ProHoster > Blog > Utongi > Cloud Security Monitoring

Cloud Security Monitoring

Kufambisa data uye maapplication kune gore kunopa dambudziko idzva remakambani eSOC, ayo asiri kugara akagadzirira kutarisa zvivakwa zvevamwe vanhu. Sekureva kwaNetoskope, avhareji bhizinesi (sezviri kuUS) inoshandisa 1246 akasiyana masevhisi emakore, ayo ari 22% kupfuura gore rapfuura. 1246 makore masevhisi!!! 175 yacho ine chekuita neHR masevhisi, zana nemakumi manomwe ane hukama nekushambadzira, 170 ari mumunda wekutaurirana uye makumi manomwe neshanu mune zvemari uye CRM. Cisco inoshandisa "chete" 110 ekunze makore masevhisi. Saka ndinovhiringika nenhamba idzi. Asi chero zvakadaro, dambudziko harisi kwavari, asi nenyaya yekuti gore riri kutanga kushandiswa zvakanyanya nenhamba iri kuwedzera yemakambani angade kuve nehunyanzvi hwakafanana hwekutarisa cloud infrastructure semunetiweki yavo. Uye maitiro aya ari kukura - maererano maererano neAmerican Chamber of Accounts Pakazosvika 2023, 1200 nzvimbo dzedata dzichavharwa muUnited States (6250 dzakatovhara). Asi shanduko kuenda kugore haingori "ngatifambisei maseva edu kune wekunze anopa." New IT architecture, software itsva, mitsva mitsva, zvipingamupinyi zvitsva ... Zvose izvi zvinounza kuchinja kukuru kune basa kwete chete IT, asiwo kuchengetedzwa kwemashoko. Uye kana vanopa vakadzidza kuita neimwe nzira kuchengetedza chengetedzo yegore pachayo (nerombo rakanaka kune akawanda kurudziro), saka neruzivo rwekuchengetedza ruzivo rwekutarisisa, kunyanya pamapuratifomu eSaaS, kune matambudziko akakura, atichataura nezvazvo.

Cloud Security Monitoring

Ngatitii kambani yako yakafambisa chikamu chezvivakwa zvayo kune gore... Mira. Kwete nenzira iyi. Kana zvivakwa zvakatamiswa, uye iwe uri kungofunga kuti uchazviongorora sei, saka watorasikirwa. Kunze kwekunge iri Amazon, Google, kana Microsoft (uyezve nekuchengetera), iwe haungazove nekugona kwakawanda kutarisa data rako nemashandisirwo. Zvakanaka kana iwe ukapiwa mukana wekushanda nematanda. Dzimwe nguva data yechiitiko chekuchengetedza ichave iripo, asi iwe hauzokwanise kuiwana. Semuenzaniso, Hofisi 365. Kana uine rezinesi rakachipa E1, saka zviitiko zvekuchengetedza hazviwanikwe kwauri zvachose. Kana uine rezinesi reE3, data rako rinochengetwa kwemazuva makumi mapfumbamwe chete, uye chete kana uine rezinesi reE90, nguva yematanda inowanikwa kwegore (zvisinei, izvi zvinewo manuances ayo ane chekuita nekudiwa kwekusiyana. kumbira akati wandei mabasa ekushanda nematanda kubva kuMicrosoft support). Nenzira, rezinesi reE5 rakaderera zvakanyanya maererano nemabasa ekutarisa pane yekambani Exchange. Kuti uwane nhanho imwe chete, iwe unoda rezinesi reE3 kana rezenisi rekuwedzera reKuteerera, izvo zvingangoda imwe mari iyo isina kuverengerwa mumhando yezvemari yekutamira kune cloud infrastructure. Uye uyu ungori muyenzaniso mumwechete wekurerutsa nyaya dzine chekuita neruzivo rwekuchengetedza ruzivo rwemakore. Muchinyorwa chino, pasina kunyepedzera kuve akakwana, ini ndoda kukwevera kutarisa kune mamwe nuances anofanirwa kuverengerwa pakusarudza mupi wegore kubva kune yekuchengetedza maonero. Uye pakupera kwechinyorwa, rondedzero ichapihwa iyo inofanirwa kupedzwa usati wafunga kuti nyaya yekutarisa kuchengetedzwa kweruzivo rwegore yakagadziriswa.

Kune akati wandei matambudziko akajairika anotungamira kune zviitiko munzvimbo dzemakore, uko kune ruzivo rwekuchengetedza masevhisi haana nguva yekupindura kana kusazviona zvachose:

  • Security logs haipo. Aya ndiwo mamiriro akajairwa, kunyanya pakati pevatambi vekutanga mumusika wefu mhinduro. Asi iwe haufanirwe kukanda mapfumo pasi pavari pakarepo. Vatambi vadiki, kunyanya vepamba, vanonyanya kutarisisa kune zvinodiwa nevatengi uye vanogona kukurumidza kuita mamwe mabasa anodiwa nekuchinja nzira yakatenderwa yezvigadzirwa zvavo. Ehe, iyi haizove analogue yeGuardDuty kubva kuAmazon kana iyo "Proactive Dziviriro" module kubva kuBitrix, asi chimwe chinhu.
  • Chengetedzo yeruzivo haizive kuti matanda anochengeterwa kupi kana kuti hapana nzira yekuawana. Pano zvakakosha kupinda munhaurirano nemupi webasa regore - zvichida achapa ruzivo rwakadaro kana achifunga kuti mutengi anokosha kwaari. Asi kazhinji, hazvina kunaka kwazvo kana kuwana matanda kunopihwa "nesarudzo yakakosha."
  • Izvo zvinoitikawo kuti mupi wegore ane matanda, asi anopa mashoma ekutarisa uye kurekodha chiitiko, izvo zvisina kukwana kuona zvese zviitiko. Semuenzaniso, unogona kungogamuchira matanda ekuchinja pawebhusaiti kana matanda ekuedza kwechokwadi kwemushandisi, asi kwete zvimwe zviitiko, senge network traffic, iyo inovanda kubva kwauri yakazara dhizaini yezviitiko zvinoratidzira kuedza kubira hupfumi hwako hwegore.
  • Kune matanda, asi kuwana kwavari kwakaoma kuita otomatiki, izvo zvinovamanikidza kuti vatariswe kwete kuenderera, asi nehurongwa. Uye kana iwe usingakwanise kudhawunirodha matanda otomatiki, wobva warodha matanda, semuenzaniso, muExcel fomati (sekune akati wandei epamba gore remhinduro vanopa), zvinogona kutotungamira mukuzengurira kune chikamu chekambani chekuchengetedza ruzivo sevhisi kuti tifunge navo.
  • Hapana log monitoring. Ichi ndicho chikonzero chinonyanya kujeka chekuitika kwezviitiko zvekuchengetedza ruzivo munzvimbo dzemakore. Zvinoita sekuti pane matanda, uye zvinokwanisika kuaitira otomatiki kuwana kwavari, asi hapana anoita izvi. Sei?

Yakagovaniswa chengetedzo yefu pfungwa

Kuchinja kune gore kunogara kuri kutsvaga kuenzana pakati pechishuwo chekuchengetedza kutonga pamusoro pezvivakwa uye kuchiendesa kune mamwe maoko ehunyanzvi emupi wegore anonyanya kuzvichengeta. Uye mumunda wekuchengetedza kwegore, chiyero ichi chinofanirawo kutsvakwa. Uyezve, zvichienderana neyegore sevhisi yekuendesa modhi inoshandiswa (IaaS, PaaS, SaaS), chiyero ichi chichava chakasiyana nguva dzese. Chero zvazvingaitika, isu tinofanirwa kuyeuka kuti vese vanopa gore nhasi vanotevera iyo inonzi yakagovaniswa mutoro uye yakagovaniswa ruzivo rwekuchengetedza modhi. Gore ndiro rinotarisira zvimwe zvinhu, uye kune vamwe mutengi ane basa, achiisa data rake, maapplication ake, machina ake chaiwo uye zvimwe zviwanikwa mugore. Zvingave zvisizvo kutarisira kuti nekuenda kune gore, isu tichaendesa mutoro wese kune anopa. Asi zvakare hazvina kuchenjera kuvaka chengetedzo yese iwe paunenge uchienda kune gore. Chiyero chinodiwa, icho chinozoenderana nezvakawanda zvinhu: - njodzi manejimendi nzira, kutyisidzira modhi, nzira dzekuchengetedza dziripo kune wegore mupi, mutemo, nezvimwe.

Cloud Security Monitoring

Semuenzaniso, kurongeka kwedata rakabatwa mugore rinogara riri basa remutengi. Anopa gore kana wekunze sevhisi anogona chete kumubatsira nemidziyo inozobatsira kumaka data mugore, kuona kutyorwa, kudzima data rinotyora mutemo, kana kuivhara uchishandisa imwe nzira kana imwe. Kune rumwe rutivi, kuchengetedzwa kwepanyama nguva dzose ibasa remupi wegore, iro risingagoni kugoverana nevatengi. Asi zvese zviri pakati pe data uye zvivakwa zvemuviri ndizvo chaizvo nyaya yekukurukurirana muchinyorwa ichi. Semuenzaniso, kuwanikwa kwegore ibasa remupi, uye kumisikidza mitemo ye firewall kana kugonesa encryption ibasa remutengi. Muchinyorwa chino tichaedza kutarisa kuti ndedzipi nzira dzekuchengetedza ruzivo dzinopihwa nhasi neakasiyana-siyana anozivikanwa gore vanopa muRussia, ndeapi maficha ekushandisa kwavo, uye ndeipi yakakodzera kutarisa kune ekunze kwepamusoro mhinduro (semuenzaniso, Cisco E- mail Chengetedzo) iyo inowedzera kugona kwegore rako maererano necybersecurity. Mune zvimwe zviitiko, kunyanya kana iwe uchitevera akawanda-makore zano, hauzove nechisarudzo kunze kwekushandisa ekunze ruzivo rwekuchengetedza ongororo mhinduro munzvimbo dzakati wandei dzemakore kamwechete (semuenzaniso, Cisco CloudLock kana Cisco Stealthwatch Cloud). Zvakanaka, mune dzimwe nguva iwe unozoona kuti wegore mupi wawakasarudza (kana kuisirwa pauri) haape chero ruzivo rwekuchengetedza ruzivo. Izvi hazvifadzi, asiwo kwete zvishoma, nekuti zvinokutendera kuti uongorore zvakakwana mwero wengozi inosanganiswa nekushanda negore iri.

Cloud Security Monitoring Lifecycle

Kuti utarise kuchengetedzeka kwemakore aunoshandisa, iwe une matatu chete sarudzo:

  • vimba nezvishandiso zvinopihwa nemupi wako wegore,
  • shandisa mhinduro kubva kune vechitatu mapato anozotarisa IaaS, PaaS kana SaaS mapuratifomu aunoshandisa,
  • vaka yako wega gore rekutarisa zvivakwa (chete zveIaaS/PaaS mapuratifomu).

Ngationei kuti imwe neimwe yesarudzo idzi ine zvipi. Asi chekutanga, isu tinofanirwa kunzwisisa iyo general framework iyo ichashandiswa kana ichitarisisa mapuratifomu emakore. Ini ndaizoratidza 6 maficha makuru eiyo ruzivo kuchengetedza maitiro ari mugore:

  • Kugadzirira kwezvivakwa. Kuona zvikumbiro zvinodikanwa uye zvivakwa zvekuunganidza zviitiko zvakakosha zvekuchengetedza ruzivo mukuchengetedza.
  • Collection. Panguva ino, zviitiko zvekuchengetedza zvinounganidzwa kubva kwakasiyana siyana kune kunotevera kutapurirana kwekugadzirisa, kuchengetedza uye kuongorora.
  • Kurapa. Panguva ino, data inoshandurwa uye inogadziriswa kuti ifambise kuongorora kunotevera.
  • Storage. Ichi chikamu chine basa rekuchengetedza kwenguva pfupi uye kwenguva refu kwe data yakaunganidzwa yakagadziriswa uye yakabikwa.
  • Analysis. Panguva ino, iwe unokwanisa kuona zviitiko uye kuzvipindura otomatiki kana nemaoko.
  • Reporting. Iyi nhanho inobatsira kugadzira zviratidzo zvakakosha kune vanobatana (kutungamira, vaongorori, cloud provider, vatengi, nezvimwewo) zvinotibatsira kuita zvimwe zvisarudzo, semuenzaniso, kuchinja mupi kana kusimbisa kuchengetedzwa kwemashoko.

Kunzwisisa zvikamu izvi zvinokutendera kuti ukurumidze kusarudza mune ramangwana zvaunogona kutora kubva kumupi wako, uye zvaunofanira kuita iwe pachako kana nekubatanidzwa kwevanopa mazano ekunze.

Akavakirwa-mukati makore masevhisi

Ini ndakatonyora pamusoro apa kuti akawanda masevhisi emakore nhasi haape chero ruzivo rwekuchengetedza ruzivo. Kazhinji, havatarise zvakanyanya kune musoro wekuchengetedza ruzivo. Semuenzaniso, imwe yeakakurumbira masevhisi eRussia ekutumira mishumo kumasangano ehurumende kuburikidza neInternet (ini handizotauri zvakananga zita rayo). Chikamu chese pamusoro pekuchengetedzwa kwesevhisi iyi chakanangana nekushandiswa kweCIPF yakasimbiswa. Chikamu chekuchengetedza ruzivo cheimwe imba yegore sevhisi yemagetsi gwaro manejimendi haina kusiyana. Inotaura nezve zvitupa zveruzhinji kiyi, yakasimbiswa cryptography, kubvisa webhu kusagadzikana, kuchengetedzwa kubva kuDDoS kurwiswa, kushandisa firewall, backups, uye kunyangwe yakajairwa ruzivo rwekuchengetedza ruzivo. Asi hapana izwi pamusoro pekutarisa, kana nezve mukana wekuwana mukana wezviitiko zvekuchengetedza ruzivo izvo zvingave zvichifadza kune vatengi veiyi sevhisi.

Kazhinji, nenzira iyo mupi wegore anotsanangura nyaya dzekuchengetedza ruzivo pawebhusaiti yayo uye mune zvinyorwa zvayo, unogona kunzwisisa kuti zvakakomba sei nyaya iyi. Semuenzaniso, kana iwe ukaverenga zvinyorwa zvezvigadzirwa zve "Hofisi Yangu", hapana kana izwi nezve chengetedzo zvachose, asi mune zvinyorwa zvechigadzirwa chakasiyana "Hofisi Yangu. KS3”, yakagadzirirwa kuchengetedza kubva mukuwanikwa kusingatenderwe, kune yakajairwa rondedzero yemapoinzi eiyo 17 odha yeFSTEC, iyo "Hofisi Yangu.KS3" inoshandisa, asi haina kutsanangurwa kuti inoishandisa sei uye, zvakanyanya kukosha, maitiro ekuita. batanidza nzira idzi nekuchengetedzwa kwemashoko emakambani. Zvichida zvinyorwa zvakadaro zviripo, asi handina kuzviwana munzvimbo yeruzhinji, pa "Hofisi Yangu" webhusaiti. Kunyangwe pamwe ini ndisina mukana kune iyi yakavanzika ruzivo? ..

Cloud Security Monitoring

KuBitrix, mamiriro acho ari nani zvikuru. Zvinyorwa zvinotsanangura mafomati ezvinyorwa zvechiitiko uye, zvinonakidza, iyo intrusion log, iyo ine zviitiko zvine chekuita nekutyisidzira kungangoita kune gore. Kubva ipapo unogona kuburitsa IP, mushandisi kana zita remuenzi, sosi yechiitiko, nguva, Mumiriri weMushandisi, rudzi rwechiitiko, nezvimwe. Ichokwadi, iwe unogona kushanda nezviitiko izvi kubva pane yekutonga yegore pachayo, kana kurodha data muMS Excel fomati. Izvozvi zvakaoma kuita otomatiki basa neBitrix matanda uye uchafanirwa kuita rimwe rebasa nemawoko (kurodha mushumo nekuuisa muSIEM yako). Asi kana tikayeuka kuti kusvika munguva pfupi yapfuura mukana wakadaro wakanga usipo, saka uku ndiko kufambira mberi kukuru. Panguva imwecheteyo, ndinoda kuona kuti vazhinji vekunze vanopa gore vanopa mashandiro akafanana "yevanotanga" - kungave kutarisa matanda nemeso ako kuburikidza nepaneru yekudzora, kana kurodha iyo data kwauri (zvisinei, yakawanda yekuisa data mu. csv fomati, kwete Excel).

Cloud Security Monitoring

Pasina kufunga nezve iyo isina-logs sarudzo, gore vanopa vanowanzokupa matatu sarudzo dzekutarisa kuchengetedza zviitiko - dashboards, data upload uye API kuwana. Yekutanga inoita seinogadzirisa matambudziko mazhinji kwauri, asi ichi hachisi chokwadi zvachose - kana uine akati wandei magazini, unofanirwa kushandura pakati pezviratidziro zvinovaratidza, uchirasikirwa nemufananidzo wese. Uye zvakare, mupi wegore haafanire kukupa iwe kugona kuwiriranisa zviitiko zvekuchengetedza uye kazhinji kuzviongorora kubva kune yekuchengetedza nzvimbo yekuona (kazhinji iwe uri kubata neyakaomeswa data, yaunoda kuzvinzwisisa iwe pachako). Pane zvisizvo uye tichazotaura nezvazvo zvakare. Chekupedzisira, zvakakodzera kubvunza kuti ndezvipi zviitiko zvinorekodhwa nemupi wako wegore, mune ipi fomati, uye zvinopindirana sei neyako yekuongorora kuchengetedza ruzivo? Semuenzaniso, kuzivikanwa uye kuvimbiswa kwevashandisi nevaenzi. Iyo Bitrix imwe chete inobvumidza iwe, zvichibva pane izvi zviitiko, kunyora zuva uye nguva yechiitiko, zita remushandisi kana muenzi (kana uine "Web Analytics" module), chinhu chakawanikwa uye zvimwe zvinhu zvakajairika kune webhusaiti. . Asi makambani ekuchengetedza ruzivo masevhisi angangoda ruzivo rwekuti mushandisi akawana gore kubva kune akavimbika mudziyo (semuenzaniso, mune yekambani network basa iri rinoitwa neCisco ISE). Zvakadini nebasa rakareruka senge geo-IP basa, iro rinozobatsira kuona kana gore sevhisi yemushandisi account yakabiwa? Uye kunyangwe kana mupi wegore akakupa iwe, izvi hazvina kukwana. Iyo yakafanana Cisco CloudLock haingo ongorora geolocation, asi inoshandisa muchina kudzidza kweizvi uye inoongorora nhoroondo yenhoroondo yemushandisi wega wega uye inotarisisa akasiyana anomalies mukuzivikanwa uye kuedza kwechokwadi. Chete MS Azure ine mashandiro akafanana (kana uine kunyoreswa kwakakodzera).

Cloud Security Monitoring

Pane kumwe kuomerwa - sezvo kune vakawanda vanopa makore ruzivo rwekuchengetedza ruzivo inyaya nyowani yavari kutanga kubata nayo, vari kugara vachichinja chimwe chinhu mumhinduro dzavo. Nhasi vane imwe vhezheni yeAPI, mangwana imwe, zuva rinotevera rechitatu. Iwe unofanirwawo kugadzirira izvi. Izvi zvakafanana nekushanda, izvo zvinogona kuchinja, izvo zvinofanirwa kuverengerwa mune yako ruzivo rwekuchengetedza ruzivo system. Semuenzaniso, Amazon pakutanga yaive neakaparadzana gore chiitiko chekutarisa masevhisi-AWS CloudTrail uye AWS CloudWatch. Ipapo sevhisi yakaparadzana yekutarisa zviitiko zvekuchengetedza ruzivo yakaonekwa - AWS GuardDuty. Mushure menguva yakati, Amazon yakatanga hurongwa hutsva hwekutarisira, Amazon Security Hub, iyo inosanganisira kuongororwa kwedheta yakagamuchirwa kubva kuGuardDuty, Amazon Inspector, Amazon Macie nevamwe vakati wandei. Mumwe muenzaniso chishandiso chekubatanidza Azure matanda neSIEM - AzLog. Yakanga ichishandiswa zvakanyanya nevazhinji vatengesi veSIEM, kusvika muna 2018 Microsoft yakazivisa kupera kwekuvandudzwa kwayo nerutsigiro, iyo yakatarisana nevatengi vazhinji vakashandisa chishandiso ichi nedambudziko (tichataura nezvekugadziriswa kwaro gare gare).

Naizvozvo, nyatso tarisisa ese ekutarisa maficha aunopihwa newako wegore. Kana kuvimba nevekunze mhinduro vanopa vanozoita sevamiriri pakati peSOC yako negore raunoda kutarisa. Hongu, ichave inodhura (kunyangwe isiri nguva dzose), asi iwe uchatamisa mutoro wese pamapfudzi emumwe munhu. Kana kuti kwete zvese? .. Ngatiyeukei pfungwa yekugovana chengetedzo uye tinzwisise kuti isu hatigone kushandura chero chinhu - isu tichafanirwa kuzvimiririra kunzwisisa kuti vakasiyana sei vanopa gore vanopa kutarisa kwekuchengetedza ruzivo rwe data rako, maapplication, chaiwo michina uye zvimwe zviwanikwa. ari mugore. Uye isu tichatanga nezvinopihwa neAmazon muchikamu chino.

Muenzaniso: Ruzivo rwekuchengetedza ruzivo muIaaS yakavakirwa paAWS

Hongu, hongu, ndinonzwisisa kuti Amazon haisi iyo yakanakisisa muenzaniso nekuda kwekuti iyi ibasa reAmerica uye rinogona kuvharwa sechikamu chekurwisana nekunyanyisa uye kuparadzirwa kwemashoko anorambidzwa muRussia. Asi mubhuku rino ndinoda kuratidza kuti akasiyana sei mapuratifomu egore akasiyana mune yavo ruzivo rwekuchengetedza ruzivo ruzivo uye zvaunofanira kutarisisa kana uchiendesa ako makiyi maitiro kumakore kubva pachengetedzo yekuona. Zvakanaka, kana vamwe veRussia vagadziri vemakore ekugadzirisa vakadzidza chimwe chinhu chinobatsira ivo pachavo, zvino zvichava zvakanaka.

Cloud Security Monitoring

Chinhu chekutanga kutaura ndechekuti Amazon haisi nhare isingapindike. Zviitiko zvakasiyana zvinogara zvichiitika kune vatengi vake. Semuenzaniso, mazita, kero, mazuva ekuzvarwa, uye nhamba dzenhare dzevavhoti mamiriyoni 198 zvakabiwa muDeep Root Analytics. Kambani yeIsrael Nice Systems yakaba mamiriyoni gumi nemana marekodhi evanyoreri veVerizon. Nekudaro, iyo AWS yakavakirwa-mukati masimba inokutendera iwe kuti uone huwandu hwakawanda hwezviitiko. Semuyenzaniso:

  • kukanganisa pazvivakwa (DDoS)
  • node compromise (kuraira jekiseni)
  • kukanganiswa kweakaundi uye kuwana kusingatenderwe
  • zvisizvo configuration uye vulnerabilities
  • kusachengeteka interfaces uye APIs.

Kusiyana uku kunokonzerwa nekuti, sezvatakaona pamusoro apa, mutengi pachake ndiye ane basa rekuchengetedza data revatengi. Uye kana asina kunetseka nekubatidza nzira dzekudzivirira uye asina kubatidza maturusi ekutarisa, ipapo anozodzidza nezve chiitiko kubva kune vezvenhau kana kubva kune vatengi vake.

Kuti uone zviitiko, unogona kushandisa akawanda akasiyana ekutarisa masevhisi akagadzirwa neAmazon (kunyangwe izvi zvichiwanzo wedzerwa nekunze maturusi akadai osquery). Saka, muAWS, zvese zviito zvemushandisi zvinotariswa, zvisinei nekuti zvinoitwa sei - kuburikidza nemanejimendi console, mutsara wekuraira, SDK kana mamwe masevhisi eAWS. Ese marekodhi ega rega reAWS account chiitiko (kusanganisira zita rekushandisa, chiito, sevhisi, zviitwa paramita, uye mhedzisiro) uye kushandiswa kweAPI kunowanikwa kuburikidza neAWS CloudTrail. Unogona kuona zviitiko izvi (zvakadai seAWS IAM console logins) kubva kuCloudTrail console, ongorora iwo uchishandisa Amazon Athena, kana "outsource" iwo kune ekunze mhinduro dzakadai seSplunk, AlienVault, nezvimwe. Iwo maAWS CloudTrail matanda pachawo anoiswa mune yako AWS S3 bhaketi.

Cloud Security Monitoring

Mamwe maviri masevhisi eAWS anopa akati wandei mamwe akakosha ekutarisa kugona. Kutanga, Amazon CloudWatch ibasa rekutarisa reAWS zviwanikwa uye maapplication ayo, pakati pezvimwe zvinhu, anobvumidza iwe kuona akasiyana anomalies mugore rako. Yese yakavakirwa-mukati maAWS masevhisi, akadai seAmazon Elastic Compute Cloud (maseva), Amazon Relational Database Service (databases), Amazon Elastic MapReduce (data analysis), uye makumi matatu mamwe masevhisi eAmazon, anoshandisa Amazon CloudWatch kuchengetedza matanda avo. Vagadziri vanogona kushandisa iyo yakavhurika API kubva kuAmazon CloudWatch kuwedzera log yekutarisa mashandiro kune tsika maapplication nemasevhisi, zvichivabvumira kuwedzera chiyero chekuongorora chiitiko mukati mekuchengetedza mamiriro.

Cloud Security Monitoring

Kechipiri, iyo VPC Flow Logs sevhisi inobvumidza iwe kuti uongorore network traffic inotumirwa kana kugamuchirwa nemaseva ako eAWS (kunze kana mukati), pamwe nepakati pemicroservices. Kana chero zviwanikwa zvako zveAWS VPC zvichidyidzana netiweki, VPC Flow Logs inorekodha ruzivo nezve network traffic, kusanganisira kwainobva uye kwainoenda network network, pamwe neiyo IP kero, ports, protocol, nhamba yemabyte, uye nhamba yemapakiti aunoronga. akaona. Avo vane ruzivo nekuchengetedzwa kwenzvimbo yetiweki vanozoziva izvi seanofanana neshinda NetFlow, iyo inogona kugadzirwa nekuchinja, ma routers uye bhizinesi-giredhi firewalls. Aya matanda akakosha kune ruzivo rwekuchengetedza ruzivo zvinangwa nekuti, kusiyana nezviitiko nezve zviito zvevashandisi uye maapplication, ivo zvakare vanokutendera kuti usarasikirwe netiweki kupindirana muAWS chaiyo yakavanzika gore nharaunda.

Cloud Security Monitoring

Muchidimbu, aya matatu masevhisi eAWS-AWS CloudTrail, Amazon CloudWatch, uye VPC Flow Logs-pamwe chete inopa nzwisiso ine simba mukushandiswa kweakaundi yako, maitiro emushandisi, manejimendi ezvivakwa, mashandisiro uye sevhisi chiitiko, uye network chiitiko. Semuenzaniso, vanogona kushandiswa kuona zvinotevera anomalies:

  • Kuedza kuongorora saiti, tsvaga kumashure, tsvaga kusagadzikana kuburikidza nekuputika kwe "404 kukanganisa".
  • Jekiseni kurwisa (semuenzaniso, SQL jekiseni) kuburikidza nekuputika kwe "500 kukanganisa".
  • Maturusi anozivikanwa ekurwisa ari sqlmap, nikto, w3af, nmap, nezvimwe. kuburikidza nekuongorora kweMushandi Agent munda.

Amazon Web Services yakagadzirawo mamwe masevhisi kune cybersecurity zvinangwa zvinokutendera iwe kugadzirisa mamwe akawanda matambudziko. Semuenzaniso, AWS ine yakavakirwa-mukati sevhisi yekuongorora marongero uye zvigadziriso - AWS Config. Iyi sevhisi inopa kuenderera kwekuongorora kweako zviwanikwa zveAWS uye magadzirirwo azvo. Ngatitorei muenzaniso wakapfava: Ngatiti iwe unoda kuve nechokwadi chekuti mapassword evashandisi akavharwa pamasevha ako ese uye kuti kuwana kunogoneka chete zvichienderana nezvitupa. AWS Config inoita kuti zvive nyore kutarisa izvi kune ese maseva ako. Kune mamwe marongero anogona kushandiswa kune ako masevha egore: "Hapana sevha inogona kushandisa port 22", "Vatungamiri chete ndivo vanogona kushandura firewall mitemo" kana "Mushandisi chete Ivashko anogona kugadzira maakaundi evashandisi matsva, uye anogona kuzviita neChipiri chete. " Muzhizha ra2016, iyo AWS Config sevhisi yakawedzerwa kuti iite otomatiki kuonekwa kwekutyorwa kwemitemo yakagadziridzwa. AWS Config Mitemo ndeyekuenderera mberi kwezvikumbiro zveAmazon masevhisi aunoshandisa, ayo anoburitsa zviitiko kana zvinoenderana nemitemo ikatyorwa. Semuyenzaniso, panzvimbo penguva nenguva uchimhanyisa mibvunzo yeAWS Config kuona kuti madhisiki ese ari pavirtual server akavharirwa, AWS Config Mitemo inogona kushandiswa kuenderera mberi nekutarisa server disks kuona kuti mamiriro aya asangana. Uye, zvinonyanya kukosha, mumamiriro echinyorwa chino, chero kutyorwa kunogadzira zviitiko zvinogona kuongororwa nebasa rako rekuchengetedza ruzivo.

Cloud Security Monitoring

AWS inewo yakaenzana neyechinyakare ruzivo rwekuchengetedza ruzivo mhinduro, izvo zvakare zvinogadzira zviitiko zvekuchengetedza zvaunogona uye zvaunofanira kuongorora:

  • Kuona Kupinda - AWS GuardDuty
  • Information Leak Control - AWS Macie
  • EDR (kunyangwe ichitaura nezvemagumo ari mugore zvishoma zvinoshamisa) - AWS Cloudwatch + yakavhurika sosi osquery kana GRR mhinduro
  • Netflow ongororo - AWS Cloudwatch + AWS VPC Flow
  • DNS ongororo - AWS Cloudwatch + AWS Route53
  • AD - AWS Dhairekitori Service
  • Account Management - AWS IAM
  • SSO - AWS SSO
  • kuchengetedzwa kwekuongorora - AWS Inspector
  • kugadzirisa manejimendi - AWS Config
  • WAF - AWS WAF.

Ini handisi kuzotsanangura zvakadzama masevhisi ese eAmazon anogona kubatsira mumamiriro ekuchengetedza ruzivo. Chinhu chikuru ndechokunzwisisa kuti zvose zvinogona kuunza zviitiko zvatinokwanisa uye zvatinofanira kuongorora mumamiriro ezvinhu ekuchengetedzwa kwemashoko, tichishandisa nokuda kwechinangwa ichi zvose zvakavakwa mukati meAmazon pachayo uye kunze kwekugadzirisa, semuenzaniso, SIEM, iyo inogona. tora zviitiko zvekuchengetedza kunzvimbo yako yekutarisa uye uzviongorore ipapo pamwe nezviitiko kubva kune mamwe makore masevhisi kana kubva mukati mezvivakwa, perimeter kana nharembozha.

Cloud Security Monitoring

Chero zvazvingaitika, zvese zvinotanga nedata masosi anokupa iwe ruzivo rwekuchengetedza zviitiko. Aya masosi anosanganisira, asi haana kugumira ku:

  • CloudTrail -Kushandisa API uye Zviito zvemushandisi
  • Akavimbika Advisor - cheki chekuchengetedza kurwisa maitiro akanaka
  • Config - inventory uye kumisikidza maakaundi uye masevhisi masevhisi
  • VPC Flow Logs - zvinongedzo kune chaiwo interfaces
  • IAM - chiziviso uye chechokwadi sevhisi
  • ELB Access Logs - Rodha Balancer
  • Inspector - kusasimba kwekushandisa
  • S3 - faira kuchengetedza
  • CloudWatch - Chiitiko Chekushandisa
  • SNS ibasa rekuzivisa.

Amazon, nepo ichipa huwandu hwakadai hwezvinoitika masosi uye maturusi echizvarwa chavo, yakanyanya kushomeka mukukwanisa kwayo kuongorora iyo yakaunganidzwa data mumamiriro ekuchengetedza ruzivo. Iwe uchafanirwa kudzidza wakazvimirira matanda aripo, uchitsvaga akakodzera zviratidzo zvekukanganisa mazviri. AWS Security Hub, iyo Amazon ichangobva kutanga, ine chinangwa chekugadzirisa dambudziko iri nekuva gore SIEM yeAWS. Asi kusvika pari zvino ingori pakutanga kwerwendo rwayo uye inoganhurirwa zvese nenhamba yenzvimbo yainoshanda nayo uye nezvimwe zvirambidzo zvakasimbiswa nekuvaka uye kunyoreswa kweAmazon pachayo.

Muenzaniso: Ruzivo rwekuchengetedza ruzivo muIaaS yakavakirwa paAzure

Handidi kupinda mumakakatanwa marefu pamusoro pekuti ndeupi wevatatu vanopa makore (Amazon, Microsoft kana Google) ari nani (kunyanya sezvo mumwe nemumwe wavo achiri neayo chaiwo uye akakodzera kugadzirisa matambudziko ayo); Ngatitarisei pane ruzivo rwekuchengetedzwa kwekutarisa kugona kunopihwa nevatambi ava. Zvinofanira kubvumwa kuti Amazon AWS yaive imwe yekutanga muchikamu ichi uye nekudaro yakafambira mberi zvakanyanya maererano nemabasa ayo ekuchengetedza ruzivo (kunyangwe vazhinji vachibvuma kuti inonetsa kushandisa). Asi izvi hazvireve kuti isu ticharegeredza mikana yatinopihwa neMicrosoft neGoogle.

Zvigadzirwa zveMicrosoft zvakagara zvichisiyaniswa ne "kuvhurika" uye muAzure mamiriro akafanana. Semuyenzaniso, kana AWS neGCP zvichigara zvichibva papfungwa yekuti "zvisingatenderwe zvinorambidzwa," ipapo Azure ine nzira yakapesana chaiyo. Semuenzaniso, kana uchigadzira chaiyo network mugore uye muchina chaiwo mairi, ese madoko uye maprotocol akavhurika uye anotenderwa nekusarudzika. Naizvozvo, iwe uchafanirwa kushandisa zvishoma kuedza pane yekutanga kuseta yekuwana yekudzora system mugore kubva kuMicrosoft. Uye izvi zvakare zvinoisa zvakanyanya kuomesesa zvinodiwa pauri maererano nekutarisa chiitiko muAzure gore.

Cloud Security Monitoring

AWS ine peculiarity ine chekuita nenyaya yekuti kana iwe uchitarisa yako chaiyo zviwanikwa, kana zviri munzvimbo dzakasiyana, saka unonetseka mukubatanidza zviitiko zvese uye ongororo yavo yakabatana, kubvisa izvo zvaunofanira kushandisa kune akasiyana matipi, senge. Gadzira yako wega kodhi yeAWS Lambda iyo inotakura zviitiko pakati pematunhu. Azure haina dambudziko iri - Chiitiko cheLog mashandiro anoteedzera zviitiko zvese musangano rese pasina zvirambidzo. Izvi zvinoshandawo kuAWS Security Hub, iyo ichangobva kugadzirwa neAmazon kuti ibatanidze mabasa mazhinji ekuchengetedza mukati meimwe nzvimbo yekuchengetedza, asi mukati medunhu rayo, izvo, zvisinei, zvisina basa kuRussia. Azure ine yayo Chengetedzo Center, iyo isina kusungwa nezvirambidzo zvedunhu, ichipa mukana kune ese ekuchengetedza maficha eiyo gore chikuva. Uyezve, kune zvikwata zvemunharaunda zvakasiyana inogona kupa yayo seti yekudzivirira, kusanganisira zviitiko zvekuchengetedza zvinotungamirirwa navo. AWS Security Hub ichiri munzira yekuve yakafanana neAzure Security Center. Asi zvakakosha kuwedzera nhunzi mumafuta - unogona kusvina kunze kweAzure zvakawanda zvakambotsanangurwa muAWS, asi izvi zvinonyanya kuitirwa chete Azure AD, Azure Monitor uye Azure Security Center. Mamwe ese maAzure ekuchengetedza maitiro, kusanganisira chengetedzo chiitiko chekuongorora, haisati yagadziriswa nenzira iri nyore. Dambudziko rakagadziriswa neiyo API, iyo inopinda ese eMicrosoft Azure masevhisi, asi izvi zvinoda imwe simba kubva kwauri kuti ubatanidze gore rako neSOC yako uye kuvapo kwenyanzvi dzine hunyanzvi (chaizvoizvo, sekunge chero imwe SIEM inoshanda nayo. Cloud APIs). Mamwe maSIEM, ayo achakurukurwa gare gare, anototsigira Azure uye anogona kuita otomatiki basa rekuiongorora, asi inewo matambudziko ayo - havasi vese vanogona kuunganidza ese matanda ane Azure.

Cloud Security Monitoring

Kuunganidzwa kwechiitiko uye kutarisisa muAzure kunopihwa uchishandisa iyo Azure Monitor sevhisi, inova chishandiso chikuru chekuunganidza, kuchengetedza uye kuongorora data muMicrosoft gore nezviwanikwa zvayo - Git repositori, midziyo, chaiwo michina, maapplication, nezvimwe. Yese data yakaunganidzwa neAzure Monitor yakakamurwa kuita mapoka maviri - metrics, inounganidzwa munguva chaiyo uye ichitsanangura akakosha ekuita zviratidzo zveAzure gore, uye matanda, ane data rakarongwa kuita zvinyorwa zvinoratidzira zvimwe zvinhu zvechiitiko cheAzure zviwanikwa uye masevhisi. Uye zvakare, uchishandisa iyo Data Collector API, iyo Azure Monitor sevhisi inogona kuunganidza data kubva kune chero REST sosi kuti ivake yayo yekutarisa mamiriro.

Cloud Security Monitoring

Heano mashoma ekuchengetedza chiitiko masosi ayo Azure anokupa iwe uye kuti iwe unogona kuwana kuburikidza neAzure Portal, CLI, PowerShell, kana REST API (uye zvimwe chete kuburikidza neAzure Monitor / Insight API):

  • Marogi Ekuita - iyi regi inopindura mibvunzo yechinyakare yekuti "ndiani," "chii," uye "rini" maererano nechero basa rekunyora (PUT, POST, DELETE) pane zviwanikwa zvegore. Zviitiko zvine chekuita nekuwana kuverenga (GET) hazvina kuisirwa mune ino log, sehuwandu hwevamwe.
  • Diagnostic Logs - ine data pane mashandiro ane imwe sosi inosanganisirwa mukunyorera kwako.
  • Azure AD kushuma - ine zvese mushandisi chiitiko uye system chiitiko chine chekuita neboka uye mushandisi manejimendi.
  • Windows Chiitiko Log uye Linux Syslog - ine zviitiko kubva kumashini chaiwo akabatwa mugore.
  • Metrics - ine telemetry nezve mashandiro uye hutano hwemasevhisi ako emakore uye zviwanikwa. Yakayerwa miniti yega yega uye yakachengetwa. mukati memazuva makumi matatu.
  • Network Security Group Flow Logs - ine data pane network kuchengetedza zviitiko zvakaunganidzwa uchishandisa iyo Network Watcher sevhisi uye resource yekutarisa padanho retiweki.
  • Storage Logs - ine zviitiko zvine chekuita nekuwana nzvimbo dzekuchengetera.

Cloud Security Monitoring

Zvekutarisa, unogona kushandisa ekunze SIEMs kana yakavakirwa-mukati Azure Monitor uye ayo ekuwedzera. Tichazotaura nezve ruzivo rwekuchengetedza chiitiko manejimendi masisitimu gare gare, asi ikozvino ngationei izvo Azure pachayo inotipa kuti tiongorore data mumamiriro ekuchengetedza. Chidzitiro chikuru chezvese zvine chekuita nekuchengetedza muAzure Monitor ndiyo Log Analytics Chengetedzo uye Audit Dashboard (iyo yemahara vhezheni inotsigira huwandu hushoma hwekuchengetedza chiitiko kwevhiki imwe chete). Dashboard iyi yakakamurwa kuita 5 nzvimbo huru dzinoona pfupiso nhamba dzezviri kuitika mumakore auri kushandisa:

  • Chengetedzo Domains - akakosha ehuwandu zviratidzo zvine chekuita nekuchengetedza ruzivo - huwandu hwezviitiko, huwandu hweakakanganiswa node, isina kurongeka node, network kuchengetedza zviitiko, nezvimwe.
  • Zvinozivikanwa Matambudziko - inoratidza nhamba uye kukosha kwezvinhu zvinoshanda zvekuchengetedza ruzivo
  • Detections - inoratidza maitiro ekurwiswa anoshandiswa pauri
  • Threat Intelligence - inoratidza ruzivo rwenzvimbo pane ekunze node dziri kukurwisa
  • Yakajairika kuchengetedza mibvunzo - yakajairwa mibvunzo iyo ichakubatsira iwe zvirinani kutarisa kuchengetedzwa kweruzivo rwako.

Cloud Security Monitoring

Azure Monitor yekuwedzera inosanganisira Azure Key Vault (kuchengetedzwa kwekriptographic makiyi ari mugore), Malware Ongororo (kuongororwa kwedziviriro kubva kune yakaipa kodhi pamashini chaiwo), Azure Chikumbiro Gateway Analytics (kuongororwa kwe, pakati pezvimwe zvinhu, gore firewall matanda), nezvimwe. . Zvishandiso izvi, zvakafumiswa nemimwe mitemo yekugadzirisa zviitiko, zvinokutendera kuti utarise zvakasiyana-siyana zvebasa regore masevhisi, kusanganisira chengetedzo, uye kuona kumwe kutsauka kubva pakushanda. Asi, sezvinowanzoitika, chero basa rekuwedzera rinoda kunyoreswa kwakabhadharwa kunowirirana, izvo zvinoda mari inoenderana nekudyara kubva kwauri, iyo yaunoda kuronga pamberi.

Cloud Security Monitoring

Azure ine akati wandei akavakirwa-mukati ekutyisidzira ekutarisa masimba ayo akabatanidzwa muAzure AD, Azure Monitor, uye Azure Security Center. Pakati pavo, semuenzaniso, kuona kupindirana kwemakina chaiwo ane anozivikanwa akashata IPs (nekuda kwekuvapo kwekubatanidzwa neThreat Intelligence masevhisi kubva kuMicrosoft), kutariswa kwe malware mu cloud infrastructure nekugamuchira maaramu kubva kumashini chaiwo akabatwa mugore, password. kufungidzira kurwiswa ” pamakina chaiwo, kusasimba mukugadziriswa kweiyo mushandisi yekuzivisa sisitimu, kupinda muhurongwa kubva kune vasingazivikanwe kana node dzine hutachiona, kuburitswa kweakaundi, kupinda muhurongwa kubva kunzvimbo dzisina kujairika, nezvimwe. Azure nhasi ndeimwe yevashoma vanopa gore vanokupa iwe yakavakirwa-muThreat Intelligence kugona kupfumisa akaunganidzwa ekuchengetedza ruzivo zviitiko.

Cloud Security Monitoring

Sezvambotaurwa pamusoro apa, basa rekuchengetedza uye, semugumisiro, zviitiko zvekuchengetedza zvinogadzirwa nazvo hazviwanikwe kune vese vashandisi zvakaenzana, asi zvinoda imwe kubhadhara iyo inosanganisira kushanda kwaunoda, iyo inogadzira zviitiko zvakakodzera zvekuchengetedzwa kwemashoko. Semuyenzaniso, mamwe emabasa anotsanangurwa mundima yapfuura yekutarisisa kusawirirana mumaakaundi anowanikwa chete muP2 premium rezinesi reAzure AD sevhisi. Pasina iyo, iwe, sezvakaitika kuAWS, uchafanirwa kuongorora zviitiko zvekuchengetedza zvakaunganidzwa "nemaoko". Uye, zvakare, zvichienderana nerudzi rweAzure AD rezinesi, hazvisi zvese zviitiko zvichave zviripo kuti zviongororwe.

PaAzure portal, iwe unogona kubata ese ari maviri ekutsvaga mibvunzo yematanda anofarira kwauri uye kuseta madhibhodhi kuti uone akakosha ruzivo rwekuchengetedza zviratidzo. Uye zvakare, ipapo iwe unogona kusarudza Azure Monitor ekuwedzera, iyo inokutendera iwe kuti uwedzere mashandiro eAzure Monitor matanda uye uwane yakadzama ongororo yezviitiko kubva pane yekuchengetedza maonero.

Cloud Security Monitoring

Kana iwe usingade kwete chete kugona kushanda nematanda, asi yakazara chengetedzo nzvimbo yeAzure gore papuratifomu, kusanganisira ruzivo rwekuchengetedza mutemo manejimendi, saka iwe unogona kutaura nezve kukosha kwekushanda neAzure Security Center, mazhinji emabasa anobatsira ayo dziripo kune imwe mari, semuenzaniso, kuona kutyisidzira, kutarisa kunze kweAzure, kuongororwa kwekuteerera, nezvimwe. (mune yemahara vhezheni, iwe unongokwanisa kuwana kuongororwa kwekuchengetedza uye kurudziro yekubvisa matambudziko akaonekwa). Inobatanidza nyaya dzese dzekuchengetedza munzvimbo imwechete. Muchokwadi, isu tinogona kutaura nezveyepamusoro nhanho yekuchengetedza ruzivo kupfuura iyo Azure Monitor inokupa iwe, sezvo mune iyi kesi iyo data yakaunganidzwa mukati mefekitori yako yegore inofumiswa uchishandisa akawanda masosi, senge Azure, Hofisi 365, Microsoft CRM online, Microsoft Dynamics AX. , outlook .com, MSN.com, Microsoft Digital Crimes Unit (DCU) uye Microsoft Security Response Center (MSRC), iyo yakasiyana-siyana yekudzidza yemuchina uye maitiro ekuongorora maitiro akaiswa pamusoro, izvo zvinofanirwa pakupedzisira kuvandudza kushanda kwekuona uye kupindura kune kutyisidzira. .

Azure zvakare ine yayo SIEM - yakaonekwa pakutanga kwa2019. Iyi iAzure Sentinel, iyo inovimba nedata kubva kuAzure Monitor uye inogona zvakare kubatana nayo. kunze kwekuchengetedza mhinduro (semuenzaniso, NGFW kana WAF), iyo rondedzero iri kuramba ichikura. Uye zvakare, kuburikidza nekubatanidzwa kweMicrosoft Graph Security API, iwe unokwanisa kubatanidza yako wega Threat Intelligence feeds kuSentinel, iyo inopfumisa kugona kwekuongorora zviitiko mune yako Azure gore. Zvinogona kupokana kuti Azure Sentinel ndiyo yekutanga "yekuzvarwa" SIEM yakaonekwa kubva kune vanopa makore (iyo yakafanana Splunk kana ELK, iyo inogona kugarwa mugore, semuenzaniso, AWS, haisati yagadzirwa nevechinyakare gore sevhisi vanopa). Azure Sentinel uye Chengetedzo Center inogona kunzi SOC yegore reAzure uye inogona kuganhurirwa kwavari (nekumwe kuchengetedzwa) kana iwe usisina chero zvivakwa uye ukatamisa zviwanikwa zvako zvekombuta kune gore uye ingave iyo Microsoft gore Azure.

Cloud Security Monitoring

Asi sezvo iyo yakavakirwa-mukati kugona kweAzure (kunyangwe kana iwe uine kunyorera kuSentinel) kazhinji haina kukwana nechinangwa chekutarisa kuchengetedzwa kweruzivo uye kubatanidza maitiro aya nemamwe masosi ezviitiko zvekuchengetedza (zvese gore uye zvemukati), kune inoda kutumira kunze data yakaunganidzwa kune ekunze masisitimu, ayo anogona kusanganisira SIEM. Izvi zvinoitwa zvese uchishandisa API uye nekushandisa akakosha ekuwedzera, ayo aripo zviri pamutemo chete kune anotevera SIEMs - Splunk (Azure Monitor Wedzera-On yeSplunk), IBM QRadar (Microsoft Azure DSM), SumoLogic, ArcSight uye ELK. Kusvika nguva pfupi yadarika, pakanga paine mamwe maSIEM akadaro, asi kubva muna Chikumi 1, 2019, Microsoft yakamira kutsigira Azure Log Integration Tool (AzLog), iyo mukutanga kwekuvapo kweAzure uye nekushaikwa kwemaitiro akajairwa ekushanda nematanda (Azure). Monitor yanga isati yavepo) yakaita kuti zvive nyore kubatanidza kunze SIEM neMicrosoft gore. Iye zvino mamiriro achinja uye Microsoft inokurudzira iyo Azure Chiitiko Hub chikuva sechinhu chikuru chekubatanidza chishandiso kune mamwe maSIEM. Vazhinji vakatoita kubatanidzwa kwakadaro, asi chenjera - vanogona kusatora matanda ese eAzure, asi mamwe chete (tarisa muzvinyorwa zveSIEM yako).

Kupedzisa rwendo rupfupi muAzure, ndinoda kupa kurudziro pamusoro peiyi gore sevhisi - usati wataura chero chinhu nezve ruzivo rwekuchengetedza ruzivo mabasa muAzure, iwe unofanirwa kuvamisa nekungwarira uye kuyedza kuti vanoshanda sezvakanyorwa muzvinyorwa uye. sezvakaudzwa nevanopa mazano Microsoft (uye vanogona kunge vane maonero akasiyana pamusoro pekushanda kweAzure mabasa). Kana iwe uine zviwanikwa zvemari, unogona kusvina yakawanda inobatsira ruzivo kubva kuAzure maererano neruzivo rwekuchengetedza ruzivo. Kana zviwanikwa zvako zvakashomeka, saka, sezviri kuitika kuAWS, iwe uchafanirwa kuvimba chete nesimba rako uye neraw data iyo Azure Monitor inokupa iwe. Uye yeuka kuti mabasa mazhinji ekutarisa anodhura mari uye zviri nani kuti uzvizive iwe nemitengo yemitengo pamberi. Semuenzaniso, mahara unogona kuchengeta mazuva makumi matatu nerimwe edhata kusvika pa31 GB pamutengi - kudarika izvi zvakakosha zvinoda kuti ubvise imwe mari (inenge $5+ yekuchengetedza yega yega yega yega kubva kumutengi uye $2. kuchengetedza 0,1 GB mwedzi wega wega wekuwedzera). Kushanda nekushandisa telemetry uye metrics kungangoda imwe mari, pamwe nekushanda nezviziviso uye zviziviso (imwe muganho unowanikwa mahara, angave asina kukwana kune zvaunoda).

Muenzaniso: Kuongororwa kwekuchengetedza ruzivo muIaaS zvichibva paGoogle Cloud Platform

Google Cloud Platform inoita senge mudiki ichienzaniswa neAWS neAzure, asi izvi zvimwe zvakanaka. Kusiyana neAWS, iyo yakawedzera kugona kwayo, kusanganisira kuchengetedza, zvishoma nezvishoma, ine matambudziko necentralization; GCP, senge Azure, inochengetedzwa zvirinani nechepakati, izvo zvinoderedza zvikanganiso uye nguva yekushandisa mukati mebhizinesi. Kubva pane yekuchengetedza maonero, GCP iri, zvisingaite, pakati peAWS neAzure. Anewo chiitiko chimwe chete chekunyoresa chesangano rose, asi chisina kukwana. Mamwe mabasa achiri mubeta modhi, asi zvishoma nezvishoma kushomeka uku kunofanirwa kubviswa uye GCP ichava chikuva chakanyanya kukura maererano neruzivo rwekuchengetedza ruzivo.

Cloud Security Monitoring

Chishandiso chikuru chezviitiko zvekutema matanda muGCP ndeye Stackdriver Logging (yakafanana neAzure Monitor), iyo inokutendera kuti uunganidze zviitiko mukati megore rako rese zvivakwa (pamwe neAWS). Kubva pakuona kwekuchengetedza muGCP, sangano rega rega, purojekiti kana folda ine matanda mana:

  • Admin Chiitiko - ine zvese zviitiko zvine chekuita nekusvika kwekutonga, semuenzaniso, kugadzira muchina chaiwo, kushandura kodzero dzekuwana, nezvimwe. Iri log rinogara rakanyorwa, zvisinei nechishuwo chako, uye rinochengeta data rayo kwemazuva mazana mana.
  • Kuwana Dhata - ine zvese zviitiko zvine chekuita nekushanda nedata nevashandisi vegore (kugadzira, kugadzirisa, kuverenga, nezvimwewo). Nekutadza, iyi log haina kunyorwa, sezvo vhoriyamu yaro inoputika nekukurumidza. Nechikonzero ichi, pasherufu yayo mazuva makumi matatu chete. Mukuwedzera, hazvisi zvose zvakanyorwa mumagazini ino. Semuyenzaniso, zviitiko zvine chekuita nezviwanikwa zvinowanikwa pachena kune vese vashandisi kana zvinosvikika pasina kupinda muGCP hazvina kunyorwa kwairi.
  • Chiitiko cheSisitimu - ine zviitiko zvehurongwa zvisina hukama nevashandisi, kana zviito zvemaneja anoshandura kurongeka kwegore zviwanikwa. Inogara yakanyorwa uye kuchengetwa kwemazuva mazana mana.
  • Access Transparency muenzaniso wakasarudzika welogi inobata zvese zviito zvevashandi veGoogle (asi zvisati zvave kune ese maGCP masevhisi) vanowana zvivakwa zvako sechikamu chebasa ravo. Rogi iyi inochengeterwa mazuva mazana mana uye haiwanikwe kune wese mutengi weGCP, asi chete kana huwandu hwemamiriro akazadzikiswa (kungave Goridhe kana Platinum level rutsigiro, kana kuvapo kwemabasa mana erumwe rudzi sechikamu cherutsigiro rwekambani). Basa rakafanana rinowanikwawo, semuenzaniso, muHofisi 400 - Lockbox.

Log muenzaniso: Access Transparency

{
 insertId:  "abcdefg12345"
 jsonPayload: {
  @type:  "type.googleapis.com/google.cloud.audit.TransparencyLog"
  location: {
   principalOfficeCountry:  "US"
   principalEmployingEntity:  "Google LLC"
   principalPhysicalLocationCountry:  "CA"
  }
  product: [
   0:  "Cloud Storage"
  ]
  reason: [
    detail:  "Case number: bar123"
    type:  "CUSTOMER_INITIATED_SUPPORT"
  ]
  accesses: [
   0: {
    methodName: "GoogleInternal.Read"
    resourceName: "//googleapis.com/storage/buckets/[BUCKET_NAME]/objects/foo123"
    }
  ]
 }
 logName:  "projects/[PROJECT_NAME]/logs/cloudaudit.googleapis.com%2Faccess_transparency"
 operation: {
  id:  "12345xyz"
 }
 receiveTimestamp:  "2017-12-18T16:06:37.400577736Z"
 resource: {
  labels: {
   project_id:  "1234567890"
  }
  type:  "project"
 }
 severity:  "NOTICE"
 timestamp:  "2017-12-18T16:06:24.660001Z"
}

Kuwana matanda aya kunogoneka nenzira dzakati wandei (nenzira dzakangofanana neyakambokurukurwa nezveAzure neAWS) - kuburikidza neiyo Log Viewer interface, kuburikidza neAPI, kuburikidza neGoogle Cloud SDK, kana kuburikidza neChiitiko peji repurojekiti yako yaunoitira. vanofarira zviitiko. Nenzira imwecheteyo, ivo vanogona kutumirwa kune ekunze mhinduro dzekuwedzera kuongororwa. Iyo yekupedzisira inoitwa nekutumira matanda kuBigQuery kana Cloud Pub/Sub kuchengetedza.

Pamusoro peStackdriver Logging, iyo GCP chikuva inopawo Stackdriver Monitoring mashandiro, ayo anotendera iwe kuti utarise akakosha metrics (kuita, MTBF, hutano hwese, nezvimwewo) zvemakore masevhisi uye maapplication. Yakagadziridzwa uye yakaoneswa data inogona kuita kuti zvive nyore kuwana matambudziko mune yako gore zvivakwa, kusanganisira mumamiriro ekuchengetedza. Asi zvinofanirwa kucherechedzwa kuti kuita uku hakuzove kwakapfuma zvakanyanya mumamiriro ekuchengetedza ruzivo, sezvo nhasi GCP isina analogue yeayo AWS GuardDuty uye haigone kuziva zvakaipa pakati pezviitiko zvese zvakanyoreswa (Google yakagadzira Chiitiko Threat Detection, asi ichiri kuvandudzwa mubeta uye ichiri kukasika kutaura nezvekubatsira kwayo). Stackdriver Monitoring inogona kushandiswa senzira yekuona anomalies, inozoongororwa kuti iwane zvikonzero zvekuitika kwavo. Asi nekushomeka kwevashandi vanokwanisa mumunda weGCP ruzivo rwekuchengetedza pamusika, basa iri parizvino rinotaridzika rakaoma.

Cloud Security Monitoring

Izvo zvakakoshawo kupa runyorwa rwemamwe ruzivo rwekuchengetedza mamodule anogona kushandiswa mukati meGCP gore, uye akafanana neanopiwa neAWS:

  • Cloud Security Command Center inofananidzwa neAWS Security Hub uye Azure Security Center.
  • Cloud DLP -Kuwana otomatiki uye kugadzirisa (semuenzaniso masking) yedata inobatwa mugore uchishandisa anopfuura makumi mapfumbamwe akafanotsanangurwa emhando marongero.
  • Cloud Scanner is scanner yekusagadzikana inozivikanwa (XSS, Flash Injection, maraibhurari asina kunyorwa, nezvimwewo) muApp Engine, Compute Injini uye Google Kubernetes.
  • Cloud IAM - Dzora kuwana kune ese GCP zviwanikwa.
  • Cloud Identity - Tonga mushandisi weGCP, mudziyo uye maakaundi ekushandisa kubva kune imwechete console.
  • Cloud HSM - kuchengetedzwa kwekriptographic kiyi.
  • Cloud Key Management Service - manejimendi e cryptographic kiyi muGCP.
  • VPC Service Control - Gadzira yakachengeteka perimita yakatenderedza yako GCP zviwanikwa kuti uzvidzivirire kubva pakudonha.
  • Titan Chengetedzo Kiyi - dziviriro kubva kune phishing.

Cloud Security Monitoring

Mazhinji emamodule aya anogadzira zviitiko zvekuchengetedza zvinogona kutumirwa kuBigQuery chengetedzo kuti iongororwe kana kutumira kunze kune mamwe masisitimu, kusanganisira SIEM. Sezvambotaurwa pamusoro, GCP ipuratifomu inoshingairira kusimudzira uye Google ikozvino iri kugadzira akati wandei eruzivo rwekuchengetedza mamodule epuratifomu yayo. Pakati pazvo pane Chiitiko Threat Detection (ikozvino yave kuwanikwa mubeta), iyo inoongorora matanda eStackdriver mukutsvaga zvitendwa zvezvisina kutenderwa (zvakafanana neGuardDuty muAWS), kana Policy Intelligence (inowanikwa mualpha), iyo ichakubvumidza iwe kugadzira akangwara marongero e kuwana zviwanikwa zveGCP.

Ndakaita pfupiso pfupi yeakavakirwa-mukati ekutarisa kugona mune yakakurumbira makore mapuratifomu. Asi iwe une nyanzvi dzinokwanisa kushanda ne β€œmbishi” IaaS mupi matanda (kwete munhu wese akagadzirira kutenga hunyanzvi hwepamusoro hweAWS kana Azure kana Google)? Mukuwedzera, vakawanda vanoziva chirevo chokuti β€œvimbo, asi simbisa,” icho chiri chechokwadi kupfuura nakare kose munyaya yechengeteko. Iwe unovimba zvakadini neakavakirwa-mukati masimba emupi wegore anokutumira iwe ruzivo rwekuchengetedza ruzivo? Zvakawanda sei zvavanotarisa pakuchengetedza ruzivo zvachose?

Dzimwe nguva zvakakosha kuti utarise pamusoro peyakavharika gore zvigadziriso zvekutarisa zvigadziriso zvinogona kuzadzisa yakavakirwa-mukati chengetedzo yegore, uye dzimwe nguva mhinduro dzakadai ndiyo yega sarudzo yekuwana nzwisiso mukuchengetedzeka kwedata rako uye maapplication akabatwa mugore. Uye zvakare, ivo vari nyore nyore, sezvo ivo vachitora mabasa ese ekuongorora anodiwa matanda anogadzirwa neakasiyana masevhisi emakore kubva kune vakasiyana vanopa makore. Muenzaniso weiyo yakavharika mhinduro ndeye Cisco Stealthwatch Cloud, iyo yakatarisana nebasa rimwechete - kutarisa ruzivo rwekuchengetedza anomalies munzvimbo dzemakore, kusanganisira kwete chete Amazon AWS, Microsoft Azure uye Google Cloud Platform, asiwo makore akavanzika.

Muenzaniso: Ruzivo Rwekuchengetedza Monitoring Uchishandisa Stealthwatch Cloud

AWS inopa inochinjika komputa papuratifomu, asi kuchinjika uku kunoita kuti zvive nyore kumakambani kuita zvikanganiso zvinotungamira kuzvinhu zvekuchengetedza. Uye iyo yakagovaniswa ruzivo yekuchengetedza modhi inongobatsira kune izvi. Kumhanya software mugore nekusaziva kusaziva (vanozivikanwa vanogona kurwiswa, semuenzaniso, neAWS Inspector kana GCP Cloud Scanner), mapassword asina simba, masisitimu asiri iwo, mukati, nezvimwe. Uye izvi zvese zvinoratidzwa mumafambiro ezviwanikwa zvegore, izvo zvinogona kutariswa neCisco Stealthwatch Cloud, inova ruzivo rwekuchengetedza ruzivo uye yekurwisa yekuona system. makore eruzhinji neakavanzika.

Cloud Security Monitoring

Chimwe chezvinhu zvakakosha zveCisco Stealthwatch Cloud kugona kuenzanisira masangano. Nayo, iwe unogona kugadzira software modhi (kureva, iri pedyo-chaiyo-nguva simulation) yega yega yako gore zviwanikwa (hazvina basa kana iri AWS, Azure, GCP, kana chimwewo chinhu). Izvi zvinogona kusanganisira maseva nevashandisi, pamwe nemhando dzezvishandiso dzakananga kune yako gore nharaunda, semapoka ekuchengetedza uye auto-scale mapoka. Aya mamodheru anoshandisa yakarongeka data hova inopihwa nemakore masevhisi sekuisa. Semuenzaniso, kune AWS aya angave VPC Flow Logs, AWS CloudTrail, AWS CloudWatch, AWS Config, AWS Inspector, AWS Lambda, uye AWS IAM. Entity modelling inowana otomatiki basa uye maitiro echero zviwanikwa zvako (iwe unogona kutaura nezve profiling yese yegore chiitiko). Aya mabasa anosanganisira Android kana Apple nharembozha, Citrix PVS server, RDP server, mail gedhi, VoIP mutengi, terminal server, domain controller, nezvimwe. Inobva yaramba ichitarisa maitiro avo kuti vaone kana maitiro ane njodzi kana kuchengetedzwa-kutyisidzira akaitika. Iwe unogona kuona kufungidzira kwepassword, DDoS kurwiswa, kuburitswa kwedata, kupinda zvisiri pamutemo kure, hutsinye hwekuita kodhi, kutariswa kwenjodzi uye kumwe kutyisidzira. Semuyenzaniso, izvi ndizvo zvinoona kuedza kwekupinda kure kubva kune imwe nyika atypical yesangano rako (South Korea) kuenda kuKubernetes cluster kuburikidza neSSH inoita senge:

Cloud Security Monitoring

Uye izvi ndizvo zvinonzi kuburitswa kweruzivo kubva kuPostgress dhatabhesi kuenda kune imwe nyika yatisati tamboonana nayo kuita senge:

Cloud Security Monitoring

Pakupedzisira, izvi ndizvo zvakakundikana kuedza kwakawanda kweSSH kubva kuChina neIndonesia kubva kune yekunze iri kure mudziyo inoita senge:

Cloud Security Monitoring

Kana, fungidzira kuti sevhavha muVPC ndeye, nemutemo, isingambove iri kure yekuenda. Ngatirambei tichifunga kuti komputa iyi yakasangana nerekure logon nekuda kweshanduko isiriyo mumutemo we firewall. Iyo Entity Modelling ficha inoona uye ichitaura chiitiko ichi ("Isina kujairika Remote Access") munguva chaiyo-nguva uye inonongedza kune chaiyo AWS CloudTrail, Azure Monitor, kana GCP Stackdriver Logging API kufona (kusanganisira zita rekushandisa, zuva uye nguva, pakati pezvimwe zvinhu. ) izvo zvakakonzera shanduko kumutemo weITU. Uye ipapo ruzivo urwu runogona kutumirwa kuSIEM kuti iongororwe.

Cloud Security Monitoring

Kugona kwakafanana kunoitwa kune chero makore nharaunda inotsigirwa neCisco Stealthwatch Cloud:

Cloud Security Monitoring

Entity modeling inzira yakasarudzika yekuchengetedza otomatiki iyo inogona kuburitsa dambudziko raimbozivikanwa nevanhu vako, maitiro kana tekinoroji. Semuenzaniso, inokubvumira kuona, pakati pezvimwe zvinhu, matambudziko ekuchengetedza akadai se:

  • Pane mumwe munhu akawana backdoor mune software yatinoshandisa?
  • Pane yechitatu bato software kana mudziyo mugore redu?
  • Mushandisi ane mvumo anoshandisa zvisizvo kodzero here?
  • Paive paine chikanganiso chekugadzirisa chaibvumira kupinda kure kana kumwe kushandiswa kusingatarisirwe kwezviwanikwa?
  • Pane data yadeuka kubva kumaseva edu?
  • Pane mumwe munhu aiedza kutibatanidzira kubva kune atypical geographic location?
  • Gore redu rakabatwa nekodhi yakaipa here?

Cloud Security Monitoring

Chiitiko chekuchengetedza ruzivo chakaonekwa chinogona kutumirwa muchimiro chetikiti rinoenderana kuSlack, Cisco Spark, iyo PagerDuty chiitiko manejimendi system, uye zvakare inotumirwa kune akasiyana maSIEM, kusanganisira Splunk kana ELK. Kupfupisa, tinogona kutaura kuti kana kambani yako ikashandisa yakawanda-makore zano uye isingaganhurwe kune chero wegore mupi, ruzivo rwekuchengetedza ruzivo rwakatsanangurwa pamusoro, ipapo kushandisa Cisco Stealthwatch Cloud isarudzo yakanaka yekuwana yakabatana seti yekutarisa. kugona kwevanotungamira gore vatambi - Amazon, Microsoft uye Google. Chinhu chinonyanya kufadza ndechekuti kana iwe ukaenzanisa mitengo yeStealthwatch Cloud nemarezinesi epamberi ekutarisa kuchengetedza ruzivo muAWS, Azure kana GCP, zvinogona kuzoitika kuti Cisco mhinduro ichave yakachipa kupfuura iyo yakavakirwa-mukati kugona kweAmazon, Microsoft. uye Google mhinduro. Zvinoshamisa, asi ichokwadi. Uye iyo makore akawanda uye kugona kwavo kwaunoshandisa, zvakanyanya kujeka mukana weiyo yakasanganiswa mhinduro ichave.

Cloud Security Monitoring

Uye zvakare, Stealthwatch Cloud inogona kutarisa yakavanzika makore akaiswa musangano rako, semuenzaniso, zvichibva paKubernetes midziyo kana nekutarisa kuyerera kweNetflow kana network traffic inogamuchirwa kuburikidza negirazi mumidziyo yetiweki (kunyangwe inogadzirwa mudzimba), AD data kana DNS maseva zvichingodaro. Idzi data rese richapfumiswa neruzivo rweThreat Intelligence yakaunganidzwa naCisco Talos, boka repasi rose risiri rehurumende revatsvagiri vekutyisidzira kwecybersecurity.

Cloud Security Monitoring

Izvi zvinokutendera kuti uite yakabatana yekutarisa sisitimu kune ese eruzhinji uye mahybrid makore ayo kambani yako ingashandise. Ruzivo rwakaunganidzwa runogona kuongororwa uchishandisa Stealthwatch Cloud yakavakirwa-mukati kugona kana kutumirwa kune yako SIEM (Splunk, ELK, SumoLogic uye akati wandei anotsigirwa nekusarudzika).

Neizvi, tichapedzisa chikamu chekutanga chechinyorwa, chandakaongorora maturusi akavakirwa-mukati uye ekunze ekutarisa kuchengetedzwa kweruzivo rweIaaS/PaaS mapuratifomu, ayo anotibvumira kukurumidza kuona uye kupindura kune zviitiko zviri kuitika munzvimbo dzemakore bhizinesi redu rakasarudza. Muchikamu chechipiri, tichaenderera mberi nemusoro uye titarise sarudzo dzekutarisa SaaS mapuratifomu tichishandisa muenzaniso weSalesforce neDropbox, uye isu tichaedzawo kupfupikisa nekuisa zvese pamwe nekugadzira yakabatana ruzivo rwekuchengetedza ruzivo system kune vakasiyana vanopa makore.

Source: www.habr.com

Voeg