I-ProHoster > Блог > Ukuphatha > Cloud Security Monitoring

Cloud Security Monitoring

Ukuhambisa idatha nezinhlelo zokusebenza kumafu kuveza inselele entsha kuma-SOC ezinkampani, angahlali ekulungele ukuqapha ingqalasizinda yabanye abantu. NgokukaNetoskope, ibhizinisi elijwayelekile (ngokusobala elase-US) lisebenzisa izinsiza zamafu ezihlukene eziyi-1246, okungama-22% ngaphezu konyaka odlule. 1246 izinkonzo zamafu !!! Ezingu-175 zazo zihlobene nezinsizakalo zakwa-HR, eziyi-170 zihlobene nokumaketha, eziyi-110 zisemkhakheni wezokuxhumana kanti ezingama-76 ngezezezimali kanye ne-CRM. I-Cisco isebenzisa izinsiza zamafu zangaphandle “kuphela” ezingama-700. Ngakho-ke ngididekile kancane ngalezi zinombolo. Kodwa kunoma yikuphi, inkinga ayikho kubo, kodwa ngeqiniso lokuthi ifu seliqala ukusetshenziswa ngokuqhubekayo ngenani elandayo lezinkampani ezingathanda ukuba namandla afanayo okuqapha ingqalasizinda yamafu njengakunethiwekhi yazo. Futhi lo mkhuba uyakhula - ngokusho ngokusho kwe-American Chamber of Accounts Ngo-2023, izikhungo zedatha eziyi-1200 zovalwa e-United States (eziyi-6250 vele sezivaliwe). Kodwa ukushintshela efwini akukhona nje ukuthi "ake sihambise amaseva ethu kumhlinzeki wangaphandle." Isakhiwo esisha se-IT, isofthiwe entsha, izinqubo ezintsha, imikhawulo emisha ... Konke lokhu kuletha izinguquko ezibalulekile emsebenzini we-IT hhayi kuphela, kodwa futhi nokuphepha kolwazi. Futhi uma abahlinzeki befunde ukubhekana ngandlela thize nokuqinisekisa ukuphepha kwefu ngokwalo (ngenhlanhla kunezincomo eziningi), khona-ke ngokuqapha kokuphepha kolwazi lwamafu, ikakhulukazi kumapulatifomu e-SaaS, kukhona ubunzima obubalulekile, esizokhuluma ngabo.

Cloud Security Monitoring

Ake sithi inkampani yakho ihambise ingxenye yengqalasizinda yayo efwini... Misa. Hhayi ngale ndlela. Uma ingqalasizinda idlulisiwe, futhi manje ucabanga nje ukuthi uzoyiqapha kanjani, lapho-ke usuvele ulahlekelwe. Ngaphandle uma kuyi-Amazon, Google, noma iMicrosoft (bese kuba nokubhukha), cishe ngeke ube namandla amaningi okuqapha idatha yakho nezinhlelo zokusebenza. Kuhle uma unikezwa ithuba lokusebenza nezingodo. Kwesinye isikhathi idatha yomcimbi wokuvikeleka izotholakala, kodwa ngeke ukwazi ukuyifinyelela. Isibonelo, i-Office 365. Uma unelayisensi ye-E1 eshibhe kakhulu, khona-ke imicimbi yezokuphepha ayitholakali kuwe nhlobo. Uma unelayisensi ye-E3, idatha yakho igcinwa izinsuku ezingu-90 kuphela, futhi kuphela uma unelayisensi E5, isikhathi izingodo iyatholakala unyaka (noma kunjalo, lokhu futhi has ezicashile ahlobene nesidingo ngokwehlukana. cela inani lemisebenzi yokusebenza ngamalogi kusekelo lwe-Microsoft). Ngendlela, ilayisense ye-E3 ibuthakathaka kakhulu ngokwemisebenzi yokuqapha kunokushintshaniswa kwebhizinisi. Ukuze ufinyelele izinga elifanayo, udinga ilayisense ye-E5 noma ilayisensi eyengeziwe Yokuthobela Okuthuthukile, engadinga imali eyengeziwe engazange ibalwe kumodeli yakho yezezimali ukuze uthuthele kungqalasizinda yamafu. Futhi lesi yisibonelo esisodwa nje sokubukelwa phansi kwezinkinga ezihlobene nokuqapha ukuphepha kolwazi lwamafu. Kulesi sihloko, ngaphandle kokuzenza ngiphelele, ngifuna ukudonsela ukunaka kwamanye ama-nuances okufanele acatshangelwe lapho ukhetha umhlinzeki wamafu kusukela ekubukeni kwezokuphepha. Futhi ekupheleni kwe-athikili, kuzonikezwa uhlu lokuhlola okufanele luqedwe ngaphambi kokucabangela ukuthi indaba yokuqapha ukuphepha kolwazi lwamafu isixazululiwe.

Kunezinkinga ezimbalwa ezijwayelekile eziholela ezehlakalweni ezindaweni ezingamafu, lapho izinsizakalo zokuphepha zolwazi zingenaso isikhathi sokuphendula noma zingaziboni nhlobo:

  • Amalogi okuvikela awekho. Lesi yisimo esivame kakhulu, ikakhulukazi phakathi kwabadlali abaqalayo emakethe yezixazululo zamafu. Kodwa akufanele uwalahle ngokushesha. Abadlali abancane, ikakhulukazi abasekhaya, bazwela kakhulu ezidingweni zamakhasimende futhi bangaqalisa ngokushesha imisebenzi ethile edingekayo ngokushintsha imephu yomgwaqo egunyaziwe yemikhiqizo yabo. Yebo, lokhu ngeke kube i-analogue ye-GuardDuty evela e-Amazon noma imojula ethi "Proactive Protection" evela ku-Bitrix, kodwa okungenani okuthile.
  • Ukuvikeleka kolwazi awazi ukuthi amalogi agcinwe kuphi noma akukho ukufinyelela kuwo. Lapha kuyadingeka ukungena ezingxoxweni nomhlinzeki wesevisi yefu - mhlawumbe uzohlinzeka ngolwazi olunjalo uma ebheka iklayenti njengebalulekile kuye. Kodwa ngokuvamile, akukuhle kakhulu uma ukufinyelela kulogi kunikezwa "ngesinqumo esikhethekile."
  • Kuyenzeka futhi ukuthi umhlinzeki wefu unamalogi, kodwa ahlinzeka ngokuqapha okulinganiselwe nokurekhoda komcimbi, okunganele ukuthola zonke izigameko. Isibonelo, ungathola kuphela amalogi oshintsho kuwebhusayithi noma amalogi emizamo yokuqinisekisa ubuqiniso yomsebenzisi, kodwa hhayi eminye imicimbi, efana nethrafikhi yenethiwekhi, ezofihla kuwe yonke isendlalelo semicimbi ebonisa imizamo yokugebenga ingqalasizinda yefu.
  • Kukhona izingodo, kodwa ukufinyelela kuzo kunzima ukuzenzakalela, okuphoqa ukuthi ziqashwe hhayi ngokuqhubekayo, kodwa ngohlelo. Futhi uma ungakwazi ukulanda izingodo ngokuzenzakalelayo, bese ulanda izingodo, ngokwesibonelo, ngefomethi ye-Excel (njengenani labahlinzeki bezixazululo zefu lasekhaya), kungase kuholele nasekungabazeni kwensizakalo yezokuvikela yolwazi lwenkampani ukuxoxa ngayo.
  • Akukho ukuqapha kwelogi. Lesi mhlawumbe isizathu esingacacile kakhulu sokwenzeka kwezigameko zokuphepha kolwazi ezindaweni zamafu. Kubonakala sengathi kukhona izingodo, futhi kungenzeka ukwenza ngokuzenzakalelayo ukufinyelela kuzo, kodwa akekho owenza lokhu. Kungani?

Umqondo wokuphepha wamafu okwabelwana ngawo

Ukushintshela emafini kuhlala kuwusesho lwebhalansi phakathi kwesifiso sokugcina ukulawula ingqalasizinda nokuyidlulisela ezandleni ezichwepheshile zomhlinzeki wamafu ogxile ekuyinakekeleni. Futhi emkhakheni wokuphepha kwamafu, le bhalansi kufanele futhi ifunwe. Ngaphezu kwalokho, kuye ngemodeli yokulethwa kwesevisi yefu esetshenzisiwe (IaaS, PaaS, SaaS), le bhalansi izohluka ngaso sonke isikhathi. Kunoma yikuphi, kufanele sikhumbule ukuthi bonke abahlinzeki bamafu namuhla balandela lokho okubizwa ngokuthi isibopho esabiwe kanye nemodeli yokuphepha yolwazi olwabiwe. Ifu linomthwalo wemfanelo wezinye izinto, kanti kwezinye iklayenti linesibopho, libeka idatha yalo, izinhlelo zalo zokusebenza, imishini yalo ebonakalayo nezinye izinsiza efwini. Kungaba ubudedengu ukulindela ukuthi ngokuya efwini, sizodlulisela wonke umthwalo kumhlinzeki. Kodwa futhi akuhlakaniphile ukuzakhela konke ukuphepha lapho uthuthela emafini. Kudingeka ibhalansi, ezoncika ezintweni eziningi: - isu lokulawula ubungozi, imodeli yosongo, izindlela zokuphepha ezitholakala kumhlinzeki wamafu, umthetho, njll.

Cloud Security Monitoring

Isibonelo, ukuhlukaniswa kwedatha ephethwe efwini kuhlala kuwumthwalo wekhasimende. Umhlinzeki wamafu noma umhlinzeki wesevisi wangaphandle angamsiza kuphela ngamathuluzi azosiza ukumaka idatha emafini, ukukhomba ukwephulwa, ukususa idatha ephula umthetho, noma ukuyifihla kusetshenziswa indlela eyodwa noma enye. Ngakolunye uhlangothi, ukuphepha ngokomzimba kuhlale kuwumthwalo wemfanelo womhlinzeki wamafu, angakwazi ukwabelana ngawo namakhasimende. Kodwa yonke into ephakathi kwedatha nengqalasizinda ebonakalayo iyisihloko okuxoxwa ngaso kulesi sihloko. Isibonelo, ukutholakala kwefu kuwumthwalo wemfanelo womhlinzeki, futhi ukusetha imithetho ye-firewall noma ukunika amandla ukubethela kuwumthwalo weklayenti. Kulesi sihloko sizozama ukubheka ukuthi yiziphi izindlela zokuqapha ukuphepha kolwazi ezinikezwa namuhla ngabahlinzeki bamafu abahlukahlukene abadumile eRussia, yiziphi izici zokusetshenziswa kwazo, futhi nini kufanelekile ukubheka izixazululo zembondela zangaphandle (isibonelo, Cisco E- mail Security) anweba amandla efu lakho ngokuya nge-cybersecurity. Kwezinye izimo, ikakhulukazi uma ulandela isu elinamafu amaningi, ngeke ube nokunye okunye ngaphandle kokusebenzisa izixazululo zokuqapha ukuphepha kolwazi ezindaweni ezimbalwa zamafu ngesikhathi esisodwa (isibonelo, i-Cisco CloudLock noma i-Cisco Stealthwatch Cloud). Nokho, kwezinye izimo uzobona ukuthi umhlinzeki wamafu omkhethile (noma obekwe kuwe) akanikezi noma yimaphi amakhono okuqapha ukuphepha kolwazi nhlobo. Lokhu akujabulisi, kodwa futhi akukuncane, ngoba kukuvumela ukuthi uhlole ngokwanele izinga lobungozi obuhambisana nokusebenza naleli fu.

I-Cloud Security Monitoring Lifecycle

Ukuqapha ukuphepha kwamafu owasebenzisayo, unezinketho ezintathu kuphela:

  • thembela kumathuluzi anikezwe umhlinzeki wakho wamafu,
  • sebenzisa izixazululo ezivela ezinkampanini zangaphandle ezizoqapha i-IaaS, PaaS noma inkundla ye-SaaS oyisebenzisayo,
  • yakha ingqalasizinda yakho yokuqapha ifu (kuphela izinkundla ze-IaaS/PaaS).

Ake sibone ukuthi yiziphi izici ngayinye yalezi zinketho inazo. Kodwa okokuqala, sidinga ukuqonda uhlaka olujwayelekile oluzosetshenziswa lapho kuqapha amapulatifomu amafu. Ngingagqamisa izingxenye ezingu-6 eziyinhloko zenqubo yokuqapha ukuphepha kolwazi emafini:

  • Ukulungiswa kwengqalasizinda. Ukunquma izinhlelo zokusebenza ezidingekayo nengqalasizinda yokuqoqa imicimbi ebalulekile ekuvikelekeni kolwazi endaweni yokugcina.
  • Iqoqo. Kulesi sigaba, imicimbi yezokuphepha ihlanganiswa kusuka emithonjeni eyahlukene ukuze idluliselwe ukuze icutshungulwe, igcinwe futhi ihlaziywe.
  • Ukwelashwa. Kulesi sigaba, idatha iyaguqulwa futhi ithuthukiswe ukuze kube lula ukuhlaziya okulandelayo.
  • Isitoreji. Le ngxenye inesibopho sokugcinwa kwesikhashana kanye nesikhathi eside kwedatha eqoqiwe ecutshunguliwe nengavuthiwe.
  • Ukuhlaziya. Kulesi sigaba, unamandla okubona izehlakalo futhi uphendule kuzo ngokuzenzakalelayo noma ngesandla.
  • Ukubika. Lesi sigaba sisiza ukwenza izinkomba ezibalulekile zababambe iqhaza (abaphathi, abacwaningi mabhuku, abahlinzeki bamafu, amaklayenti, njll.) ezisisiza senze izinqumo ezithile, isibonelo, ukushintsha umhlinzeki noma ukuqinisa ukuphepha kolwazi.

Ukuqonda lezi zingxenye kuzokuvumela ukuthi unqume ngokushesha esikhathini esizayo ukuthi yini ongayithatha kumhlinzeki wakho, nokuthi yini okufanele ukwenze ngokwakho noma ngokubandakanyeka kwababonisi bangaphandle.

Amasevisi amafu akhelwe ngaphakathi

Sengivele ngibhale ngenhla ukuthi izinsiza eziningi zamafu namuhla azihlinzeki ngamakhono okuqapha ukuphepha kolwazi. Ngokuvamile, abanaki kakhulu isihloko sokuphepha kolwazi. Isibonelo, enye yezinsizakalo ezidumile zaseRussia zokuthumela imibiko kuma-ejensi kahulumeni nge-Intanethi (ngeke ngisho ngokuqondile igama layo). Ingxenye yonke emayelana nokuvikeleka kwale sevisi igxile ekusetshenzisweni kwe-CIPF eqinisekisiwe. Ingxenye yokuphepha yolwazi yenye insizakalo yamafu yasekhaya yokuphathwa kwemibhalo ye-elekthronikhi ayihlukile. Ikhuluma ngezitifiketi zokhiye basesidlangalaleni, i-cryptography eqinisekisiwe, ukususa ubungozi bewebhu, ukuvikelwa ekuhlaselweni kwe-DDoS, ukusebenzisa izindonga zomlilo, izipele, ngisho nokuhlolwa kolwazi olujwayelekile lokuvikela. Kodwa alikho igama elimayelana nokuqapha, noma mayelana nokwenzeka kokufinyelela ezenzakalweni zokuphepha zolwazi ezingase zibe nesithakazelo kumakhasimende alo mnikezeli wesevisi.

Ngokuvamile, ngendlela umhlinzeki wefu achaza ngayo izindaba zokuphepha kolwazi kuwebhusayithi yakhe kanye nakumadokhumenti ayo, ungaqonda ukuthi iluthatha ngokungathi sína kangakanani lolu daba. Isibonelo, uma ufunda amamanyuwali emikhiqizo ye-“Ofisi Lami”, alikho nhlobo igama elimayelana nokuphepha, kodwa emibhalweni yomkhiqizo ohlukene othi “Ihhovisi Lami. I-KS3”, eklanyelwe ukuvikela ekufinyeleleni okungagunyaziwe, kunohlu olujwayelekile lwamaphuzu e-oda le-17 le-FSTEC, elisetshenziswa yi-“My Office.KS3”, kodwa alichazwanga ukuthi lilisebenzisa kanjani futhi, okubaluleke kakhulu, ukuthi lenziwa kanjani. hlanganisa lezi zindlela nokuvikeleka kolwazi lwebhizinisi. Mhlawumbe imibhalo enjalo ikhona, kodwa angiyitholanga esizindeni somphakathi, kuwebhusayithi ethi “Ihhovisi Lami”. Nakuba mhlawumbe angikwazi nje ukufinyelela lolu lwazi oluyimfihlo?..

Cloud Security Monitoring

Ku-Bitrix, isimo singcono kakhulu. Amadokhumenti achaza amafomethi amalogi omcimbi futhi, ngokuthakazelisayo, ilogi yokungena, equkethe izehlakalo ezihlobene nezinsongo ezingaba khona kuplathifomu yamafu. Ukusuka lapho ungakhipha i-IP, igama lomsebenzisi noma isivakashi, umthombo womcimbi, isikhathi, Umenzeli Womsebenzisi, uhlobo lomcimbi, njll. Yiqiniso, ungakwazi ukusebenza ngale micimbi kusuka kuphaneli yokulawula yefu ngokwalo, noma ulayishe idatha ngefomethi ye-MS Excel. Manje sekunzima ukwenza umsebenzi ngokuzenzakalelayo ngamalogi e-Bitrix futhi kuzodingeka wenze omunye umsebenzi mathupha (ukulayisha umbiko bese uwulayisha ku-SIEM yakho). Kodwa uma sikhumbula ukuthi kuze kube muva nje alikho ithuba elinjalo, khona-ke lokhu kuyintuthuko enkulu. Ngesikhathi esifanayo, ngithanda ukuqaphela ukuthi abahlinzeki abaningi bangaphandle banikeza ukusebenza okufanayo "kwabaqalayo" - noma ubheke izingodo ngamehlo akho ngephaneli yokulawula, noma ulayishe idatha kuwe (nokho, idatha eminingi yokulayisha ku-. csv ifomethi, hhayi i-Excel).

Cloud Security Monitoring

Ngaphandle kokucabangela inketho yokungagcini, abahlinzeki bamafu bavame ukukunikeza izinketho ezintathu zokuqapha imicimbi yezokuphepha - amadeshibhodi, ukulayishwa kwedatha nokufinyelela kwe-API. Eyokuqala ibonakala ikuxazululela izinkinga eziningi, kodwa lokhu akulona iqiniso ngokuphelele - uma unomagazini abambalwa, kufanele ushintshe phakathi kwezikrini eziwabonisayo, ulahlekelwe isithombe sonke. Ngaphezu kwalokho, umhlinzeki wamafu cishe ngeke akunikeze ikhono lokuhlobanisa imicimbi yezokuphepha futhi ngokuvamile ayihlaziye kusukela endaweni yokubuka yezokuphepha (imvamisa ubhekene nedatha eluhlaza, okudingeka uziqonde ngokwakho). Kukhona okuhlukile futhi sizoxoxa ngakho kabanzi. Okokugcina, kufanelekile ukubuza ukuthi yiziphi izehlakalo ezirekhodwa umhlinzeki wakho wamafu, ngayiphi ifomethi, futhi zihambisana kanjani nenqubo yakho yokuqapha ukuphepha kolwazi? Isibonelo, ukuhlonza kanye nokuqinisekiswa kwabasebenzisi nezihambeli. I-Bitrix efanayo ikuvumela, ngokusekelwe kule micimbi, ukuthi urekhode idethi nesikhathi somcimbi, igama lomsebenzisi noma isivakashi (uma unemojula "ye-Web Analytics"), into efinyelelwe kanye nezinye izici ezivamile kuwebhusayithi. . Kodwa izinsizakalo zokuphepha zolwazi lwebhizinisi zingase zidinge ulwazi mayelana nokuthi umsebenzisi ufinyelele ifu kusukela kudivayisi ethenjwayo (isibonelo, kunethiwekhi yebhizinisi lo msebenzi wenziwa yi-Cisco ISE). Kuthiwani ngomsebenzi olula njengomsebenzi we-geo-IP, ozosiza ukunquma ukuthi i-akhawunti yomsebenzisi wesevisi yefu yebiwe yini? Futhi noma ngabe umhlinzeki wamafu ekunikeza yona, lokhu akwanele. I-Cisco CloudLock efanayo ayigcini nje ngokuhlaziya i-geolocation, kodwa isebenzisa ukufunda komshini kulokhu futhi ihlaziya idatha yomlando yomsebenzisi ngamunye futhi iqaphe okudidayo okuhlukahlukene emizamweni yokuhlonza neyokuqinisekisa. I-MS Azure kuphela enomsebenzi ofanayo (uma unokubhalisele okufanele).

Cloud Security Monitoring

Kunobunye ubunzima - njengoba kubahlinzeki abaningi bamafu ukuqapha ukuphepha kolwazi kuyisihloko esisha abasanda kuqala ukubhekana naso, bahlala beshintsha okuthile ezixazululweni zabo. Namuhla banenguqulo eyodwa ye-API, kusasa enye, ngakusasa kusasa okwesithathu. Kudingeka futhi uzilungiselele lokhu. Kungokufanayo nokusebenza, okungase kushintshe, okufanele kubhekwe ohlelweni lwakho lokuqapha ukuphepha kolwazi. Isibonelo, i-Amazon ekuqaleni yayinezinsizakalo ezihlukene zokuqapha umcimbi wamafu-AWS CloudTrail kanye ne-AWS CloudWatch. Kwabe sekuvela isevisi ehlukile yokuqapha imicimbi yokuphepha kolwazi - AWS GuardDuty. Ngemva kwesikhathi esithile, i-Amazon yethula uhlelo olusha lokuphatha, i-Amazon Security Hub, ehlanganisa ukuhlaziywa kwedatha etholwe ku-GuardDuty, i-Amazon Inspector, i-Amazon Macie nabanye abambalwa. Esinye isibonelo ithuluzi lokuhlanganiswa kwelogi ye-Azure ne-SIEM - AzLog. Yayisetshenziswa ngenkuthalo abathengisi abaningi be-SIEM, kwaze kwaba ngowezi-2018 iMicrosoft yamemezela ukumiswa kokuthuthukiswa nokusekelwa kwayo, okubhekane namaklayenti amaningi asebenzisa leli thuluzi ngenkinga (sizokhuluma ngokuthi yaxazululwa kanjani kamuva).

Ngakho-ke, qapha ngokucophelela zonke izici zokuqapha umhlinzeki wakho wamafu akunikeza zona. Noma thembela kubahlinzeki bezixazululo bangaphandle abazosebenza njengabalamuli phakathi kwe-SOC yakho nefu ofuna ukuliqapha. Yebo, kuzobiza kakhulu (nakuba kungenjalo njalo), kodwa uzodlulisela wonke umthwalo emahlombe womunye umuntu. Noma akuzona zonke?.. Masikhumbule umqondo wokuphepha okwabiwe futhi siqonde ukuthi ngeke sishintshe lutho - kuzodingeka siqonde ngokuzimela ukuthi abahlinzeki befu abahlukene banikeza kanjani ukuqapha kokuphepha kolwazi lwedatha yakho, izinhlelo zokusebenza, imishini ebonakalayo nezinye izinsiza. isingathwe efwini. Futhi sizoqala ngalokho okuhlinzekwa yi-Amazon kule ngxenye.

Isibonelo: Ukuqapha ukuphepha kolwazi ku-IaaS okusekelwe ku-AWS

Yebo, yebo, ngiyaqonda ukuthi i-Amazon ayisona isibonelo esihle kakhulu ngenxa yokuthi lena yinkonzo yaseMelika futhi ingavinjelwa njengengxenye yokulwa nokweqisa kanye nokusakazwa kolwazi olunqatshelwe eRussia. Kodwa kulokhu kushicilelwa ngithanda ukukhombisa ukuthi izinkundla zamafu ezihlukene zihluke kanjani emandleni azo okuqapha ukuphepha kolwazi nokuthi yini okufanele uyinake lapho udlulisela izinqubo zakho eziyinhloko emafini ngokubuka kwezokuphepha. Hhayi-ke, uma abanye abathuthukisi baseRussia bezixazululo zamafu befunda okuthile okuwusizo kubo, lokho kuzoba kuhle.

Cloud Security Monitoring

Into yokuqala okufanele uyisho ukuthi i-Amazon ayiyona inqaba engangeneki. Izigameko ezehlukene ziyenzeka njalo kumakhasimende akhe. Isibonelo, amagama, amakheli, izinsuku zokuzalwa, nezinombolo zocingo zabavoti abayizigidi ezingu-198 zebiwa ku-Deep Root Analytics. Inkampani yakwa-Israel i-Nice Systems yebe amarekhodi ayizigidi eziyi-14 ababhalisile be-Verizon. Kodwa-ke, amandla akhelwe ngaphakathi e-AWS akuvumela ukuthi uthole izigameko eziningi ezahlukene. Ngokwesibonelo:

  • umthelela kungqalasizinda (DDoS)
  • i-node compromise (umjovo womyalo)
  • ukungena ebucayini kwe-akhawunti nokufinyelela okungagunyaziwe
  • ukumisa okungalungile kanye nokuba sengozini
  • ukuxhumana okungavikelekile nama-API.

Lokhu kuhluka kungenxa yokuthi, njengoba sithole ngenhla, ikhasimende ngokwalo linesibopho sokuphepha kwedatha yekhasimende. Futhi uma engazange azihluphe ngokuvula izindlela zokuzivikela futhi engazange avule amathuluzi okuqapha, khona-ke uzofunda kuphela ngesigameko kwabezindaba noma kumakhasimende akhe.

Ukuhlonza izehlakalo, ungasebenzisa izinsiza eziningi ezahlukene zokuqapha ezakhiwe yi-Amazon (yize lezi zivame ukuhambisana namathuluzi angaphandle njenge-osquery). Ngakho, ku-AWS, zonke izenzo zabasebenzisi zigadwa, kungakhathaliseki ukuthi zenziwa kanjani - ngokusebenzisa ikhonsoli yokuphatha, umugqa womyalo, i-SDK noma ezinye izinsizakalo ze-AWS. Wonke amarekhodi omsebenzi we-akhawunti ye-AWS ngayinye (okuhlanganisa igama lomsebenzisi, isenzo, isevisi, imingcele yomsebenzi, nomphumela) nokusetshenziswa kwe-API kuyatholakala nge-AWS CloudTrail. Ungabuka le micimbi (efana nokungena kwekhonsoli ye-AWS IAM) kusukela kukhonsoli ye-CloudTrail, uyihlaziye usebenzisa i-Amazon Athena, noma "ukhiphe" ezixazululweni zangaphandle ezifana ne-Splunk, i-AlienVault, njll. Amalogi e-AWS CloudTrail ngokwawo abekwe ebhakedeni lakho le-AWS S3.

Cloud Security Monitoring

Ezinye izinsiza ezimbili ze-AWS zihlinzeka ngenani lamanye amakhono abalulekile wokuqapha. Okokuqala, i-Amazon CloudWatch iyisevisi yokuqapha yezinsiza ze-AWS nezinhlelo zokusebenza, phakathi kwezinye izinto, ezikuvumela ukuthi ubone okuhlukile okuhlukile efwini lakho. Zonke izinsiza ezakhelwe ngaphakathi ze-AWS, njenge-Amazon Elastic Compute Cloud (amaseva), i-Amazon Relational Database Service (izizindalwazi), i-Amazon Elastic MapReduce (ukuhlaziywa kwedatha), nezinye izinsiza ze-Amazon ezingama-30, zisebenzisa i-Amazon CloudWatch ukuze zigcine izingodo zazo. Onjiniyela bangasebenzisa i-API evulekile evela ku-Amazon CloudWatch ukuze bengeze umsebenzi wokuqapha ilogu ezinhlelweni zokusebenza namasevisi angokwezifiso, okubavumela ukuba banwebe ububanzi bokuhlaziya umcimbi ngaphakathi komongo wokuphepha.

Cloud Security Monitoring

Okwesibili, isevisi ye-VPC Flow Logs ikuvumela ukuthi uhlaziye ithrafikhi yenethiwekhi ethunyelwe noma etholwe amaseva akho e-AWS (ngaphandle noma ngaphakathi), kanye naphakathi kwama-microservices. Uma noma yiziphi izinsiza zakho ze-AWS VPC zisebenzisana nenethiwekhi, i-VPC Flow Logs irekhoda imininingwane mayelana nethrafikhi yenethiwekhi, okuhlanganisa umthombo nendawo yokuxhumana yenethiwekhi, kanye namakheli e-IP, izimbobo, iphrothokholi, inombolo yamabhayithi, nenombolo yamaphakethe owathandayo. wabona. Labo abanolwazi ngokuvikeleka kwenethiwekhi yendawo bazobona lokhu njengokufana nochungechunge I-NetFlow, okungadalwa amaswishi, amarutha kanye nezindonga zomlilo ezisezingeni lebhizinisi. Lawa malogi abalulekile ngezinjongo zokuqapha ukuphepha kolwazi ngoba, ngokungafani nezehlakalo ezimayelana nezenzo zabasebenzisi nezinhlelo zokusebenza, futhi akuvumela ukuthi ungaphuthelwa ukusebenzelana kwenethiwekhi endaweni yamafu ayimfihlo ebonakalayo ye-AWS.

Cloud Security Monitoring

Kafushane, lezi zinsizakalo ezintathu ze-AWS—i-AWS CloudTrail, i-Amazon CloudWatch, ne-VPC Flow Logs—ndawonye zinikeza ukuqonda okunamandla ngokusetshenziswa kwe-akhawunti yakho, ukuziphatha komsebenzisi, ukuphathwa kwengqalasizinda, umsebenzi wohlelo lokusebenza kanye nesevisi, kanye nomsebenzi wenethiwekhi. Isibonelo, angasetshenziswa ukuthola okudidayo okulandelayo:

  • Imizamo yokuskena isayithi, sesha izicabha ezingemuva, sesha ubungozi ngokuqhuma "kwamaphutha angu-404".
  • Ukuhlaselwa komjovo (isibonelo, umjovo we-SQL) ngokuqhuma “kwamaphutha angu-500”.
  • Amathuluzi okuhlasela aziwayo yi-sqlmap, i-nikto, i-w3af, i-nmap, njll. ngokuhlaziywa kwenkambu yomenzeli womsebenzisi.

I-Amazon Web Services iphinde yathuthukisa ezinye izinsiza ngezinjongo ze-cybersecurity ezikuvumela ukuthi uxazulule ezinye izinkinga eziningi. Isibonelo, i-AWS inesevisi eyakhelwe ngaphakathi yezinqubomgomo zokuhlola nokulungiselela - i-AWS Config. Le sevisi ihlinzeka ngokuhlolwa okuqhubekayo kwezisetshenziswa zakho ze-AWS nokulungiselelwa kwazo. Ake sithathe isibonelo esilula: Ake sithi ufuna ukwenza isiqiniseko sokuthi amagama ayimfihlo omsebenzisi avaliwe kuzo zonke iziphakeli zakho nokuthi ukufinyelela kungenzeka kuphela ngokusekelwe ezitifiketini. I-AWS Config yenza kube lula ukuhlola lokhu kuzo zonke iziphakeli zakho. Kunezinye izinqubomgomo ezingasetshenziswa kumaseva akho efu: “Ayikho iseva engasebenzisa imbobo engu-22”, “Abaphathi kuphela abangashintsha imithetho yohlelo lokuvikela” noma “Umsebenzisi u-Ivashko kuphela ongadala ama-akhawunti abasebenzisi amasha, futhi angakwenza NgoLwesibili kuphela. " Ehlobo lika-2016, isevisi ye-AWS Config yanwetshwa ukuze kwenziwe ngokuzenzakalelayo ukutholwa kokuphulwa kwezinqubomgomo ezithuthukisiwe. Imithetho ye-AWS Config empeleni iyizicelo zokucushwa eziqhubekayo zamasevisi e-Amazon owasebenzisayo, akhiqiza imicimbi uma izinqubomgomo ezihambisanayo zephulwa. Isibonelo, esikhundleni sokusebenzisa imibuzo ye-AWS Config ngezikhathi ezithile ukuze kuqinisekiswe ukuthi wonke amadiski akuseva ebonakalayo abethelwe, Imithetho Yokuhlela ye-AWS ingasetshenziswa ukuhlola ngokuqhubekayo amadiski eseva ukuze kuqinisekiswe ukuthi lesi simo siyahlangatshezwa. Futhi, okubaluleke kakhulu, kumongo walokhu kushicilelwa, noma yikuphi ukwephulwa komthetho kukhiqiza izehlakalo ezingahlaziywa yisevisi yakho yokuvikela ulwazi.

Cloud Security Monitoring

I-AWS futhi inokulingana kwayo nezixazululo zendabuko zokuphepha kolwazi lwenkampani, eziphinde zikhiqize izehlakalo zokuphepha ongakwazi futhi okufanele uzihlaziye:

  • Ukutholwa Kokungena - AWS GuardDuty
  • Ukulawula Ukuvuza Kolwazi - AWS Macie
  • I-EDR (yize ikhuluma ngamaphoyinti okugcina efwini ngendlela exakile) - I-AWS Cloudwatch + i-osquery yomthombo ovulekile noma izixazululo ze-GRR
  • Ukuhlaziywa kwe-Netflow - AWS Cloudwatch + AWS VPC Flow
  • Ukuhlaziywa kwe-DNS - AWS Cloudwatch + AWS Route53
  • AD - AWS Directory Service
  • Ukuphathwa kwe-akhawunti - AWS IAM
  • SSO - AWS SSO
  • ukuhlaziywa kokuphepha - Umhloli we-AWS
  • ukuphathwa kokucushwa - AWS Config
  • WAF - AWS WAF.

Ngeke ngichaze ngokuningiliziwe zonke izinsiza ze-Amazon ezingase zibe usizo kumongo wokuphepha kolwazi. Into eyinhloko ukuqonda ukuthi zonke zingakwazi ukukhiqiza izenzakalo esingakwazi futhi okufanele sizihlaziye kumongo wokuphepha kolwazi, sisebenzisa le njongo kokubili amakhono akhelwe ngaphakathi kwe-Amazon ngokwayo kanye nezixazululo zangaphandle, isibonelo, i-SIEM, engakwazi yisa imicimbi yezokuphepha esikhungweni sakho sokuqapha futhi uyihlaziye lapho kanye nemicimbi evela kwamanye amasevisi wamafu noma kusukela kungqalasizinda yangaphakathi, i-perimeter noma amadivayisi eselula.

Cloud Security Monitoring

Kunoma ikuphi, konke kuqala ngemithombo yedatha ekunikeza izehlakalo zokuphepha kolwazi. Le mithombo ihlanganisa, kodwa ayikhawulelwe ku:

  • CloudTrail - Ukusetshenziswa kwe-API kanye Nezenzo Zomsebenzisi
  • Umeluleki Othenjwayo - ukuhlola ukuphepha ngokumelene nemikhuba ehamba phambili
  • Config - i-inventory kanye nokucushwa kwama-akhawunti nezilungiselelo zesevisi
  • I-VPC Flow Logs - izixhumanisi ku-interfaces ebonakalayo
  • I-IAM - insiza yokuhlonza kanye nokuqinisekisa
  • I-ELB Access Logs - Layisha Isilinganisi
  • Umhloli - ubungozi bohlelo lokusebenza
  • I-S3 - isitoreji sefayela
  • CloudWatch - Umsebenzi Wohlelo
  • I-SNS iyisevisi yesaziso.

I-Amazon, ngenkathi ihlinzeka ngohlu olunjalo lwemithombo yomcimbi namathuluzi esizukulwane sayo, ilinganiselwe kakhulu ekhonweni layo lokuhlaziya idatha eqoqiwe kumongo wokuphepha kolwazi. Kuzodingeka ufunde ngokuzimela izingodo ezitholakalayo, ubheke izinkomba ezifanele zokuyekethisa kuzo. I-AWS Security Hub, esanda kwethulwa yi-Amazon, ihlose ukuxazulula le nkinga ngokuba yi-SIEM yefu ye-AWS. Kodwa kuze kube manje kusekuqaleni kohambo lwayo futhi kunqunyelwe kokubili ngenani lemithombo esebenza ngayo nangeminye imikhawulo esungulwe ukwakhiwa nokubhaliselwe kwe-Amazon ngokwayo.

Isibonelo: Ukuqapha ukuphepha kolwazi ku-IaaS okusekelwe ku-Azure

Angifuni ukungena engxoxweni ende mayelana nokuthi yibaphi abahlinzeki bamafu abathathu (i-Amazon, iMicrosoft noma i-Google) engcono (ikakhulukazi njengoba ngamunye wabo usenayo imininingwane yakhe ethile futhi efanelekile ukuxazulula izinkinga zakhe); Ake sigxile emandleni okuqapha ukuphepha kolwazi ahlinzekwa yilaba badlali. Kumele kuvunywe ukuthi i-Amazon AWS ibingeyokuqala kulesi sigaba ngakho-ke isithuthuke kakhulu ngokwemisebenzi yayo yokuphepha kolwazi (yize abaningi bevuma ukuthi kunzima ukuyisebenzisa). Kodwa lokhu akusho ukuthi sizowashaya indiva amathuba iMicrosoft ne-Google abasinikeza yona.

Imikhiqizo ye-Microsoft ibilokhu ihlukaniswa “ngokuvuleka” kwayo futhi e-Azure isimo siyefana. Isibonelo, uma i-AWS ne-GCP zihlala ziphuma emcabangweni othi “okungavunyelwe kunqatshelwe,” khona-ke i-Azure inendlela ephambene nse. Isibonelo, lapho udala inethiwekhi ebonakalayo efwini kanye nomshini obonakalayo kuwo, zonke izimbobo namaphrothokholi avuliwe futhi avunyelwe ngokuzenzakalelayo. Ngakho-ke, kuzodingeka uchithe umzamo owengeziwe ekusetheni kokuqala kwesistimu yokulawula ukufinyelela efwini kusuka kuMicrosoft. Futhi lokhu kuphinde kubeke izidingo eziqinile kuwe mayelana nomsebenzi wokuqapha efwini le-Azure.

Cloud Security Monitoring

I-AWS inesici esiyingqayizivele esihlotshaniswa neqiniso lokuthi uma uqapha izinsiza zakho ezibonakalayo, uma zitholakala ezifundeni ezihlukene, khona-ke uba nobunzima ekuhlanganiseni yonke imicimbi nokuhlaziywa kwayo okuhlangene, ukuqeda okudingeka usebenzise amaqhinga ahlukahlukene, njengokuthi Dala eyakho ikhodi ye-AWS Lambda ezothutha imicimbi phakathi kwezifunda. I-Azure ayinayo le nkinga - indlela yayo Yerekhodi Lomsebenzi ilandelela wonke umsebenzi kuyo yonke inhlangano ngaphandle kwemikhawulo. Okufanayo kusebenza ku-AWS Security Hub, esanda kwakhiwa yi-Amazon ukuze ihlanganise imisebenzi eminingi yezokuphepha ngaphakathi kwesikhungo esisodwa sokuphepha, kodwa kuphela ngaphakathi kwesifunda sayo, okuyinto, nokho, engafaneleki eRussia. I-Azure ineSikhungo sayo Sokuphepha, esingaboshiwe yimikhawulo yesifunda, enikeza ukufinyelela kuzo zonke izici zokuphepha zesikhulumi samafu. Ngaphezu kwalokho, emaqenjini endawo ahlukene inganikeza isethi yayo yamakhono okuvikela, okuhlanganisa imicimbi yezokuphepha ephethwe yiwo. I-AWS Security Hub isasendleleni yokuthi ifane ne-Azure Security Center. Kepha kufanelekile ukungeza impukane emafutheni - ungakhipha ku-Azure okuningi kwalokho obekuchazwe ngaphambilini ku-AWS, kepha lokhu kwenzelwa kalula i-Azure AD, i-Azure Monitor ne-Azure Security Center. Zonke ezinye izindlela zokuphepha ze-Azure, okuhlanganisa nokuhlaziywa komcimbi wezokuphepha, azikakaphathwa ngendlela elula kakhulu. Inkinga ingxenye ixazululwa yi-API, engena kuzo zonke izinsiza ze-Microsoft Azure, kodwa lokhu kuzodinga umzamo owengeziwe ovela kuwe ukuze uhlanganise ifu lakho ne-SOC yakho kanye nokuba khona kochwepheshe abaqeqeshiwe (empeleni, njengakunoma iyiphi enye i-SIEM esebenza namafu. Ama-API). Amanye ama-SIEM, okuzoxoxwa ngawo kamuva, asevele asekela i-Azure futhi angakwazi ukuwenza ngokuzenzakalelayo umsebenzi wokuyiqapha, kodwa futhi inobunzima bayo - akuwona wonke ongaqoqa wonke amalogi i-Azure enawo.

Cloud Security Monitoring

Ukuqoqwa nokuqapha komcimbi e-Azure kunikezwa kusetshenziswa isevisi ye-Azure Monitor, okuyithuluzi eliyinhloko lokuqoqa, ukugcina nokuhlaziya idatha efwini le-Microsoft nezinsiza zayo - amakhosombe e-Git, iziqukathi, imishini ebonakalayo, izinhlelo zokusebenza, njll. Yonke idatha eqoqwe yi-Azure Monitor ihlukaniswe yaba izigaba ezimbili - amamethrikhi, aqoqwe ngesikhathi sangempela futhi achaza izinkomba zokusebenza ezibalulekile zefu le-Azure, namalogi, aqukethe idatha ehlelwe yaba amarekhodi ebonisa izici ezithile zomsebenzi wezinsiza nezinsizakalo ze-Azure. Ngaphezu kwalokho, kusetshenziswa i-Data Collector API, isevisi ye-Azure Monitor ingaqoqa idatha kusuka kunoma yimuphi umthombo we-REST ukuze yakhe izimo zayo zokuqapha.

Cloud Security Monitoring

Nansi imithombo embalwa yemicimbi yezokuphepha i-Azure ekunikeza yona futhi ongayifinyelela nge-Azure Portal, CLI, PowerShell, noma i-REST API (futhi eminye nge-Azure Monitor/Insight API):

  • Amalogi Omsebenzi - lolu logu luphendula imibuzo yakudala ethi “ngubani,” “ini,” kanye nokuthi “nini” ngokuphathelene nanoma yimuphi umsebenzi wokubhala (PUT, POST, DELETE) kuzisetshenziswa zamafu. Imicimbi ehlobene nokufinyelela kokufunda (GET) ayifakiwe kulolu logi, njengenombolo yezinye.
  • Amalogi Okuxilonga - aqukethe idatha yokusebenza ngesisetshenziswa esithile esifakwe ekubhaliseni kwakho.
  • Ukubika kwe-Azure AD - kuqukethe kokubili umsebenzi womsebenzisi nomsebenzi wesistimu ohlobene neqembu nokuphathwa komsebenzisi.
  • I-Windows Event Log kanye ne-Linux Syslog - iqukethe imicimbi evela emishinini ebonakalayo ebanjwe emafini.
  • Amamethrikhi - aqukethe i-telemetry mayelana nokusebenza nesimo sezempilo samasevisi akho efu nezisetshenziswa. Kukalwa njalo ngomzuzu futhi kugcinwe. zingakapheli izinsuku ezingama-30.
  • I-Network Security Group Flow Logs - iqukethe idatha yemicimbi yokuphepha yenethiwekhi eqoqwe kusetshenziswa isevisi ye-Network Watcher kanye nokuqapha insiza ezingeni lenethiwekhi.
  • Izingodo Zokugcina - iqukethe imicimbi ehlobene nokufinyelela ezindaweni zokugcina.

Cloud Security Monitoring

Ukuqapha, ungasebenzisa ama-SIEM angaphandle noma i-Azure Monitor eyakhelwe ngaphakathi kanye nezandiso zayo. Sizokhuluma ngezinhlelo zokuphatha imicimbi yokuphepha kolwazi ngokuhamba kwesikhathi, kodwa okwamanje ake sibone ukuthi i-Azure ngokwayo isinikeza ini ukuze sihlaziye idatha kumongo wokuphepha. Isikrini esikhulu sayo yonke into ehlobene nokuphepha ku-Azure Monitor I-Log Analytics Security kanye Nedeshibhodi Yokuhlola (inguqulo yamahhala isekela inani elilinganiselwe lesitoreji somcimbi isonto elilodwa nje). Le deshibhodi ihlukaniswe ngezindawo ezingu-5 eziyinhloko ezibona ngeso lengqondo izibalo ezifinyeziwe zalokho okwenzekayo endaweni yamafu oyisebenzisayo:

  • Izizinda Zokuvikela - izinkomba zobuningi eziyinhloko ezihlobene nokuvikeleka kolwazi - inani lezehlakalo, inani lama-node onakalisiwe, ama-node angakhishiwe, imicimbi yezokuphepha yenethiwekhi, njll.
  • Izinkinga Eziphawulekayo - ibonisa inombolo nokubaluleka kwezindaba ezisebenzayo zokuphepha kolwazi
  • Ukutholwa - kubonisa amaphethini okuhlasela asetshenziswa ngokumelene nawe
  • I-Threat Intelligence - ibonisa ulwazi lwendawo kumanodi angaphandle akuhlaselayo
  • Imibuzo evamile yokuvikela - imibuzo ejwayelekile ezokusiza ukuthi ugade kangcono ukuphepha kolwazi lwakho.

Cloud Security Monitoring

Izandiso ze-Azure Monitor zifaka i-Azure Key Vault (ukuvikelwa kokhiye be-cryptographic efwini), Ukuhlola I-Malware (ukuhlaziywa kokuvikela ngokumelene nekhodi enonya emishinini ebonakalayo), i-Azure Application Gateway Analytics (ukuhlaziywa, phakathi kwezinye izinto, izingodo zomlilo wamafu), njll. . Lawa mathuluzi, ahlanganiswe nemithetho ethile yokucubungula imicimbi, akuvumela ukuthi ubone ngeso lengqondo izici ezihlukahlukene zomsebenzi wamasevisi wamafu, okuhlanganisa ukuphepha, nokukhomba ukuchezuka okuthile ekusebenzeni. Kodwa, njengoba kuvame ukwenzeka, noma yikuphi ukusebenza okwengeziwe kudinga ukubhalisa okukhokhelwayo okuhambisanayo, okuzodinga ukutshalwa kwezimali okuhambisanayo okuvela kuwe, okudingeka ukuhlele kusengaphambili.

Cloud Security Monitoring

I-Azure inamakhono amaningi akhelwe ngaphakathi okuqapha izinsongo ahlanganiswe ku-Azure AD, Azure Monitor, kanye ne-Azure Security Center. Phakathi kwazo, isibonelo, ukutholwa kokusebenzelana kwemishini ebonakalayo enama-IP ayingozi aziwayo (ngenxa yokuba khona kokuhlanganiswa nezinsizakalo ze-Threat Intelligence ezivela ku-Microsoft), ukutholwa kwe-malware kwingqalasizinda yefu ngokuthola ama-alamu avela emishinini ebonakalayo ebanjwe efwini, iphasiwedi. ukuhlaselwa kokuqagela ” emishinini ebonakalayo, ubungozi ekucushweni kohlelo lokuhlonza umsebenzisi, ukungena ohlelweni kusuka kubantu abangaziwa noma izindawo ezinegciwane, ukuvuza kwe-akhawunti, ukungena kusistimu kusuka ezindaweni ezingajwayelekile, njll. I-Azure namuhla ingomunye wabahlinzeki abambalwa bamafu abakunikeza amakhono akhelwe ngaphakathi e-Treat Intelligence ukuze ucebise imicimbi yokuphepha yolwazi eqoqiwe.

Cloud Security Monitoring

Njengoba kushiwo ngenhla, ukusebenza kwezokuphepha kanye, ngenxa yalokho, izehlakalo zokuphepha ezikhiqizwe yikho azitholakali kubo bonke abasebenzisi ngokulinganayo, kodwa zidinga ukubhalisa okuthile okuhlanganisa ukusebenza okudingayo, okukhiqiza izehlakalo ezifanele zokuqapha ukuphepha kolwazi. Isibonelo, eminye yemisebenzi echazwe endimeni edlule yokuqapha okudidayo kuma-akhawunti itholakala kuphela kulayisensi yeprimiyamu ye-P2 yesevisi ye-Azure AD. Ngaphandle kwayo, wena, njengasendabeni ye-AWS, kuzodingeka uhlaziye izehlakalo zokuphepha eziqoqiwe “ngesandla”. Futhi, futhi, kuya ngohlobo lwelayisensi ye-Azure AD, akuyona yonke imicimbi ezotholakala ukuze ihlaziywe.

Kungosi ye-Azure, ungaphatha yomibili imibuzo yosesho yamalogu owathakaselayo futhi usethe amadeshibhodi ukuze ubone ngeso lengqondo izinkomba zokuphepha zolwazi. Ngaphezu kwalokho, lapho ungakhetha izandiso ze-Azure Monitor, ezikuvumela ukuthi unwebe ukusebenza kwamalogi we-Azure Monitor futhi uthole ukuhlaziya okujulile kwemicimbi ngokubuka kwezokuphepha.

Cloud Security Monitoring

Uma ungadingi kuphela ikhono lokusebenza nezingodo, kodwa isikhungo sokuphepha esiphelele sepulatifomu yakho yefu ye-Azure, okuhlanganisa nokuphathwa kwenqubomgomo yokuphepha kolwazi, ungakhuluma ngesidingo sokusebenzisana ne-Azure Security Center, iningi lemisebenzi ewusizo lapho ziyatholakala ngemali ethile, isibonelo, ukutholwa kwezinsongo, ukuqapha ngaphandle kwe-Azure, ukuhlola ukuthobela imithetho, njll. (enguqulweni yamahhala, unokufinyelela kuphela ekuhlolweni kokuphepha nezincomo zokususa izinkinga ezikhonjiwe). Ihlanganisa zonke izindaba zokuphepha endaweni eyodwa. Eqinisweni, singakhuluma ngezinga eliphakeme lokuphepha kolwazi kune-Azure Monitor ekunikeza, njengoba kulokhu idatha eqoqwe kuyo yonke imboni yakho yamafu inothiswa kusetshenziswa imithombo eminingi, njenge-Azure, Office 365, Microsoft CRM online, Microsoft Dynamics AX. , i-outlook .com, i-MSN.com, i-Microsoft Digital Crimes Unit (DCU) kanye ne-Microsoft Security Response Centre (MSRC), lapho kubekwe khona ama-algorithms wokufunda ngomshini oyinkimbinkimbi nokuhlaziya ukuziphatha, okufanele ekugcineni athuthukise ukusebenza kahle kokuthola nokusabela ezinsongweni. .

I-Azure nayo ine-SIEM yayo - ivele ekuqaleni kuka-2019. Lena i-Azure Sentinel, ethembele kudatha evela ku-Azure Monitor futhi engahlanganisa nayo. izixazululo zokuphepha zangaphandle (isibonelo, i-NGFW noma i-WAF), uhlu lwazo olukhula njalo. Ngaphezu kwalokho, ngokuhlanganiswa kwe-Microsoft Graph Security API, unamandla okuxhuma okuphakelayo kwakho kwe-Threat Intelligence ku-Sentinel, ethuthukisa amakhono okuhlaziya izehlakalo efwini lakho le-Azure. Kungaphikiswana ngokuthi i-Azure Sentinel iyi-SIEM “yomdabu” yokuqala evela kubahlinzeki bamafu (i-Splunk efanayo noma i-ELK, engasingathwa emafini, ngokwesibonelo, i-AWS, ayikathuthukiswa abahlinzeki benkonzo yamafu bendabuko). I-Azure Sentinel kanye ne-Security Center ingabizwa nge-SOC yefu le-Azure futhi ingakhawulelwa kubo (ngokubhuka okuthile) uma ungasenayo ingqalasizinda futhi udlulisele zonke izinsiza zakho zekhompuyutha efwini futhi kungaba ifu leMicrosoft Azure.

Cloud Security Monitoring

Kodwa njengoba amakhono akhelwe ngaphakathi e-Azure (ngisho noma ubhalisele i-Sentinel) ngokuvamile awanele ngezinjongo zokuqapha ukuphepha kolwazi nokuhlanganisa le nqubo neminye imithombo yemicimbi yezokuphepha (kokubili ifu nengaphakathi), kukhona isidingo sokuthekelisa idatha eqoqiwe kumasistimu angaphandle, okungase kuhlanganise i-SIEM. Lokhu kwenziwa kokubili kusetshenziswa i-API nokusebenzisa izandiso ezikhethekile, okwamanje ezitholakala ngokusemthethweni kuphela kuma-SIEM alandelayo - Splunk (Azure Monitor Add-On for Splunk), IBM QRadar (Microsoft Azure DSM), SumoLogic, ArcSight kanye ne-ELK. Kuze kube muva nje, bekunama-SIEM amaningi anjalo, kepha kusukela ngoJuni 1, 2019, iMicrosoft yayeka ukusekela Ithuluzi Lokuhlanganisa Lokuhlanganisa I-Azure (AzLog), okwathi ekuqaleni kokuba khona kwe-Azure futhi kungekho kumiswa okujwayelekile kokusebenza nezingodo (Azure). I-Monitor ibingakakabi khona) ikwenze kwaba lula ukuhlanganisa i-SIEM yangaphandle nefu le-Microsoft. Manje isimo sesishintshile futhi iMicrosoft incoma inkundla ye-Azure Event Hub njengethuluzi eliyinhloko lokuhlanganisa lamanye ama-SIEM. Abaningi sebevele basebenzise ukuhlanganiswa okunjalo, kodwa qaphela - kungenzeka bangathathi wonke amalogi e-Azure, kodwa amanye kuphela (bheka imibhalo ye-SIEM yakho).

Sengiphetha uhambo olufushane oluya e-Azure, ngithanda ukunikeza izincomo ezijwayelekile mayelana nale sevisi yefu - ngaphambi kokuthi usho okuthile mayelana nemisebenzi yokuqapha ukuphepha kolwazi e-Azure, kufanele uyilungiselele ngokucophelela futhi uhlole ukuthi isebenza njengoba ibhaliwe emibhalweni futhi. njengoba ochwepheshe bakutshele i-Microsoft (futhi bangase babe nemibono ehlukene ngokusebenza kwemisebenzi ye-Azure). Uma unezinsiza zezezimali, ungakhipha imininingwane eminingi ewusizo evela kwa-Azure ngokuya ngokuqapha kokuphepha kolwazi. Uma izinsiza zakho zilinganiselwe, ngakho-ke, njengasendabeni ye-AWS, kuzodingeka uthembele kuphela emandleni akho kanye nedatha eluhlaza i-Azure Monitor ekunikeza yona. Futhi khumbula ukuthi imisebenzi eminingi yokuqapha ibiza imali futhi kungcono ukujwayela inqubomgomo yamanani kusenesikhathi. Isibonelo, mahhala ungagcina izinsuku ezingama-31 zedatha kuze kufike ku-5 GB kukhasimende ngalinye - ukweqa la manani kuzodinga ukuthi ukhokhe imali eyengeziwe (cishe u-$2+ ngokugcina i-GB ngayinye eyengeziwe kukhasimende kanye no-$0,1 ukugcina u-1 GB inyanga ngayinye eyengeziwe). Ukusebenza nge-telemetry yohlelo lokusebenza kanye namamethrikhi kungase kudinge izimali ezengeziwe, kanye nokusebenza ngezexwayiso nezaziso (umkhawulo othile utholakala mahhala, ongase unganele izidingo zakho).

Isibonelo: Ukugadwa kokuphepha kolwazi ku-IaaS okusekelwe ku-Google Cloud Platform

I-Google Cloud Platform ibukeka njengentsha uma iqhathaniswa ne-AWS ne-Azure, kodwa lokhu kuhle ngokwengxenye. Ngokungafani ne-AWS, eyandisa amandla ayo, kuhlanganise nokuphepha, kancane kancane, ibe nezinkinga nge-centralization; I-GCP, njenge-Azure, iphathwa kangcono endaweni ephakathi, enciphisa amaphutha nesikhathi sokuqalisa ibhizinisi lonke. Ngokombono wezokuphepha, i-GCP, ngokuxakile, iphakathi kwe-AWS ne-Azure. Uphinde abe nokubhaliswa komcimbi owodwa kuyo yonke inhlangano, kodwa akuphelele. Eminye imisebenzi isekumodi ye-beta, kodwa kancane kancane lokhu kuntuleka kufanele kuqedwe futhi i-GCP izoba inkundla evuthiwe ngokwemibandela yokuqapha ukuphepha kolwazi.

Cloud Security Monitoring

Ithuluzi eliyinhloko lokungena kwemicimbi ku-GCP Ukuloga Kwe-Stackdriver (okufana ne-Azure Monitor), okukuvumela ukuthi uqoqe imicimbi kuyo yonke ingqalasizinda yakho yefu (kanye naku-AWS). Ngokombono wezokuphepha ku-GCP, inhlangano ngayinye, iphrojekthi noma ifolda inamalogu amane:

  • Umsebenzi wokuphatha - uqukethe yonke imicimbi ehlobene nokufinyelela kokuphatha, isibonelo, ukudala umshini obonakalayo, ukushintsha amalungelo okufinyelela, njll. Leli logi lihlala libhaliwe, kungakhathaliseki ukuthi ufisa kangakanani, futhi ligcina idatha yalo izinsuku ezingu-400.
  • Ukufinyelela Idatha - kuqukethe yonke imicimbi ehlobene nokusebenza ngedatha ngabasebenzisi bamafu (ukudala, ukuguqulwa, ukufunda, njll.). Ngokuzenzakalelayo, le log ayibhalwanga, njengoba umthamo wayo ukhula ngokushesha okukhulu. Ngalesi sizathu, impilo yeshalofu yayo yizinsuku ezingama-30 kuphela. Ngaphezu kwalokho, akuzona zonke izinto ezilotshwe kulo magazini. Isibonelo, izehlakalo ezihlobene nezinsiza ezifinyeleleka esidlangalaleni kubo bonke abasebenzisi noma ezifinyeleleka ngaphandle kokungena ku-GCP azibhalwanga kuyo.
  • Umcimbi Wesistimu - uqukethe imicimbi yesistimu engahlobene nabasebenzisi, noma izenzo zomlawuli oshintsha ukucushwa kwezinsiza zamafu. Ihlala ibhaliwe futhi igcinwe izinsuku ezingama-400.
  • Ukufinyelela Ngale kuyisibonelo esiyingqayizivele selogi elithwebula zonke izenzo zabasebenzi bakwa-Google (kodwa hhayi kuzo zonke izinsiza ze-GCP) abafinyelela ingqalasizinda yakho njengengxenye yemisebenzi yabo. Lolu logi lugcinwa izinsuku ezingu-400 futhi alutholakali kuwo wonke amaklayenti e-GCP, kodwa kuphela uma inani lemibandela lifinyelelwa (kungaba ukwesekwa kwezinga Legolide noma LePlatinum, noma ukuba khona kwezindima ezi-4 zohlobo oluthile njengengxenye yokusekelwa kwenkampani). Umsebenzi ofanayo uyatholakala futhi, isibonelo, ku-Office 365 - Lockbox.

Isibonelo selogi: Finyelela Ukubonisa ngale

{
 insertId:  "abcdefg12345"
 jsonPayload: {
  @type:  "type.googleapis.com/google.cloud.audit.TransparencyLog"
  location: {
   principalOfficeCountry:  "US"
   principalEmployingEntity:  "Google LLC"
   principalPhysicalLocationCountry:  "CA"
  }
  product: [
   0:  "Cloud Storage"
  ]
  reason: [
    detail:  "Case number: bar123"
    type:  "CUSTOMER_INITIATED_SUPPORT"
  ]
  accesses: [
   0: {
    methodName: "GoogleInternal.Read"
    resourceName: "//googleapis.com/storage/buckets/[BUCKET_NAME]/objects/foo123"
    }
  ]
 }
 logName:  "projects/[PROJECT_NAME]/logs/cloudaudit.googleapis.com%2Faccess_transparency"
 operation: {
  id:  "12345xyz"
 }
 receiveTimestamp:  "2017-12-18T16:06:37.400577736Z"
 resource: {
  labels: {
   project_id:  "1234567890"
  }
  type:  "project"
 }
 severity:  "NOTICE"
 timestamp:  "2017-12-18T16:06:24.660001Z"
}

Ukufinyelela kulawa malogi kungenzeka ngezindlela eziningi (ngendlela efanayo naleyo okwaxoxwa ngayo ngaphambili nge-Azure ne-AWS) - ngokusebenzisa i-Log Viewer interface, nge-API, nge-Google Cloud SDK, noma ngekhasi Lomsebenzi lephrojekthi yakho oyisebenzelayo. banentshisekelo emicimbini. Ngendlela efanayo, zingathunyelwa ezixazululweni zangaphandle ukuze kuhlaziywe okwengeziwe. Lokhu kwakamuva kwenziwa ngokuthekelisa amalogi ku-BigQuery noma isitoreji se-Cloud Pub/Sub.

Ngaphezu kokungena kwe-Stackdriver Logging, inkundla ye-GCP iphinde inikeze ukusebenza Kokuqapha kwe-Stackdriver, okukuvumela ukuthi uqaphe amamethrikhi abalulekile (ukusebenza, i-MTBF, impilo yonke, njll.) yezinsizakalo zamafu nezinhlelo zokusebenza. Idatha ecutshunguliwe neyaboniswa ngeso lengqondo ingenza kube lula ukuthola izinkinga kungqalasizinda yakho yamafu, okufaka phakathi komongo wokuphepha. Kodwa kufanele kuqashelwe ukuthi lokhu kusebenza ngeke kucebe kakhulu kumongo wokuphepha kolwazi, njengoba namuhla i-GCP ingenayo i-analogue ye-AWS GuardDuty efanayo futhi ayikwazi ukukhomba ezimbi phakathi kwayo yonke imicimbi ebhalisiwe (i-Google ithuthukise Ukutholwa Kwengozi Yomcimbi, kodwa isathuthukiswa ku-beta futhi kusesekuseni kakhulu ukuthi singakhuluma ngokusebenziseka kwayo). I-Stackdriver Monitoring ingasetshenziswa njengohlelo lokuthola okudidayo, okungabe sekuphenywa ukuze kutholwe izimbangela zokuvela kwazo. Kodwa uma kubhekwa ukuntuleka kwabasebenzi abaqeqeshiwe emkhakheni wokuphepha kolwazi lwe-GCP emakethe, lo msebenzi njengamanje ubukeka unzima.

Cloud Security Monitoring

Kuyafaneleka futhi ukunikeza uhlu lwamamojula athile okuphepha olwazi angasetshenziswa ngaphakathi kwefu lakho le-GCP, futhi afana nalokho okunikezwa yi-AWS:

  • I-Cloud Security Command Center iyi-analogue ye-AWS Security Hub kanye ne-Azure Security Center.
  • I-Cloud DLP - Ukutholwa okuzenzakalelayo nokuhlela (isb. ukuvala umlomo) kwedatha esingethwe emafini kusetshenziswa izinqubomgomo zokuhlukanisa ezichazwe ngaphambilini ezingaphezu kwezingu-90.
  • I-Cloud Scanner iyiskena sobungozi obaziwayo (i-XSS, i-Flash Injection, imitapo yolwazi engashicilelwe, njll.) ku-App Engine, Compute Engine kanye ne-Google Kubernetes.
  • I-Cloud IAM - Lawula ukufinyelela kuzo zonke izinsiza ze-GCP.
  • I-Cloud Identity - Phatha umsebenzisi we-GCP, idivayisi nama-akhawunti ohlelo lokusebenza kusuka kukhonsoli eyodwa.
  • Cloud HSM - ukuvikelwa kokhiye be-cryptographic.
  • Isevisi Yokuphatha Ukhiye Wamafu - ukuphathwa kokhiye be-cryptographic ku-GCP.
  • Ukulawulwa Kwesevisi ye-VPC - Dala i-perimeter evikelekile ezungeze izinsiza zakho ze-GCP ukuze uzivikele ekuvuzeni.
  • Ukhiye Wokuvikela we-Titan - isivikelo ebugebengwini bokweba imininingwane ebucayi.

Cloud Security Monitoring

Amamojula amaningi alawa mamojuli akhiqiza izehlakalo zokuphepha ezingathunyelwa kusitoreji se-BigQuery ukuze zihlaziywe noma zithekeliswe kwamanye amasistimu, okuhlanganisa ne-SIEM. Njengoba kushiwo ngenhla, i-GCP iyinkundla ethuthukayo futhi i-Google manje ithuthukisa inani lamamojula okuphepha olwazi engxenyekazi yayo. Phakathi kwazo kukhona Ukutholwa Kwengozi Yomcimbi (manje etholakala ku-beta), eskena amalogi e-Stackdriver ifuna imikhondo yomsebenzi ongagunyaziwe (okufana ne-GuardDuty ku-AWS), noma i-Policy Intelligence (etholakala ku-alpha), ezokuvumela ukuthi uthuthukise izinqubomgomo ezihlakaniphile ze ukufinyelela kuzinsiza ze-GCP.

Ngenze isifinyezo esifushane samakhono okuqapha akhelwe ngaphakathi kumapulatifomu amafu adumile. Kodwa ingabe unabo ochwepheshe abakwazi ukusebenza ngamalogi “aluhlaza” abahlinzeki be-IaaS (akuwona wonke umuntu olungele ukuthenga amakhono athuthukile we-AWS noma i-Azure noma i-Google)? Ngaphezu kwalokho, abaningi bajwayelene nesisho esithi “themba, kodwa qinisekisa,” esiyiqiniso kunanini ngaphambili emkhakheni wezokuphepha. Uwathemba kangakanani amandla akhelwe ngaphakathi omhlinzeki wamafu akuthumela imicimbi yokuvikela ulwazi? Bagxila kangakanani ekuvikelekeni kolwazi nhlobo?

Kwesinye isikhathi kuyafaneleka ukubheka izixazululo zokuqapha ingqalasizinda yamafu embondelene ezingahambisana nokuphepha kwamafu okwakhelwe ngaphakathi, futhi kwesinye isikhathi izixazululo ezinjena ukuphela kwendlela yokuthola ukuqonda mayelana nokuphepha kwedatha yakho nezinhlelo zokusebenza ezisingathwa emafini. Ngaphezu kwalokho, zilula kakhulu, ngoba zithatha yonke imisebenzi yokuhlaziya izingodo ezidingekayo ezikhiqizwe izinsizakalo zamafu ezahlukahlukene ezivela kubahlinzeki befu abahlukene. Isibonelo sesixazululo esinjalo sokumbondelana yi-Cisco Stealthwatch Cloud, egxile emsebenzini owodwa - ukuqapha okungaqondakali kokuphepha kolwazi ezindaweni zamafu, okuhlanganisa hhayi kuphela i-Amazon AWS, iMicrosoft Azure ne-Google Cloud Platform, kodwa namafu ayimfihlo.

Isibonelo: Ukuqapha Ukuphepha Kolwazi kusetshenziswa i-Stealthwatch Cloud

I-AWS inikeza inkundla yekhompyutha evumelana nezimo, kodwa lokhu kuvumelana nezimo kwenza kube lula ngezinkampani ukwenza amaphutha aholela ezinkingeni zokuphepha. Futhi imodeli yokuphepha yolwazi olwabiwe inikela kuphela kulokhu. Isofthiwe esebenzayo emafini enobungozi obungaziwa (abaziwayo bangalwiwa, isibonelo, ngo-AWS Inspector noma i-GCP Cloud Scanner), amaphasiwedi abuthakathaka, ukulungiselelwa okungalungile, abangaphakathi, njll. Futhi konke lokhu kubonakala ekuziphatheni kwezinsiza zamafu, ezingagadwa yi-Cisco Stealthwatch Cloud, okuwuhlelo lokuqapha ukuphepha kolwazi kanye nohlelo lokuthola ukuhlasela. amafu omphakathi nangasese.

Cloud Security Monitoring

Esinye sezici ezibalulekile ze-Cisco Stealthwatch Cloud yikhono lokumodela amabhizinisi. Ngayo, ungakha imodeli yesofthiwe (okungukuthi, ukulingisa okuseduze kwesikhathi sangempela) sezinsiza zakho zefu ngayinye (akunandaba ukuthi i-AWS, i-Azure, i-GCP, noma enye into). Lokhu kungafaka amaseva nabasebenzisi, kanye nezinhlobo zezinsiza eziqondene nendawo yakho yamafu, njengamaqembu okuvikela namaqembu esikali esizenzakalelayo. Lawa mamodeli asebenzisa ukusakazwa kwedatha okuhlelekile okunikezwa ngamasevisi wamafu njengokufaka. Isibonelo, kuma-AWS lawa kungaba ama-VPC Flow Logs, AWS CloudTrail, AWS CloudWatch, AWS Config, AWS Inspector, AWS Lambda, kanye ne-AWS IAM. Ukumodela kwebhizinisi kuthola ngokuzenzakalelayo indima nokuziphatha kwanoma yiziphi izinsiza zakho (ungakhuluma mayelana nokwenza iphrofayela yonke imisebenzi yamafu). Lezi zindima zihlanganisa idivayisi yeselula ye-Android noma ye-Apple, iseva ye-Citrix PVS, iseva ye-RDP, isango lemeyili, iklayenti le-VoIP, iseva yetheminali, isilawuli sesizinda, njll. Ibese iqapha ngokuqhubekayo ukuziphatha kwabo ukuze inqume lapho ukuziphatha okuyingozi noma okusongela ukuphepha kwenzeka. Ungakwazi ukubona ukuqagela iphasiwedi, ukuhlaselwa kwe-DDoS, ukuvuza kwedatha, ukufinyelela kude okungekho emthethweni, umsebenzi wekhodi enonya, ukuskena kokuba sengozini nezinye izinsongo. Isibonelo, yilokhu ukuthola umzamo wokufinyelela kude osuka ezweni elingajwayelekile lenhlangano yakho (eNingizimu Korea) ukuya kuqoqo le-Kubernetes nge-SSH kubukeka kanje:

Cloud Security Monitoring

Futhi lokhu kubukeka kunjani ukuputshuka kolwazi okuvela kusizindalwazi se-Postgress kuya ezweni esingakaze sihlangane nalo ngaphambilini:

Cloud Security Monitoring

Ekugcineni, nansi imizamo eminingi ye-SSH ehlulekile evela e-China nase-Indonesia evela kudivayisi ekude yangaphandle ebukeka kanje:

Cloud Security Monitoring

Noma, ake sithi isibonelo seseva ku-VPC, ngenqubomgomo, akufanele neze sibe indawo yokungena ngemvume esikude. Masiphinde sicabange ukuthi le khompyutha ihlangabezane nelogon ekude ngenxa yoshintsho oluyiphutha kunqubomgomo yemithetho yohlelo lokuvikela. Isici se-Entity Modeling sizothola futhi sibike lo msebenzi (“Ukufinyelela Okukude Okungajwayelekile”) eduze nesikhathi sangempela futhi sikhomba ku-AWS CloudTrail, i-Azure Monitor, noma ikholi ye-GCP Stackdriver Logging API (okuhlanganisa igama lomsebenzisi, idethi nesikhathi, phakathi kweminye imininingwane. ) okubangele ushintsho kumthetho we-ITU. Bese-ke lolu lwazi lungathunyelwa ku-SIEM ukuze luhlaziywe.

Cloud Security Monitoring

Amakhono afanayo asetshenziswa kunoma iyiphi indawo yamafu esekelwa i-Cisco Stealthwatch Cloud:

Cloud Security Monitoring

Ukumodela kwebhizinisi kuwuhlobo oluhlukile lokuzenzakalela kwezokuphepha olungadalula inkinga ebingaziwa ngaphambilini ngabantu bakho, izinqubo noma ubuchwepheshe. Isibonelo, ikuvumela ukuthi uthole, phakathi kwezinye izinto, izinkinga zokuphepha ezifana:

  • Ingabe othile uthole i-backdoor kusofthiwe esiyisebenzisayo?
  • Ingabe ikhona isofthiwe yomuntu wesithathu noma idivayisi efwini lethu?
  • Ingabe umsebenzisi ogunyaziwe usebenzisa kabi amalungelo?
  • Ingabe kube nephutha lokumisa elivumele ukufinyelela kude noma okunye ukusetshenziswa okungahlosiwe kwezisetshenziswa?
  • Ingabe kukhona ukuvuza kwedatha kumaseva ethu?
  • Ingabe othile ubezama ukuxhumana nathi endaweni engavamile?
  • Ingabe ifu lethu linekhodi enonya?

Cloud Security Monitoring

Umcimbi wokuvikela ulwazi otholiwe ungathunyelwa ngendlela yethikithi elihambisanayo ku-Slack, Cisco Spark, ohlelweni lokulawula izigameko ze-PagerDuty, futhi lithunyelwe kuma-SIEM ahlukahlukene, okuhlanganisa i-Slack noma i-ELK. Ukufingqa, singasho ukuthi uma inkampani yakho isebenzisa isu lamafu amaningi futhi ingakhawulelwe kunoma yimuphi umhlinzeki wamafu oyedwa, amakhono okuqapha ukuphepha kolwazi achazwe ngenhla, bese usebenzisa i-Cisco Stealthwatch Cloud kuyinketho enhle yokuthola isethi ehlanganisiwe yokuqapha. amakhono abadlali befu abahamba phambili - i-Amazon, iMicrosoft ne-Google. Okuthakazelisa kakhulu ukuthi uma uqhathanisa amanani entengo ye-Stealthwatch Cloud namalayisense athuthukile okuqapha ukuphepha kolwazi ku-AWS, Azure noma GCP, kungase kuvele ukuthi isixazululo seCisco sizobiza kakhulu kunamakhono akhelwe ngaphakathi e-Amazon, Microsoft. kanye nezixazululo ze-Google. Kuyaxaka, kodwa kuyiqiniso. Futhi uma amafu engeziwe namandla awo owasebenzisayo, inzuzo yesisombululo esihlanganisiwe izoba sobala kakhulu.

Cloud Security Monitoring

Ngaphezu kwalokho, i-Stealthwatch Cloud ingaqapha amafu ayimfihlo afakwe enhlanganweni yakho, ngokwesibonelo, ngokusekelwe kuziqukathi ze-Kubernetes noma ngokuqapha ukugeleza kwe-Netflow noma ithrafikhi yenethiwekhi etholwe ngokwenza isibuko kumishini yenethiwekhi (ngisho ekhiqizwa ekhaya), idatha ye-AD noma amaseva e-DNS nokunye. Yonke le datha izothuthukiswa ngolwazi lwe-Threat Intelligence oluqoqwe yi-Cisco Talos, iqembu elingekho ngaphansi kukahulumeni elikhulu kunawo wonke emhlabeni labacwaningi abasongela i-cybersecurity.

Cloud Security Monitoring

Lokhu kukuvumela ukuthi usebenzise isistimu yokuqapha ehlangene yawo womabili amafu omphakathi kanye nengxubevange inkampani yakho engase iwasebenzise. Ulwazi oluqoqiwe lungabe seluhlaziywa kusetshenziswa amakhono akhelwe ngaphakathi e-Stealthwatch Cloud noma ithunyelwe ku-SIEM yakho (i-Splunk, i-ELK, i-SumoLogic nezinye ezimbalwa zisekelwa ngokuzenzakalelayo).

Ngalokhu, sizoqedela ingxenye yokuqala ye-athikili, lapho ngibuyekeze amathuluzi akhelwe ngaphakathi nangaphandle okuqapha ukuphepha kolwazi lwezingxenyekazi ze-IaaS/PaaS, ezisivumela ukuthi sithole ngokushesha futhi siphendule izehlakalo ezenzeka ezindaweni zamafu ukuthi inkampani yethu ekhethiwe. Engxenyeni yesibili, sizoqhubeka nesihloko futhi sibheke izinketho zokuqapha amapulatifomu e-SaaS sisebenzisa isibonelo se-Salesforce ne-Dropbox, futhi sizozama ukufingqa nokuhlanganisa yonke into ngokudala uhlelo oluhlangene lokuqapha ukuphepha kolwazi lwabahlinzeki befu abahlukene.

Source: www.habr.com

Engeza amazwana