããã ã 2016 幎ã®å€ãAWS Config ãµãŒãã¹ã¯ãéçºãããããªã·ãŒã®éåã®æ€åºãèªååããããã«æ¡åŒµãããŸããã AWS Config Rules ã¯åºæ¬çã«ã䜿çšãã Amazon ãµãŒãã¹ã«å¯Ÿããç¶ç¶çãªèšå®ãªã¯ãšã¹ãã§ããã察å¿ããããªã·ãŒã«éåããå Žåã«ã€ãã³ããçæããŸãã ããšãã°ãAWS Config ã¯ãšãªãå®æçã«å®è¡ããŠä»®æ³ãµãŒããŒäžã®ãã¹ãŠã®ãã£ã¹ã¯ãæå·åãããŠããããšã確èªãã代ããã«ãAWS Config ã«ãŒã«ã䜿çšããŠãµãŒããŒãã£ã¹ã¯ãç¶ç¶çã«ãã§ãã¯ãããã®æ¡ä»¶ãæºããããŠããããšã確èªã§ããŸãã ãããŠæãéèŠãªããšã¯ããã®åºçç©ã®æèã«ãããŠãéåã¯æ å ±ã»ãã¥ãªã㣠ãµãŒãã¹ã«ãã£ãŠåæã§ããã€ãã³ããçæããããšã§ãã
AWS ã«ã¯ãåŸæ¥ã®äŒæ¥æ
å ±ã»ãã¥ãªã㣠ãœãªã¥ãŒã·ã§ã³ãšåçã®ãœãªã¥ãŒã·ã§ã³ããããåæã§ãããåæãã¹ãã»ãã¥ãªã㣠ã€ãã³ããçæãããŸãã
- äŸµå ¥æ€ç¥ - AWS GuardDuty
- æ å ±æŒæŽ©ç®¡ç - AWS Macie
- EDR (ã¯ã©ãŠãå ã®ãšã³ããã€ã³ãã«ã€ããŠå°ãå¥åŠã«è©±ããŠããŸãã) - AWS Cloudwatch + ãªãŒãã³ãœãŒã¹ osquery ãŸã㯠GRR ãœãªã¥ãŒã·ã§ã³
- Netflow åæ - AWS Cloudwatch + AWS VPC ãããŒ
- DNS åæ - AWS Cloudwatch + AWS Route53
- AD - AWS ãã£ã¬ã¯ã㪠ãµãŒãã¹
- ã¢ã«ãŠã³ã管ç - AWS IAM
- SSO - AWS SSO
- ã»ãã¥ãªãã£åæ - AWS Inspector
- èšå®ç®¡ç - AWS Config
- WAF - AWS WAFã
æ å ±ã»ãã¥ãªãã£ã®èŠ³ç¹ãã圹ç«ã€å¯èœæ§ã®ãããã¹ãŠã® Amazon ãµãŒãã¹ã«ã€ããŠã¯è©³ãã説æããŸããã éèŠãªããšã¯ãããããã¹ãŠããæ å ±ã»ãã¥ãªãã£ã®ã³ã³ããã¹ãã§åæã§ããããŸãåæãã¹ãã€ãã³ããçæããå¯èœæ§ãããããšãç解ããããšã§ãããã®ç®çã®ããã«ãAmazon èªäœã®çµã¿èŸŒã¿æ©èœãšå€éšãœãªã¥ãŒã·ã§ã³ (ããšãã°ãSIEM) ã®äž¡æ¹ã䜿çšããŸããã»ãã¥ãªã㣠ã€ãã³ããç£èŠã»ã³ã¿ãŒã«æã¡èŸŒã¿ãä»ã®ã¯ã©ãŠã ãµãŒãã¹ãå éšã€ã³ãã©ã¹ãã©ã¯ãã£ãå¢çãã¢ãã€ã« ããã€ã¹ããã®ã€ãã³ããšãšãã«åæããŸãã
ãããã®å Žåããæ
å ±ã»ãã¥ãªã㣠ã€ãã³ããæäŸããããŒã¿ ãœãŒã¹ãããã¹ãŠãå§ãŸããŸãã ãããã®ãœãŒã¹ã«ã¯æ¬¡ã®ãã®ãå«ãŸããŸããããããã«éå®ãããŸããã
- CloudTrail - API ã®äœ¿çšæ³ãšãŠãŒã¶ãŒã®ã¢ã¯ã·ã§ã³
- Trusted Advisor - ãã¹ããã©ã¯ãã£ã¹ã«å¯Ÿããã»ãã¥ãªãã£ãã§ãã¯
- æ§æ - ã¢ã«ãŠã³ããšãµãŒãã¹èšå®ã®ã€ã³ãã³ããªãšæ§æ
- VPC ãã㌠ãã° - ä»®æ³ã€ã³ã¿ãŒãã§ã€ã¹ãžã®æ¥ç¶
- IAM - èå¥ããã³èªèšŒãµãŒãã¹
- ELB ã¢ã¯ã»ã¹ ãã° - ããŒã ãã©ã³ãµãŒ
- ã€ã³ã¹ãã¯ã¿ãŒ - ã¢ããªã±ãŒã·ã§ã³ã®è匱æ§
- S3 - ãã¡ã€ã«ã¹ãã¬ãŒãž
- CloudWatch - ã¢ããªã±ãŒã·ã§ã³ã¢ã¯ãã£ããã£
- SNSã¯éç¥ãµãŒãã¹ã§ãã
Amazon ã¯ãèªç€Ÿäžä»£åãã«ãã®ãããªå¹ åºãã€ãã³ã ãœãŒã¹ãšããŒã«ãæäŸããŠããŸãããæ å ±ã»ãã¥ãªãã£ã®èŠ³ç¹ããåéããããŒã¿ãåæããèœåã¯éåžžã«éãããŠããŸãã å©çšå¯èœãªãã°ãç¬èªã«èª¿æ»ãããã°å ã®äŸµå®³ã®é¢é£ããå åãæ¢ãå¿ èŠããããŸãã Amazon ãæè¿ç«ã¡äžãã AWS Security Hub ã¯ãAWS ã®ã¯ã©ãŠã SIEM ãšãªãããšã§ãã®åé¡ã解決ããããšãç®æããŠããŸãã ãããããããŸã§ã®ãšãããããã¯ãŸã æ ã®å§ãŸãã«ããããåäœãããœãŒã¹ã®æ°ãšãAmazon èªäœã®ã¢ãŒããã¯ãã£ãšãµãã¹ã¯ãªãã·ã§ã³ã«ãã£ãŠç¢ºç«ããããã®ä»ã®å¶éã®äž¡æ¹ã«ãã£ãŠå¶éãããŠããŸãã
äŸïŒAzureãããŒã¹ãšããIaaSã«ãããæ å ±ã»ãã¥ãªãã£ç£èŠ
XNUMX ã€ã®ã¯ã©ãŠã ãããã€ã㌠(AmazonãMicrosoftãGoogle) ã®ã©ããåªããŠãããã«ã€ããŠé·ãè°è«ãããã€ããã¯ãããŸãã (ç¹ã«ãããããã®ãããã€ããŒã«ã¯ãŸã ç¬èªã®ç¹åŸŽããããç¬èªã®åé¡ã解決ããã®ã«é©ããŠããããã§ã)ã ãããã®ãã¬ãŒã€ãŒãæäŸããæ å ±ã»ãã¥ãªãã£ç£èŠæ©èœã«çŠç¹ãåœãŠãŠã¿ãŸãããã Amazon AWS ã¯ãã®åéã§æåã®ãã®ã® XNUMX ã€ã§ãããããæ å ±ã»ãã¥ãªãã£æ©èœã®ç¹ã§æãé²æ©ããŠããããšãèªããªããã°ãªããŸãã (ãã ãã䜿ãã«ããããšã¯å€ãã®äººãèªããŠããŸã)ã ãããããã㯠Microsoft ãš Google ãæäŸããæ©äŒãç¡èŠãããšããæå³ã§ã¯ãããŸããã
Microsoft 補åã¯åžžã«ãã®ããªãŒãã³æ§ãã«ãã£ãŠéç«ã£ãŠããŸããããAzure ã§ãç¶æ³ã¯åæ§ã§ãã ããšãã°ãAWS ã GCP ãåžžã«ãçŠæ¢ãããŠãããã®ã¯çŠæ¢ãããããšããæŠå¿µã§é²ããããŠãããšããããAzure ã¯çéã®ã¢ãããŒãããšããŸãã ããšãã°ãã¯ã©ãŠãå ã«ä»®æ³ãããã¯ãŒã¯ãäœæãããã®äžã«ä»®æ³ãã·ã³ãäœæããå Žåãããã©ã«ãã§ãã¹ãŠã®ããŒããšãããã³ã«ããªãŒãã³ãããèš±å¯ãããŸãã ãããã£ãŠãMicrosoft ã®ã¯ã©ãŠãã§ã®ã¢ã¯ã»ã¹å¶åŸ¡ã·ã¹ãã ã®åæã»ããã¢ããã«ã¯ãããå°ãåŽåãè²»ããå¿ èŠããããŸãã ãŸããããã«ãããAzure ã¯ã©ãŠãã§ã®ã¢ã¯ãã£ããã£ã®ç£èŠã«é¢ããŠãããå³ããèŠä»¶ã課ããããŸãã
AWS ã«ã¯ãä»®æ³ãªãœãŒã¹ãç£èŠãããšãã«ãä»®æ³ãªãœãŒã¹ãç°ãªããªãŒãžã§ã³ã«ããå Žåããã¹ãŠã®ã€ãã³ããšãã®çµ±ååæãçµã¿åãããããšã¯å°é£ã§ããããããæé€ããã«ã¯ã次ã®ãããªããŸããŸãªããªãã¯ã«é Œãå¿
èŠããããšããç¹æ§ããããŸãããªãŒãžã§ã³éã§ã€ãã³ãã転éãã AWS Lambda çšã®ç¬èªã®ã³ãŒããäœæããŸãã Azure ã«ã¯ãã®åé¡ã¯ãããŸãããAzure ã®ã¢ã¯ãã£ãã㣠ãã° ã¡ã«ããºã ã¯ãçµç¹å
šäœã®ãã¹ãŠã®ã¢ã¯ãã£ããã£ãå¶éãªã远跡ããŸãã åãããšã AWS Security Hub ã«ãåœãŠã¯ãŸããŸããAWS Security Hub ã¯ãå€ãã®ã»ãã¥ãªãã£æ©èœã XNUMX ã€ã®ã»ãã¥ãªã㣠ã»ã³ã¿ãŒå
ã«çµ±åããããã« Amazon ã«ãã£ãŠæè¿éçºãããŸãããããã®å°åå
ã®ã¿ã§ããããã·ã¢ã«ã¯é¢ä¿ãããŸããã Azure ã«ã¯ãå°åã®å¶éã«çžãããªãç¬èªã®ã»ãã¥ãªã㣠ã»ã³ã¿ãŒããããã¯ã©ãŠã ãã©ãããã©ãŒã ã®ãã¹ãŠã®ã»ãã¥ãªãã£æ©èœãžã®ã¢ã¯ã»ã¹ãæäŸããŸãã ããã«ãããŸããŸãªããŒã«ã« ããŒã ã«å¯ŸããŠãããŒã ã管çããã»ãã¥ãªã㣠ã€ãã³ããªã©ãç¬èªã®ä¿è·æ©èœã»ãããæäŸã§ããŸãã AWS Security Hub ã¯ãAzure Security Center ã«äŒŒããã®ã«ãªãéäžã«ãããŸãã ãã ããããã«ã¯åé¡ãè¿œå ãã䟡å€ããããŸããAWS ã§åè¿°ããå€ãã®æ©èœã Azure ããçµãåºãããšãã§ããŸããããã㯠Azure ADãAzure Monitorãããã³ Azure Security Center ã«å¯ŸããŠã®ã¿è¡ãããã®ãæã䟿å©ã§ãã ã»ãã¥ãªã㣠ã€ãã³ãåæãå«ãä»ã®ãã¹ãŠã® Azure ã»ãã¥ãªã㣠ã¡ã«ããºã ã¯ããŸã æã䟿å©ãªæ¹æ³ã§ç®¡çãããŠããŸããã ãã®åé¡ã¯ããã¹ãŠã® Microsoft Azure ãµãŒãã¹ã«æµžéããŠãã API ã«ãã£ãŠéšåçã«è§£æ±ºãããŸãããããã«ã¯ãã¯ã©ãŠãã SOC ãšçµ±åããããã®è¿œå ã®åªåãšãè³æ Œã®ããã¹ãã·ã£ãªã¹ãã®ååšãå¿
èŠã«ãªããŸã (å®éãã¯ã©ãŠããšé£æºããä»ã® SIEM ãšåæ§)ã API)ã åŸã§èª¬æããäžéšã® SIEM ã¯ãã§ã« Azure ããµããŒãããŠãããç£èŠã¿ã¹ã¯ãèªååã§ããŸãããç¬èªã®é£ç¹ããããŸãããã¹ãŠã® SIEM ã Azure ã®ãã¹ãŠã®ãã°ãåéã§ããããã§ã¯ãããŸããã
Azure ã§ã®ã€ãã³ãã®åéãšç£èŠã¯ãMicrosoft ã¯ã©ãŠããšãã®ãªãœãŒã¹ (Git ãªããžããªãã³ã³ãããŒãä»®æ³ãã·ã³ãã¢ããªã±ãŒã·ã§ã³ãªã©) å
ã®ããŒã¿ãåéãä¿åãåæããããã®äž»èŠãªããŒã«ã§ãã Azure Monitor ãµãŒãã¹ã䜿çšããŠæäŸãããŸãã Azure Monitor ã«ãã£ãŠåéããããã¹ãŠã®ããŒã¿ã¯ããªã¢ã«ã¿ã€ã ã§åéãããAzure ã¯ã©ãŠãã®äž»èŠãªããã©ãŒãã³ã¹ææšãèšè¿°ããã¡ããªãã¯ãšãAzure ãªãœãŒã¹ãšãµãŒãã¹ã®ã¢ã¯ãã£ããã£ã®ç¹å®ã®åŽé¢ãç¹åŸŽä»ããã¬ã³ãŒãã«ç·šæãããããŒã¿ãå«ããã°ã® XNUMX ã€ã®ã«ããŽãªã«åé¡ãããŸãã ããã«ãããŒã¿ ã³ã¬ã¯ã¿ãŒ API ã䜿çšãããšãAzure Monitor ãµãŒãã¹ã¯ä»»æã® REST ãœãŒã¹ããããŒã¿ãåéããç¬èªã®ç£èŠã·ããªãªãæ§ç¯ã§ããŸãã
Azure ãæäŸããAzure PortalãCLIãPowerShellããŸã㯠REST API ãä»ããŠã¢ã¯ã»ã¹ã§ãã (äžéšã¯ Azure Monitor/Insight API ãä»ããŠã®ã¿) ããã€ãã®ã»ãã¥ãªã㣠ã€ãã³ã ãœãŒã¹ã次ã«ç€ºããŸãã
- ã¢ã¯ãã£ãã㣠ãã° - ãã®ãã°ã¯ãã¯ã©ãŠã ãªãœãŒã¹ã«å¯Ÿããæžã蟌ã¿æäœ (PUTãPOSTãDELETE) ã«é¢ããã誰ããããäœãããããã€ããšããå€å žçãªè³ªåã«çããŸãã èªã¿åãã¢ã¯ã»ã¹ (GET) ã«é¢é£ããã€ãã³ãã¯ãä»ã®å€ãã®ã€ãã³ããšåæ§ããã®ãã°ã«ã¯å«ãŸããŸããã
- 蚺æãã° - ãµãã¹ã¯ãªãã·ã§ã³ã«å«ãŸããç¹å®ã®ãªãœãŒã¹ã®æäœã«é¢ããããŒã¿ãå«ãŸããŸãã
- Azure AD ã¬ããŒã - ã°ã«ãŒããšãŠãŒã¶ãŒã®ç®¡çã«é¢é£ãããŠãŒã¶ãŒ ã¢ã¯ãã£ããã£ãšã·ã¹ãã ã¢ã¯ãã£ããã£ã®äž¡æ¹ãå«ãŸããŸãã
- Windows ã€ãã³ã ãã°ãš Linux Syslog - ã¯ã©ãŠãã§ãã¹ããããŠããä»®æ³ãã·ã³ããã®ã€ãã³ããå«ãŸããŸãã
- ã¡ããªã¯ã¹ - ã¯ã©ãŠã ãµãŒãã¹ãšãªãœãŒã¹ã®ããã©ãŒãã³ã¹ãšå¥å šæ§ã¹ããŒã¿ã¹ã«é¢ãããã¬ã¡ããªãå«ãŸããŸãã 30åããšã«æž¬å®ããä¿åããŸãã XNUMXæ¥ä»¥å ã«ã
- ãããã¯ãŒã¯ ã»ãã¥ãªã㣠ã°ã«ãŒã ãã㌠ãã° - Network Watcher ãµãŒãã¹ããã³ãããã¯ãŒã¯ ã¬ãã«ã§ã®ãªãœãŒã¹ç£èŠã䜿çšããŠåéããããããã¯ãŒã¯ ã»ãã¥ãªã㣠ã€ãã³ãã«é¢ããããŒã¿ãå«ãŸããŸãã
- ã¹ãã¬ãŒãž ãã° - ã¹ãã¬ãŒãžèšåãžã®ã¢ã¯ã»ã¹ã«é¢é£ããã€ãã³ããå«ãŸããŸãã
ç£èŠã«ã¯ãå€éš SIEM ãŸãã¯çµã¿èŸŒã¿ã® Azure Monitor ãšãã®æ¡åŒµæ©èœã䜿çšã§ããŸãã æ
å ±ã»ãã¥ãªã㣠ã€ãã³ã管çã·ã¹ãã ã«ã€ããŠã¯åŸã»ã©èª¬æããŸãããããã§ã¯ãã»ãã¥ãªãã£ã®èŠ³ç¹ãã Azure èªäœãããŒã¿åæã«äœãæäŸããŠãããããèŠãŠã¿ãŸãããã Azure Monitor ã®ã»ãã¥ãªãã£é¢é£ã®ãã¹ãŠã®ã¡ã€ã³ç»é¢ã¯ãLog Analytics ã®ã»ãã¥ãªãã£ãšç£æ»ããã·ã¥ããŒãã§ã (ç¡æçã§ã¯ãããã 5 é±éã®éãããéã®ã€ãã³ã ã¹ãã¬ãŒãžããµããŒããããŸã)ã ãã®ããã·ã¥ããŒãã¯ã䜿çšããŠããã¯ã©ãŠãç°å¢ã§äœãèµ·ãã£ãŠãããã®æŠèŠçµ±èšãèŠèŠåãã XNUMX ã€ã®äž»èŠãªé åã«åãããŠããŸãã
- ã»ãã¥ãªã㣠ãã¡ã€ã³ - æ å ±ã»ãã¥ãªãã£ã«é¢é£ããäž»èŠãªå®éçææš - ã€ã³ã·ãã³ãã®æ°ã䟵害ãããããŒãã®æ°ãããããé©çšãããŠããªãããŒãããããã¯ãŒã¯ ã»ãã¥ãªã㣠ã€ãã³ããªã©ã
- 泚ç®ãã¹ãåé¡ - é²è¡äžã®æ å ±ã»ãã¥ãªãã£åé¡ã®æ°ãšéèŠæ§ã衚瀺ããŸãã
- æ€åº - ããªãã«å¯ŸããŠäœ¿çšãããæ»æã®ãã¿ãŒã³ã衚瀺ããŸã
- è åšã€ã³ããªãžã§ã³ã¹ - æ»æããŠããå€éšããŒãã®å°çæ å ±ã衚瀺ããŸãã
- äžè¬çãªã»ãã¥ãªã㣠ã¯ãšãª - æ å ±ã»ãã¥ãªãã£ãããé©åã«ç£èŠããã®ã«åœ¹ç«ã€äžè¬çãªã¯ãšãªã
Azure Monitor æ¡åŒµæ©èœã«ã¯ãAzure Key Vault (ã¯ã©ãŠãå
ã®æå·ããŒã®ä¿è·)ãMalware Assessment (ä»®æ³ãã·ã³äžã®æªæã®ããã³ãŒãã«å¯Ÿããä¿è·ã®åæ)ãAzure Application Gateway Analytics (ç¹ã«ãã¯ã©ãŠã ãã¡ã€ã¢ãŠã©ãŒã« ãã°ã®åæ) ãªã©ãå«ãŸããŸãã ã ã€ãã³ããåŠçããããã®ç¹å®ã®ã«ãŒã«ã匷åããããããã®ããŒã«ã䜿çšãããšãã»ãã¥ãªãã£ãå«ãã¯ã©ãŠã ãµãŒãã¹ã®ã¢ã¯ãã£ããã£ã®ããŸããŸãªåŽé¢ãèŠèŠåããéçšããã®ç¹å®ã®éžè±ãç¹å®ã§ããŸãã ãã ããããããããšã§ãããè¿œå æ©èœã«ã¯å¯Ÿå¿ããææãµãã¹ã¯ãªãã·ã§ã³ãå¿
èŠã§ããã察å¿ãã財åæè³ãå¿
èŠãšãªããããäºåã«èšç»ããå¿
èŠããããŸãã
Azure ã«ã¯ãAzure ADãAzure Monitorãããã³ Azure Security Center ã«çµ±åãããè
åšç£èŠæ©èœãå€æ°çµã¿èŸŒãŸããŠããŸãã ãã®äžã«ã¯ãããšãã°ãä»®æ³ãã·ã³ãšæ¢ç¥ã®æªæã®ãã IP ãšã®çžäºäœçšã®æ€åº (Microsoft ã®è
åšã€ã³ããªãžã§ã³ã¹ ãµãŒãã¹ãšã®çµ±åã®ååšã«ãã)ãã¯ã©ãŠãã§ãã¹ããããŠããä»®æ³ãã·ã³ããã®ã¢ã©ãŒã ã®åä¿¡ã«ããã¯ã©ãŠã ã€ã³ãã©ã¹ãã©ã¯ãã£å
ã®ãã«ãŠã§ã¢ã®æ€åºããã¹ã¯ãŒããªã©ãå«ãŸããŸããä»®æ³ãã·ã³ã«å¯Ÿããæšæž¬æ»æããŠãŒã¶ãŒèå¥ã·ã¹ãã ã®æ§æã®è匱æ§ãã¢ãããã€ã¶ãŒãŸãã¯ææããããŒãããã®ã·ã¹ãã ãžã®ãã°ã€ã³ãã¢ã«ãŠã³ãæŒæŽ©ãéåžžãšã¯ç°ãªãå Žæããã®ã·ã¹ãã ãžã®ãã°ã€ã³ãªã©ã§ãã çŸåšã® Azure ã¯ãåéãããæ
å ±ã»ãã¥ãªã㣠ã€ãã³ãã匷åããçµã¿èŸŒã¿ã®è
åšã€ã³ããªãžã§ã³ã¹æ©èœãæäŸããæ°å°ãªãã¯ã©ãŠã ãããã€ããŒã® XNUMX ã€ã§ãã
åè¿°ããããã«ãã»ãã¥ãªãã£æ©èœãšãã®çµæçæãããã»ãã¥ãªã㣠ã€ãã³ãã¯ããã¹ãŠã®ãŠãŒã¶ãŒãå¹³çã«å©çšã§ããããã§ã¯ãããŸããããæ
å ±ã»ãã¥ãªãã£ç£èŠã«é©åãªã€ãã³ããçæãããå¿
èŠãªæ©èœãå«ãç¹å®ã®ãµãã¹ã¯ãªãã·ã§ã³ãå¿
èŠã§ãã ããšãã°ãåã®æ®µèœã§èª¬æããã¢ã«ãŠã³ãã®ç°åžžãç£èŠããæ©èœã®äžéšã¯ãAzure AD ãµãŒãã¹ã® P2 ãã¬ãã¢ã ã©ã€ã»ã³ã¹ã§ã®ã¿å©çšã§ããŸãã ããããªããšãAWS ã®å Žåãšåæ§ã«ãåéãããã»ãã¥ãªã㣠ã€ãã³ãããæåãã§åæããå¿
èŠããããŸãã ãŸããAzure AD ã©ã€ã»ã³ã¹ã®çš®é¡ã«ãã£ãŠã¯ããã¹ãŠã®ã€ãã³ããåæã«å©çšã§ããããã§ã¯ãããŸããã
Azure portal ã§ã¯ãé¢å¿ã®ãããã°ã®æ€çŽ¢ã¯ãšãªã管çããããäž»èŠãªæ å ±ã»ãã¥ãªãã£ææšãèŠèŠåããããã®ããã·ã¥ããŒããèšå®ãããã§ããŸãã ããã«ããã㧠Azure Monitor æ¡åŒµæ©èœãéžæããããšãã§ããŸããããã«ãããAzure Monitor ãã°ã®æ©èœãæ¡åŒµããã»ãã¥ãªãã£ã®èŠ³ç¹ããã€ãã³ããããæ·±ãåæã§ããŸãã
ãã°ãæäœããæ©èœã ãã§ãªããæ
å ±ã»ãã¥ãªã㣠ããªã·ãŒç®¡çãå«ã Azure ã¯ã©ãŠã ãã©ãããã©ãŒã ã®å
æ¬çãªã»ãã¥ãªã㣠ã»ã³ã¿ãŒãå¿
èŠãªå Žåã¯ãAzure Security Center ãšé£æºããå¿
èŠæ§ã«ã€ããŠè©±ãããšãã§ããŸããAzure Security Center ã®äŸ¿å©ãªæ©èœã®ã»ãšãã©ã¯ãããšãã°ãè
åšã®æ€åºãAzure å€éšã®ç£èŠãã³ã³ãã©ã€ã¢ã³ã¹è©äŸ¡ãªã©ã¯ãããçšåºŠã®ãéãæ¯æãã°å©çšã§ããŸãã (ç¡æçã§ã¯ãã»ãã¥ãªãã£è©äŸ¡ãšãç¹å®ãããåé¡ãæé€ããããã®æšå¥šäºé
ã«ã®ã¿ã¢ã¯ã»ã¹ã§ããŸã)ã ãã¹ãŠã®ã»ãã¥ãªãã£åé¡ã 365 ãæã«çµ±åââããŸãã å®éãAzure Monitor ãæäŸãããããé«ãã¬ãã«ã®æ
å ±ã»ãã¥ãªãã£ã«ã€ããŠè©±ãããšãã§ããŸãããã®å Žåãã¯ã©ãŠã ãã¡ã¯ããªå
šäœã§åéãããããŒã¿ã¯ãAzureãOffice XNUMXãMicrosoft CRM onlineãMicrosoft Dynamics AX ãªã©ã®å€ãã®ãœãŒã¹ã䜿çšããŠåŒ·åãããããã§ãã ãoutlook .comãMSN.comãMicrosoft Digital Crimes Unit (DCU)ãããã³ Microsoft Security Response Center (MSRC) ã«ã¯ãããŸããŸãªé«åºŠãªæ©æ¢°åŠç¿ããã³è¡ååæã¢ã«ãŽãªãºã ãéããããŠãããæçµçã«ã¯è
åšã®æ€åºãšå¯Ÿå¿ã®å¹çãåäžããŸãã ã
Azure ã«ãç¬èªã® SIEM ãããã2019 幎ã®åãã«ç»å ŽããŸããã ãã㯠Azure Sentinel ã§ãAzure Monitor ããã®ããŒã¿ã«äŸåããŠãããçµ±åããããšãã§ããŸãã å€éšã»ãã¥ãªã㣠ãœãªã¥ãŒã·ã§ã³ (NGFW ã WAF ãªã©) ã®ãªã¹ãã¯å¢ãç¶ããŠããŸãã ããã«ãMicrosoft Graph Security API ã®çµ±åã«ãããç¬èªã®è åšã€ã³ããªãžã§ã³ã¹ ãã£ãŒãã Sentinel ã«æ¥ç¶ã§ããããã«ãªããAzure ã¯ã©ãŠãå ã®ã€ã³ã·ãã³ããåæããæ©èœã匷åãããŸãã Azure Sentinel ã¯ãã¯ã©ãŠã ãããã€ããŒããç»å Žããæåã®ããã€ãã£ãã SIEM ã§ãããšäž»åŒµã§ããŸã (AWS ãªã©ã®ã¯ã©ãŠãã§ãã¹ãã§ããåã Splunk ã ELK ã¯ãåŸæ¥ã®ã¯ã©ãŠã ãµãŒãã¹ ãããã€ããŒã«ãã£ãŠãŸã éçºãããŠããŸãã)ã Azure Sentinel ãš Security Center ã¯ãAzure ã¯ã©ãŠãã® SOC ãšåŒã°ããã€ã³ãã©ã¹ãã©ã¯ãã£ããªããªãããã¹ãŠã®ã³ã³ãã¥ãŒãã£ã³ã° ãªãœãŒã¹ãã¯ã©ãŠãã«è»¢éããå Žåã(ç¹å®ã®æ¡ä»¶ä»ãã§) ãããã«éå®ãããå¯èœæ§ããããããã Microsoft ã¯ã©ãŠã Azure ã«ãªããŸãã
ãã ããæ
å ±ã»ãã¥ãªãã£ãç£èŠãããã®ããã»ã¹ãä»ã®ã»ãã¥ãªã㣠ã€ãã³ã ãœãŒã¹ (ã¯ã©ãŠããšå
éšã®äž¡æ¹) ãšçµ±åãããšããç®çã«ã¯ãAzure ã®çµã¿èŸŒã¿æ©èœ (Sentinel ã®ãµãã¹ã¯ãªãã·ã§ã³ãæã£ãŠããå Žåã§ã) ã§ã¯äžååãªå Žåãå€ããããåéããããŒã¿ãå€éšã·ã¹ãã (SIEM ãå«ãå Žåããã) ã«ãšã¯ã¹ããŒãããå¿
èŠããããŸãã ããã¯ãAPI ãšç¹å¥ãªæ¡åŒµæ©èœã®äž¡æ¹ã䜿çšããŠè¡ãããŸãããããã®æ¡åŒµæ©èœã¯çŸåšãSplunk (Splunk çš Azure Monitor ã¢ããªã³)ãIBM QRadar (Microsoft Azure DSM)ãSumoLogicãArcSightãELK ã® SIEM ã§ã®ã¿æ£åŒã«å©çšå¯èœã§ãã æè¿ãŸã§ããã®ãã㪠SIEM ã¯ããã«å€ããããŸãããã1 幎 2019 æ XNUMX æ¥ãããMicrosoft 㯠Azure Log Integration Tool (AzLog) ã®ãµããŒããåæ¢ããŸãããããã¯ãAzure ã®ååšé»ææã§ããããã°ã®æäœã«é¢ããéåžžã®æšæºåããªãã£ãããã§ã (Azure Monitor ã¯ãŸã ååšããŠããŸããã§ãã) ã«ãããå€éš SIEM ã Microsoft ã¯ã©ãŠããšç°¡åã«çµ±åã§ããããã«ãªããŸããã çŸåšã§ã¯ç¶æ³ãå€ãããMicrosoft ã¯ä»ã® SIEM ã®äž»èŠãªçµ±åããŒã«ãšã㊠Azure Event Hub ãã©ãããã©ãŒã ãæšå¥šããŠããŸãã å€ãã®äŒæ¥ã¯ãã§ã«ãã®ãããªçµ±åãå®è£
ããŠããŸããããã¹ãŠã® Azure ãã°ããã£ããã£ãããããã§ã¯ãªããäžéšã®ã¿ããã£ããã£ãããå¯èœæ§ãããããšã«æ³šæããŠãã ãã (SIEM ã®ããã¥ã¡ã³ããåç
§ããŠãã ãã)ã
Azure ã«ã€ããŠã®ç°¡åãªèª¬æã®ç· ãããããšããŠããã®ã¯ã©ãŠã ãµãŒãã¹ã«é¢ããäžè¬çãªæšå¥šäºé ãè¿°ã¹ãããšæããŸããAzure ã®æ å ±ã»ãã¥ãªãã£ç£èŠæ©èœã«ã€ããŠäœããèšãåã«ãããããéåžžã«æ éã«æ§æããããã¥ã¡ã³ãã«èšèŒãããŠãããšããã«æ©èœããããšããã¹ãããå¿ èŠããããŸããã³ã³ãµã«ã¿ã³ãã Microsoft ã«èªã£ããšããã§ã (ãŸããã³ã³ãµã«ã¿ã³ã㯠Azure é¢æ°ã®æ©èœã«ã€ããŠç°ãªãèŠè§£ãæã£ãŠããå¯èœæ§ããããŸã)ã 財åãªãœãŒã¹ãããã°ãæ å ±ã»ãã¥ãªãã£ç£èŠã®èŠ³ç¹ãã Azure ããå€ãã®æçãªæ å ±ãçµãåºãããšãã§ããŸãã AWS ã®å Žåã®ããã«ãªãœãŒã¹ãéãããŠããå Žåã¯ãèªåã®åãš Azure Monitor ãæäŸããçããŒã¿ã®ã¿ã«é Œãå¿ èŠããããŸãã ãŸããå€ãã®ç£èŠæ©èœã«ã¯è²»çšãããããããäºåã«äŸ¡æ Œããªã·ãŒãããç解ããŠããããšããå§ãããŸãã ããšãã°ãç¡æã§ã顧客ãããæ倧 31 GB ãŸã§ 5 æ¥éã®ããŒã¿ãä¿åã§ããŸãããããã®å€ãè¶ ãããšãè¿œå ã®ãéãæ¯æãå¿ èŠããããŸã (顧客ããè¿œå ã® 2 GB ãä¿åããå Žåã¯çŽ 0,1 ãã«ä»¥äžã1 ãã«ä»¥äžã®å Žå㯠XNUMX ãã«)è¿œå æããšã« XNUMX GB ãä¿åããŸã)ã ã¢ããªã±ãŒã·ã§ã³ ãã¬ã¡ããªãšã¡ããªã¯ã¹ã®æäœã«ã¯ãã¢ã©ãŒããšéç¥ã®æäœã ãã§ãªããè¿œå ã®è³éãå¿ èŠã«ãªãå ŽåããããŸã (äžå®ã®å¶éã¯ç¡æã§å©çšã§ããŸãããããŒãºã«ã¯ååã§ã¯ãªãå ŽåããããŸã)ã
äŸïŒGoogle Cloud PlatformãããŒã¹ãšããIaaSã«ãããæ å ±ã»ãã¥ãªãã£ç£èŠ
Google Cloud Platform 㯠AWS ã Azure ãšæ¯ã¹ããšãŸã è¥ãããã«èŠããŸãããããã¯éšåçã«ã¯è¯ãããšã§ãã AWS ãšã¯ç°ãªããã»ãã¥ãªãã£æ©èœãå«ãæ©èœãåŸã ã«åŒ·åããŸããããäžå åã«åé¡ããããŸããã GCP ã¯ãAzure ãšåæ§ã«äžå 管çãã¯ããã«åªããŠãããããäŒæ¥å šäœã§ã®ãšã©ãŒãšå®è£ æéãåæžãããŸãã ã»ãã¥ãªãã£ã®èŠ³ç¹ããèŠããšãå¥åŠãªããšã«ãGCP 㯠AWS ãš Azure ã®éã«äœçœ®ããŸãã 圌ã¯çµç¹å šäœã«å¯Ÿããåäžã®ã€ãã³ãç»é²ãè¡ã£ãŠããŸãããããã¯äžå®å šã§ãã äžéšã®æ©èœã¯ãŸã ããŒã¿çã§ãããåŸã ã«ãã®æ¬ é¥ã¯è§£æ¶ãããGCP ã¯æ å ±ã»ãã¥ãªãã£ç£èŠã®ç¹ã§ããæçãããã©ãããã©ãŒã ã«ãªãã¯ãã§ãã
GCP ã§ã€ãã³ãããã°ã«èšé²ããããã®äž»ãªããŒã«ã¯ Stackdriver Logging (Azure Monitor ãšåæ§) ã§ããããã䜿çšãããšãã¯ã©ãŠã ã€ã³ãã©ã¹ãã©ã¯ãã£å
šäœ (AWS ããã ãã§ãªã) ã§ã€ãã³ããåéã§ããŸãã GCP ã®ã»ãã¥ãªãã£ã®èŠ³ç¹ãããåçµç¹ããããžã§ã¯ãããŸãã¯ãã©ã«ããŒã«ã¯æ¬¡ã® XNUMX ã€ã®ãã°ããããŸãã
- 管çã¢ã¯ãã£ãã㣠- ä»®æ³ãã·ã³ã®äœæãã¢ã¯ã»ã¹æš©ã®å€æŽãªã©ã管çã¢ã¯ã»ã¹ã«é¢é£ãããã¹ãŠã®ã€ãã³ããå«ãŸããŸãã ãã®ãã°ã¯ãŠãŒã¶ãŒã®åžæã«é¢ä¿ãªãåžžã«æžã蟌ãŸããããŒã¿ã¯ 400 æ¥éä¿åãããŸãã
- ããŒã¿ ã¢ã¯ã»ã¹ - ã¯ã©ãŠã ãŠãŒã¶ãŒã«ããããŒã¿ã®æäœ (äœæãå€æŽãèªã¿åããªã©) ã«é¢é£ãããã¹ãŠã®ã€ãã³ããå«ãŸããŸãã ãã®ãã°ã®éã¯æ¥éã«å¢å€§ãããããããã©ã«ãã§ã¯ãã®ãã°ã¯æžã蟌ãŸããŸããã ãã®ãããè³å³æéã¯30æ¥ãããããŸããã ãŸããæ¬èªã«ãã¹ãŠãæžãããŠããããã§ã¯ãããŸããã ããšãã°ããã¹ãŠã®ãŠãŒã¶ãŒããããªãã¯ã«ã¢ã¯ã»ã¹ã§ãããªãœãŒã¹ããŸã㯠GCP ã«ãã°ã€ã³ããã«ã¢ã¯ã»ã¹ã§ãããªãœãŒã¹ã«é¢é£ããã€ãã³ãã¯ãGCP ã«æžã蟌ãŸããŸããã
- ã·ã¹ãã ã€ãã³ã - ãŠãŒã¶ãŒã«é¢ä¿ã®ãªãã·ã¹ãã ã€ãã³ãããŸãã¯ã¯ã©ãŠã ãªãœãŒã¹ã®æ§æãå€æŽãã管çè ã®ã¢ã¯ã·ã§ã³ãå«ãŸããŸãã åžžã«æžã蟌ãŸãã400 æ¥éä¿åãããŸãã
- ã¢ã¯ã»ã¹ã®éææ§ã¯ãè·åã®äžç°ãšããŠã€ã³ãã©ã¹ãã©ã¯ãã£ã«ã¢ã¯ã»ã¹ãã Google åŸæ¥å¡ã®ãã¹ãŠã®ã¢ã¯ã·ã§ã³ (ãã ãããã¹ãŠã® GCP ãµãŒãã¹ã«ã€ããŠã¯ãŸã 察象ã§ã¯ãããŸãã) ããã£ããã£ãããã°ã®ãŠããŒã¯ãªäŸã§ãã ãã®ãã°ã¯ 400 æ¥éä¿åããããã¹ãŠã® GCP ã¯ã©ã€ã¢ã³ããå©çšã§ããããã§ã¯ãããŸããããããã€ãã®æ¡ä»¶ïŒãŽãŒã«ããŸãã¯ãã©ãã ã¬ãã«ã®ãµããŒãããŸãã¯äŒæ¥ãµããŒãã®äžç°ãšããŠã®ç¹å®ã®çš®é¡ã® 4 ã€ã®åœ¹å²ã®ååšïŒãæºããããå Žåã«ã®ã¿å©çšã§ããŸãã åæ§ã®æ©èœã¯ãããšãã° Office 365 - Lockbox ã§ãå©çšã§ããŸãã
ãã°ã®äŸ: ã¢ã¯ã»ã¹ã®éææ§
{
insertId: "abcdefg12345"
jsonPayload: {
@type: "type.googleapis.com/google.cloud.audit.TransparencyLog"
location: {
principalOfficeCountry: "US"
principalEmployingEntity: "Google LLC"
principalPhysicalLocationCountry: "CA"
}
product: [
0: "Cloud Storage"
]
reason: [
detail: "Case number: bar123"
type: "CUSTOMER_INITIATED_SUPPORT"
]
accesses: [
0: {
methodName: "GoogleInternal.Read"
resourceName: "//googleapis.com/storage/buckets/[BUCKET_NAME]/objects/foo123"
}
]
}
logName: "projects/[PROJECT_NAME]/logs/cloudaudit.googleapis.com%2Faccess_transparency"
operation: {
id: "12345xyz"
}
receiveTimestamp: "2017-12-18T16:06:37.400577736Z"
resource: {
labels: {
project_id: "1234567890"
}
type: "project"
}
severity: "NOTICE"
timestamp: "2017-12-18T16:06:24.660001Z"
}
ãããã®ãã°ãžã®ã¢ã¯ã»ã¹ã¯ããã° ãã¥ãŒã¢ ã€ã³ã¿ãŒãã§ã€ã¹ãAPIãGoogle Cloud SDKããŸãã¯å¯Ÿè±¡ãããžã§ã¯ãã®ã¢ã¯ãã£ãã㣠ããŒãžãªã©ãããã€ãã®æ¹æ³ (åè¿°ã® Azure ããã³ AWS ãšã»ãŒåãæ¹æ³) ã§å¯èœã§ããã€ãã³ãã«èå³ãããã åæ§ã«ãè¿œå ã®åæã®ããã«å€éšãœãªã¥ãŒã·ã§ã³ã«ãšã¯ã¹ããŒãã§ããŸãã åŸè ã¯ããã°ã BigQuery ãŸã㯠Cloud Pub/Sub ã¹ãã¬ãŒãžã«ãšã¯ã¹ããŒãããããšã§å®è¡ãããŸãã
Stackdriver Logging ã«å ããŠãGCP ãã©ãããã©ãŒã 㯠Stackdriver Monitoring æ©èœãæäŸããŸããããã«ãããã¯ã©ãŠã ãµãŒãã¹ãšã¢ããªã±ãŒã·ã§ã³ã®äž»èŠãªææš (ããã©ãŒãã³ã¹ãMTBFãå šäœçãªå¥å šæ§ãªã©) ãç£èŠã§ããŸãã åŠçããã³èŠèŠåãããããŒã¿ã«ãããã»ãã¥ãªãã£ã®ã³ã³ããã¹ããå«ããã¯ã©ãŠã ã€ã³ãã©ã¹ãã©ã¯ãã£ã®åé¡ãèŠã€ãããããªããŸãã ãã ããæ å ±ã»ãã¥ãªãã£ã®èŠ³ç¹ããã¯ããã®æ©èœã¯ããŸãè±å¯ã§ã¯ãªãããšã«æ³šæããŠãã ãããçŸåšãGCP ã«ã¯åã AWS GuardDuty ã«çžåœãããã®ããªããç»é²ãããŠãããã¹ãŠã®ã€ãã³ãã®äžããæªè³ªãªã€ãã³ããç¹å®ã§ããªãããã§ã (Google ã¯ã€ãã³ãè åšæ€åºãéçºããŸããããã ãããŸã ããŒã¿çã§éçºäžã®ããããã®æçšæ§ã«ã€ããŠè©±ãã®ã¯ææå°æ©ã§ã)ã Stackdriver Monitoring ã¯ãç°åžžãæ€åºããã·ã¹ãã ãšããŠäœ¿çšã§ããç°åžžãçºçããåå ã調æ»ããããã«èª¿æ»ãããŸãã ããããåžå Žã« GCP æ å ±ã»ãã¥ãªãã£ã®åéã§è³æ Œã®ãã人æãäžè¶³ããŠããããšãèãããšããã®èª²é¡ã¯çŸæç¹ã§ã¯å°é£ã§ããããã«èŠããŸãã
GCP ã¯ã©ãŠãå
ã§äœ¿çšã§ããAWS ãæäŸãããã®ãšåæ§ã®æ
å ±ã»ãã¥ãªã㣠ã¢ãžã¥ãŒã«ã®ãªã¹ããããã€ãæäŸããããšã䟡å€ããããŸãã
- Cloud Security Command Center ã¯ãAWS Security Hub ããã³ Azure Security Center ã«äŒŒãŠããŸãã
- ã¯ã©ãŠã DLP - 90 ãè¶ ããäºåå®çŸ©ãããåé¡ããªã·ãŒã䜿çšããŠãã¯ã©ãŠãã§ãã¹ããããŠããããŒã¿ãèªåçã«æ€åºããã³ç·šé (ãã¹ãã³ã°ãªã©) ããŸãã
- Cloud Scanner ã¯ãApp EngineãCompute EngineãGoogle Kubernetes ã®æ¢ç¥ã®èåŒ±æ§ (XSSãFlash Injectionãããããé©çšãããŠããªãã©ã€ãã©ãªãªã©) ãæ€åºããã¹ãã£ãã§ãã
- Cloud IAM - ãã¹ãŠã® GCP ãªãœãŒã¹ãžã®ã¢ã¯ã»ã¹ãå¶åŸ¡ããŸãã
- Cloud Identity - GCP ãŠãŒã¶ãŒãããã€ã¹ãã¢ããªã±ãŒã·ã§ã³ã®ã¢ã«ãŠã³ããåäžã®ã³ã³ãœãŒã«ãã管çããŸãã
- ã¯ã©ãŠã HSM - æå·ããŒã®ä¿è·ã
- Cloud Key Management Service - GCP ã§ã®æå·éµã®ç®¡çã
- VPC Service Control - GCP ãªãœãŒã¹ã®åšå²ã«å®å šãªå¢çãäœæãããªãœãŒã¹ãæŒæŽ©ããä¿è·ããŸãã
- Titan ã»ãã¥ãªã㣠ã㌠- ãã£ãã·ã³ã°ããã®ä¿è·ã
ãããã®ã¢ãžã¥ãŒã«ã®å€ãã¯ãåæã®ããã« BigQuery ã¹ãã¬ãŒãžã«éä¿¡ããããSIEM ãªã©ã®ä»ã®ã·ã¹ãã ã«ãšã¯ã¹ããŒããããã§ããã»ãã¥ãªã㣠ã€ãã³ããçæããŸãã åè¿°ããããã«ãGCP ã¯ç©æ¥µçã«éçºäžã®ãã©ãããã©ãŒã ã§ãããGoogle ã¯çŸåšããã®ãã©ãããã©ãŒã çšã«å€æ°ã®æ°ããæ
å ±ã»ãã¥ãªã㣠ã¢ãžã¥ãŒã«ãéçºããŠããŸãã ãã®äžã«ã¯ãStackdriver ãã°ãã¹ãã£ã³ããŠäžæ£ãªã¢ã¯ãã£ããã£ã®çè·¡ãæ¢ã Event Threat Detection (çŸåšããŒã¿çã§å©çšå¯èœ) (AWS ã® GuardDuty ã«é¡äŒŒ) ããã€ã³ããªãžã§ã³ããªããªã·ãŒãéçºã§ããããã«ãã Policy Intelligence (ã¢ã«ãã¡çã§å©çšå¯èœ) ããããŸãã GCP ãªãœãŒã¹ãžã®ã¢ã¯ã»ã¹ã
äžè¬çãªã¯ã©ãŠã ãã©ãããã©ãŒã ã«çµã¿èŸŒãŸããŠããç£èŠæ©èœã«ã€ããŠç°¡åã«æŠèŠã説æããŸããã ãããããçã®ãIaaS ãããã€ã㌠ãã°ãåŠçã§ããå°é家ã¯ããŸãã (誰ãã AWSãAzureããŸã㯠Google ã®é«åºŠãªæ©èœãè³Œå ¥ããæºåãã§ããŠããããã§ã¯ãããŸãã)ã ããã«ãå€ãã®äººã¯ãä¿¡é Œãããæ€èšŒããããšããæ Œèšãããç¥ã£ãŠããŸãããããã¯ã»ãã¥ãªãã£ã®åéã§ã¯ãããŸã§ä»¥äžã«çå®ã§ãã æ å ±ã»ãã¥ãªã㣠ã€ãã³ããéä¿¡ããã¯ã©ãŠã ãããã€ããŒã®çµã¿èŸŒã¿æ©èœãã©ã®çšåºŠä¿¡é ŒããŸãã? 圌ãã¯æ å ±ã»ãã¥ãªãã£ã«ã©ã®çšåºŠéç¹ã眮ããŠããŸãã?
çµã¿èŸŒã¿ã®ã¯ã©ãŠã ã»ãã¥ãªãã£ãè£å®ã§ãããªãŒããŒã¬ã€ ã¯ã©ãŠã ã€ã³ãã©ã¹ãã©ã¯ãã£ç£èŠãœãªã¥ãŒã·ã§ã³ãæ€èšãã䟡å€ãããå Žåãããã°ããã®ãããªãœãªã¥ãŒã·ã§ã³ãã¯ã©ãŠãã§ãã¹ããããŠããããŒã¿ãšã¢ããªã±ãŒã·ã§ã³ã®ã»ãã¥ãªãã£ã«ã€ããŠæŽå¯ãåŸãå¯äžã®éžæè¢ã§ããå ŽåããããŸãã ããã«ãããŸããŸãªã¯ã©ãŠã ãããã€ããŒã®ããŸããŸãªã¯ã©ãŠã ãµãŒãã¹ã«ãã£ãŠçæãããå¿ èŠãªãã°ãåæããã¿ã¹ã¯ããã¹ãŠåŒãåããã®ã§ãåçŽã«äŸ¿å©ã§ãã ãã®ãããªãªãŒããŒã¬ã€ ãœãªã¥ãŒã·ã§ã³ã®äŸãšããŠã¯ãCisco Stealthwatch Cloud ããããŸããããã¯ãAmazon AWSãMicrosoft AzureãGoogle Cloud Platform ã ãã§ãªãããã©ã€ããŒã ã¯ã©ãŠããªã©ã®ã¯ã©ãŠãç°å¢ã«ãããæ å ±ã»ãã¥ãªãã£ã®ç°åžžãç£èŠãããšãã XNUMX ã€ã®ã¿ã¹ã¯ã«éç¹ã眮ããŠããŸãã
äŸ: Stealthwatch Cloud ã䜿çšããæ å ±ã»ãã¥ãªãã£ç£èŠ
AWS ã¯æè»ãªã³ã³ãã¥ãŒãã£ã³ã° ãã©ãããã©ãŒã ãæäŸããŸããããã®æè»æ§ã«ãããäŒæ¥ã¯ã»ãã¥ãªãã£åé¡ã«ã€ãªããééããç¯ãããããªããŸãã ãããŠãå ±ææ å ±ã»ãã¥ãªã㣠ã¢ãã«ã¯ããã«è²¢ç®ããã ãã§ãã æªç¥ã®è匱æ§ïŒæ¢ç¥ã®è匱æ§ã¯ãAWS Inspector ã GCP Cloud Scanner ãªã©ã§å¯ŸåŠã§ããïŒãè匱ãªãã¹ã¯ãŒããäžæ£ãªæ§æãå éšé¢ä¿è ãªã©ãæ±ããã¯ã©ãŠãã§ãœãããŠã§ã¢ãå®è¡ããŠããã ããããã¹ãŠã¯ã¯ã©ãŠã ãªãœãŒã¹ã®åäœã«åæ ãããŠãããæ å ±ã»ãã¥ãªãã£ã®ç£èŠããã³æ»ææ€åºã·ã¹ãã ã§ãã Cisco Stealthwatch Cloud ã«ãã£ãŠç£èŠã§ããŸãã ãããªãã¯ã¯ã©ãŠããšãã©ã€ããŒãã¯ã©ãŠãã
Cisco Stealthwatch Cloud ã®éèŠãªæ©èœã® XNUMX ã€ã¯ããšã³ãã£ãã£ãã¢ãã«åããæ©èœã§ãã ããã䜿çšãããšãåã¯ã©ãŠã ãªãœãŒã¹ (AWSãAzureãGCPããŸãã¯ãã®ä»ã®ãã®ã§ãããã©ããã¯é¢ä¿ãããŸãã) ã®ãœãããŠã§ã¢ ã¢ãã« (ã€ãŸããã»ãŒãªã¢ã«ã¿ã€ã ã®ã·ãã¥ã¬ãŒã·ã§ã³) ãäœæã§ããŸãã ãããã«ã¯ããµãŒããŒãšãŠãŒã¶ãŒã«å ããŠãã»ãã¥ãªã㣠ã°ã«ãŒããèªåã¹ã±ãŒã« ã°ã«ãŒããªã©ãã¯ã©ãŠãç°å¢ã«åºæã®ãªãœãŒã¹ ã¿ã€ããå«ãŸããå ŽåããããŸãã ãããã®ã¢ãã«ã¯ãã¯ã©ãŠã ãµãŒãã¹ã«ãã£ãŠæäŸãããæ§é åããŒã¿ ã¹ããªãŒã ãå
¥åãšããŠäœ¿çšããŸãã ããšãã°ãAWS ã®å Žåãããã㯠VPC ãã㌠ãã°ãAWS CloudTrailãAWS CloudWatchãAWS ConfigãAWS InspectorãAWS LambdaãAWS IAM ã«ãªããŸãã ãšã³ãã£ã㣠ã¢ããªã³ã°ã¯ããªãœãŒã¹ã®åœ¹å²ãšåäœãèªåçã«æ€åºããŸã (ãã¹ãŠã®ã¯ã©ãŠã ã¢ã¯ãã£ããã£ã®ãããã¡ã€ãªã³ã°ã«ã€ããŠè©±ãããšãã§ããŸã)ã ãããã®åœ¹å²ã«ã¯ãAndroid ãŸã㯠Apple ã¢ãã€ã« ããã€ã¹ãCitrix PVS ãµãŒããŒãRDP ãµãŒããŒãã¡ãŒã« ã²ãŒããŠã§ã€ãVoIP ã¯ã©ã€ã¢ã³ããã¿ãŒããã« ãµãŒããŒããã¡ã€ã³ ã³ã³ãããŒã©ãŒãªã©ãå«ãŸããŸãã ãã®åŸããŠãŒã¶ãŒã®è¡åãç¶ç¶çã«ç£èŠããŠãå±éºãªè¡åãå®å
šãè
ããè¡åããã€çºçããããå€æããŸãã ãã¹ã¯ãŒãæšæž¬ãDDoS æ»æãããŒã¿æŒæŽ©ãéæ³ãªãªã¢ãŒã ã¢ã¯ã»ã¹ãæªæã®ããã³ãŒãã®ã¢ã¯ãã£ããã£ãè匱æ§ã¹ãã£ã³ããã®ä»ã®è
åšãç¹å®ã§ããŸãã ããšãã°ãçµç¹ã«ãšã£ãŠå
žåçã§ã¯ãªãåœ (éåœ) ãã SSH çµç±ã§ Kubernetes ã¯ã©ã¹ã¿ãŒãžã®ãªã¢ãŒã ã¢ã¯ã»ã¹è©Šè¡ãæ€åºãããšã次ã®ããã«ãªããŸãã
ãããŠããããŸã§äº€æµããªãã£ãåœãžã® Postgress ããŒã¿ããŒã¹ããã®æ
å ±æŒæŽ©çæã¯æ¬¡ã®ãããªãã®ã§ãã
æåŸã«ãäžåœãšã€ã³ããã·ã¢ããã®å€éšãªã¢ãŒã ããã€ã¹ããã® SSH è©Šè¡ã®å€±æäŸã¯æ¬¡ã®ããã«ãªããŸãã
ãŸãã¯ãããªã·ãŒã«ãããVPC å
ã®ãµãŒã㌠ã€ã³ã¹ã¿ã³ã¹ããªã¢ãŒã ãã°ã€ã³å®å
ã«ãªããªããšããŸãã ããã«ããã¡ã€ã¢ãŠã©ãŒã« ã«ãŒã« ããªã·ãŒã®èª€ã£ãå€æŽã«ããããã®ã³ã³ãã¥ãŒã¿ã§ãªã¢ãŒã ãã°ãªã³ãçºçãããšä»®å®ããŸãã ãšã³ãã£ã㣠ã¢ããªã³ã°æ©èœã¯ããã®ã¢ã¯ãã£ãã㣠(ãç°åžžãªãªã¢ãŒã ã¢ã¯ã»ã¹ã) ãã»ãŒãªã¢ã«ã¿ã€ã ã§æ€åºããŠå ±åããç¹å®ã® AWS CloudTrailãAzure MonitorããŸã㯠GCP Stackdriver Logging API åŒã³åºã (ãŠãŒã¶ãŒåãæ¥ä»ãšæå»ãªã©ã®è©³çŽ°ãå«ã) ã瀺ããŸãã ).ããã ITU ã«ãŒã«ã®å€æŽãä¿ããŸããã ãããŠããã®æ
å ±ã¯åæã®ããã« SIEM ã«éä¿¡ãããŸãã
Cisco Stealthwatch Cloud ã§ãµããŒããããã¯ã©ãŠãç°å¢ã«ã¯ãåæ§ã®æ©èœãå®è£
ãããŠããŸãã
ãšã³ãã£ã㣠ã¢ããªã³ã°ã¯ã人ãããã»ã¹ããã¯ãããžãŒã«é¢ãããããŸã§ç¥ãããŠããªãã£ãåé¡ãæããã«ã§ãããã»ãã¥ãªãã£èªååã®ãŠããŒã¯ãªåœ¢åŒã§ãã ããšãã°ã次ã®ãããªã»ãã¥ãªãã£äžã®åé¡ãæ€åºã§ããŸãã
- ç§ãã¡ã䜿çšããŠãããœãããŠã§ã¢ã®ããã¯ãã¢ã誰ããçºèŠããã®ã§ãããã?
- ã¯ã©ãŠãå ã«ãµãŒãããŒãã£ã®ãœãããŠã§ã¢ãŸãã¯ããã€ã¹ã¯ãããŸãã?
- èš±å¯ããããŠãŒã¶ãŒãæš©éãä¹±çšããŠããŸããã?
- ãªã¢ãŒã ã¢ã¯ã»ã¹ããã®ä»ã®æå³ããªããªãœãŒã¹ã®äœ¿çšãèš±å¯ããæ§æãšã©ãŒã¯ãããŸããã?
- ãµãŒããŒããã®ããŒã¿æŒæŽ©ã¯ãããŸãã?
- 誰ããç¹æ®ãªå°ççå Žæããç§ãã¡ã«æ¥ç¶ããããšããã®ã§ãããã?
- ç§ãã¡ã®ã¯ã©ãŠãã¯æªæã®ããã³ãŒãã«ææããŠããŸãã?
æ€åºãããæ
å ±ã»ãã¥ãªã㣠ã€ãã³ãã¯ã察å¿ãããã±ããã®åœ¢åŒã§ SlackãCisco SparkãPagerDuty ã€ã³ã·ãã³ã管çã·ã¹ãã ã«éä¿¡ã§ããã»ããSplunk ã ELK ãªã©ã®ããŸããŸãª SIEM ã«ãéä¿¡ã§ããŸãã èŠçŽãããšãäŒç€Ÿããã«ãã¯ã©ãŠãæŠç¥ãæ¡çšããŠãããäžèšã®æ
å ±ã»ãã¥ãªã㣠ã¢ãã¿ãªã³ã°æ©èœã XNUMX ã€ã®ã¯ã©ãŠã ãããã€ããŒã«éå®ããŠããªãå Žåãçµ±åãããäžé£ã®ã¢ãã¿ãªã³ã°ãå®çŸããã«ã¯ Cisco Stealthwatch Cloud ã䜿çšããããšãè¯ãéžæè¢ã§ãããšèšããŸããäž»èŠãªã¯ã©ãŠã ãã¬ãŒã€ãŒ (AmazonãMicrosoftãGoogle) ã®æ©èœã æãèå³æ·±ãã®ã¯ãStealthwatch Cloud ãš AWSãAzureããŸã㯠GCP ã®æ
å ±ã»ãã¥ãªãã£ç£èŠçšã®ã¢ããã³ã¹ã ã©ã€ã»ã³ã¹ã®äŸ¡æ Œãæ¯èŒãããšãCisco ãœãªã¥ãŒã·ã§ã³ã®æ¹ã Amazon ã Microsoft ã®çµã¿èŸŒã¿æ©èœãããããã«å®äŸ¡ã§ããããšãå€æããå¯èœæ§ãããããšã§ãããããŠGoogleã®ãœãªã¥ãŒã·ã§ã³ã é説çã§ãããæ¬åœã§ãã 䜿çšããã¯ã©ãŠããšãã®æ©èœãå¢ããã»ã©ãçµ±åãœãªã¥ãŒã·ã§ã³ã®å©ç¹ãããæããã«ãªããŸãã
ããã«ãStealthwatch Cloud ã¯ãããšãã°ãKubernetes ã³ã³ããã«åºã¥ããŠããŸãã¯ãããã¯ãŒã¯æ©åš (åœç£ã§ãã£ãŠã) ã®ãã©ãŒãªã³ã°ãéããŠåä¿¡ãã Netflow ãããŒããããã¯ãŒã¯ ãã©ãã£ãã¯ãAD ããŒã¿ãDNS ãµãŒããŒãªã©ãç£èŠããããšã«ãã£ãŠãçµç¹å
ã«å±éãããŠãããã©ââã€ããŒã ã¯ã©ãŠããç£èŠã§ããŸãã ãã®ãã¹ãŠã®ããŒã¿ã¯ãäžçæ倧ã®ãµã€ããŒã»ãã¥ãªãã£è
åšç 究è
ã®éæ¿åºã°ã«ãŒãã§ãã Cisco Talos ã«ãã£ãŠåéãããè
åšã€ã³ããªãžã§ã³ã¹æ
å ±ã«ãã£ãŠåŒ·åãããŸãã
ããã«ãããäŒç€Ÿã䜿çšãããããªã㯠ã¯ã©ãŠããšãã€ããªãã ã¯ã©ãŠãã®äž¡æ¹ã«çµ±åç£èŠã·ã¹ãã ãå®è£
ã§ããŸãã åéãããæ
å ±ã¯ãStealthwatch Cloud ã®çµã¿èŸŒã¿æ©èœã䜿çšããŠåæããããSIEM ã«éä¿¡ãããã§ããŸã (SplunkãELKãSumoLogic ããã³ãã®ä»ã®ããã€ããããã©ã«ãã§ãµããŒããããŠããŸã)ã
ããã§ãèšäºã®æåã®éšåãå®äºããŸãããã®èšäºã§ã¯ãIaaS/PaaS ãã©ãããã©ãŒã ã®æ
å ±ã»ãã¥ãªãã£ãç£èŠããããã®çµã¿èŸŒã¿ããã³å€éšããŒã«ãã¬ãã¥ãŒããŸãããããã«ãããã¯ã©ãŠãç°å¢ã§çºçããã€ã³ã·ãã³ããè¿
éã«æ€åºããŠå¯Ÿå¿ã§ããããã«ãªããŸããç§ãã¡ã®äŒæ¥ãéžãã ã®ã§ãã 第 XNUMX éšã§ã¯ããããã¯ãç¶ç¶ããSalesforce ãš Dropbox ã®äŸã䜿çšã㊠SaaS ãã©ãããã©ãŒã ãç£èŠããããã®ãªãã·ã§ã³ãæ€èšããŸãããŸããããŸããŸãªã¯ã©ãŠã ãããã€ããŒåãã«çµ±åãããæ
å ±ã»ãã¥ãªãã£ç£èŠã·ã¹ãã ãäœæããããšã§ããã¹ãŠãèŠçŽããŠãŸãšããããšãè©Šã¿ãŸãã
åºæïŒ habr.com