Upgrade to Pro — share decks privately, control downloads, hide ads and more …

re:Inforce 2021 ReCap

fnifni
August 29, 2021
Technology
0
180

re:Inforce 2021 ReCap

Security-JAWS#22のシークレットセッションで発表した、日本一早いre:Inforce 2021 のReCapです
#secjaws #secjaws22

fnifni

August 29, 2021
Tweet

More Decks by fnifni

See All by fnifni
生成AIのガバナンスとこれから
fnifni
0
76
AWS re:Inforce 2024 に コミュニティから登壇してきた話
fnifni
0
18
COM224: How organizations are actually applying AWS security best practices
fnifni
0
22
BsidesTokyo2024_AWSセキュリティの ベストプラクティスに関する 利用実態調査のレポートの紹介
fnifni
0
20
re:Inforce2024-recap_英語力ゴミカスでもフル英語登壇を乗り切る成功メソッド
fnifni
0
92
信頼ルールはGoogle Drive共有の孫の手になるか?
fnifni
0
160
ゼロトラスト導入支援ってどんなことやってるの?
fnifni
0
47
ログの話
fnifni
0
55
CloudTailをAzure Sentinelで 分析するということ
fnifni
1
180

Other Decks in Technology

See All in Technology
エンジニア向け会社紹介資料
caddi_eng
15
250k
Oracle Exadata Database Service(Dedicated Infrastructure):サービス概要のご紹介
oracle4engineer
PRO
0
9.5k
「自動テストのプラクティスを効果的に学ぶためのカードゲーム」 ( #sqip2024 )
teyamagu
PRO
1
160
忙しい人のためのLangGraph概要まとめ
__ymgc__
1
150
リアルお遍路+SORACOM IoT
ozk009
1
120
AIで変わるテスト自動化:最新ツールの多様なアプローチ/ 20240910 Takahiro Kaneyama
shift_evolve
0
200
四国クラウドお遍路 2024 in 高知 エンディング
yukataoka
0
190
OCI で始める!! Red Hat OpenShift / Get Started OpenShift on OCI
oracle4engineer
PRO
1
130
Javaにおける関数型プログラミンへの取り組み
skrb
7
310
四国のあのイベントの〇〇システムを45日間で構築した話 / cloudohenro2024_tachibana
biatunky
0
310
Optuna: a Black-Box Optimization Framework
pfn
PRO
1
110
React Aria で実現する次世代のアクセシビリティ
ryo_manba
4
1.2k

Featured

See All Featured
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
166
48k
Unsuck your backbone
ammeep
667
57k
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.4k
The Power of CSS Pseudo Elements
geoffreycrofte
71
5.2k
Designing for Performance
lara
604
68k
RailsConf 2023
tenderlove
28
800
A Modern Web Designer's Workflow
chriscoyier
691
190k
Building a Scalable Design System with Sketch
lauravandoore
458
32k
The World Runs on Bad Software
bkeepers
PRO
64
11k
Principles of Awesome APIs and How to Build Them.
keavy
125
16k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
363
22k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.2k

Transcript

  1. re:Inforce 2021 ReCap Japan’s earliest re:Inforce challenge to ReCap By

    Hirokazu Yoshida / At S-JAWS#21 / 2021.8.27

  2. re:Inforce 2021 ReCap ೔ຊҰૣ͍re:InforceͷReCap΁ͷ௅ઓ ٢ాͻΖ͔ͣ / S-JAWS#21 / 2021.8.27

  3. Who am I !? Hirokazu Yoshida @ CloudNative Inc. Job

    : Security Engineer Community : Security-JAWS Favorite AWS Service :

  4. Attention !! • ຊηογϣϯ͸ɺݸਓͷݟղʹجͮ͘΋ͷͰ͢ • ॴଐ͢ΔاۀɺஂମͷҙݟΛ୅ද͢Δ΋ͷͰ͸͋Γ·ͤΜ • and more …

  5. re:Inforceͬͯ ͳΜ͡ΌΒ΄͍ʁ

  6. About re:Inforce • AWS͕ओ࠵͢ΔηΩϡϦςΟɺΞΠσϯςΟςΟɺ 
 ίϯϓϥΠΞϯεʹಛԽͨ͠ϥʔχϯάΧϯϑΝϨϯε • ॳճ͸2019೥ʹϘετϯͰ։࠵ʢ೔ຊਓͷࢀՃऀ͸61໊ʣ • 2020೥

    (ώϡʔετϯ) ͸ɺίϩφͷӨڹͰதࢭ • ࠓ೥͸தࢭͷةػΛ৐Γӽ͑ɺ౔ஃ৔Ͱόʔνϟϧ୹ॖ։࠵

  7. ΄ʔΜ re:Inforceͬͯ re:InventͷηΩϡϦςΟ൛ ͳΜͰ͠ΐʁ

  8. ηΩϡϦςΟ৽ػೳͷൃදϥογϡ ͨͷ͠Έ΍ͳ͊ʂ

  9. ͱࢥ͍ͬͯͨ࣌ظ΋ ͋Γ·ͨ͠

  10. About re:Inforce • AWS͕ओ࠵͢ΔηΩϡϦςΟɺΞΠσϯςΟςΟɺ 
 ίϯϓϥΠΞϯεʹಛԽͨ͠ϥʔχϯάΧϯϑΝϨϯε • ॳճ͸2019೥ʹϘετϯͰ։࠵ʢ೔ຊਓͷࢀՃऀ͸61໊ʣ • 2020೥͸ɺίϩφͷӨڹͰதࢭ

    • ࠓ೥΋தࢭͷةػΛ৐Γӽ͑ɺ౔ஃ৔Ͱόʔνϟϧ୹ॖ։࠵

  11. ৽ػೳগͳ͍ʂͬͯ ͦ΋ͦ΋ओࢫ͕ҧ͏

  12. ͦΕͰ΋͋ͬͨ ৽ػೳͷൃදΛ঺հ͠·͢

  13. Functions introduced as new features • AWS Backup Audit Manager

    • AWS Backup͕ಈ࡞͍ͯ͠Δʮ೔ใʯΛݟΔ͜ͱ͕Ͱ͖Δ

  14. Functions introduced as new features • AWS IoT CoreͷVPC Endpoint

    (Private Link) ରԠ • IoT Coreͷ௨৴ΛެڞͷΠϯλʔωοτʹग़ͣ͞ʹऩू͢Δ

  15. Functions introduced as new features • Level 1 MSSPϓϩάϥϜͷ։࢝ •

    جຊతͳ඼࣭ج४Λຬͨͨ͠ύʔτφʔ͕ొ࿥͞Ε͍ͯΔ • 10छྨͷ෼໺Ͱӡ༻΋ؚΊͨ௕ظతʹ৴པͰ͖ΔηΩϡϦ ςΟ੡඼ΛखʹೖΕΔ͜ͱ͕Ͱ͖Δ

  16. Functions introduced as new features • IAM Access Analyzer (2021೥4݄)

    • ϙϦγʔཤྺͷରԠ

  17. Functions introduced as new features • IAM Access Analyzer (2021೥4݄)

    • ϙϦγʔͷݕূ

  18. Functions introduced as new features • IAM Access Analyzer (2021೥4݄)

    • ϙϦγʔͷϓϨϏϡʔ

  19. Functions introduced as new features • IAM Access Analyzer (2021೥4݄)

    • ࢖ΘΕͯͳ͍ΞΫγϣϯ 
 ͷݕग़

  20. Functions introduced as new features? • Wickrͷങऩ (2021೥6݄)

  21. ֤ηογϣϯ͔Β֞ؒݟΔ ϝοηʔδΛ঺հ

  22. Today's Agenda • Keynote • Leadership session: Data Protection &

    Privacy • Leadership session: Governance, Risk & Compliance • Leadership session: Culture of Security • Leadership session: Identity & Access Management • Leadership session: Threat Detection & Incident Response

  23. Today's Agenda • Keynote • Leadership session: Data Protection &

    Privacy • Leadership session: Governance, Risk & Compliance • Leadership session: Culture of Security • Leadership session: Identity & Access Management • Leadership session: Threat Detection & Incident Response

  24. Threat Detection & Incident Response • GuardDutyͰڴҖΛݕग़ • Security HubͰݕग़ࣄ߲Λू໿ɺίϯϓϥΠΞϯεҧ൓Λݕग़

    • ରԠͷࣗಈԽ΍νϡʔχϯάΛߦͬͯɺΞϥʔτ׳ΕΛ๷͙

  25. Ransomware • ΦϖϨʔγϣϯ༻ͱόοΫΞοϓ༻ͰΞΧ΢ϯτΛ෼͚Δ • S3όʔδϣχϯάͱΦϒδΣΫτϩοΫͷར༻ • DRΛؚΊͨแׅతͳόοΫΞοϓܭըͱήʔϜσΠ • ͞Βʹ۷ΓԼ͛ΔͳΒNIST SP1800-25Λࢀߟʹ͢Δͱ͍͍

  26. Identity and Access Management • ύεϫʔυͷ࢖͍ճ͠ʹΑΔةݥੑ • SSOͷଞɺۈ຿࣌ؒ֎ͷΞΫςΟϏςΟ΍෺ཧσόΠεΛซ༻͢Δଟཁૉೝূ • IAM

    Access Analyzer͸ήʔϜνΣϯδϟʔ • ύʔϛογϣϯ͸ఆظతʹ؂ࠪ • ϢʔβʔάϧʔϓΛ࢖ͬͯɺݖݶ؅ཧͷ൥ࡶ͞Λܰݮ͠Α͏

  27. Network Infrastructure Security • HBOmaxͷࣄྫɿݕग़ͱରԠ • ։ൃ / ϓϩμΫτνʔϜʹద੾ͳΨʔυϨʔϧͷߏங •

    GuardDutyͰڴҖΛݕग़ɺSecurity HubʹFindingsΛू໿ • Event HubʹͦΕͧΕΛू໿

  28. Network Infrastructure Security • HBOmaxͷࣄྫɿݕग़ͱରԠ • ηΩϡϦςΟΤϯδχΞ͸ɺSlackΛհͯ͠मਖ਼ͷͨΊͷyaml Λ࡞੒ • Cloud

    CustodianͰyamlΛLambdaʹม׵ͯࣗ͠ಈԽΛଅਐ

  29. Network Infrastructure Security • HBOmaxͷࣄྫɿݕग़ͱରԠ

  30. Network Infrastructure Security • Con fi dential Computing • AWS

    Nitro Enclaves • ӬଓతͳετϨʔδ΍ΠϯλϥΫςΟϒͳΞΫηεɺ֎෦ωοτϫʔΫ͕ͳ ͍ • ڐՄ͞ΕͨίʔυͷΈ͕Enclaves಺Ͱ࣮ߦ͞Ε͍ͯΔ͜ͱΛݕূͰ͖Δ • KMSͱ౷߹͞Ε͍ͯΔEnclavesͷΈ͕ػີ৘ใʹΞΫηε͢Δ͜ͱ͕Ͱ͖Δ

  31. Data Protection & Privacy • θϩτϥετΞʔΩςΫνϟ • ීวతͳࣄฑͷू߹ମ • ҉໧ͷ৴པͷഉআɺܧଓతͳݕূɺ࠷খݖݶɾ࠷খظؒͰϢʔβʔΛઃఆɺ

    ҟৗͳ׆ಈ΍ѱҙͷ͋Δ׆ಈͷ؂ࢹɺཻ౓ͷߴ͍ϦεΫϕʔείϯτϩʔ ϧɺηΩϡϦςΟͷࣗಈԽ • AWSͷߟ͑ํ • ID؅ཧͱωοτϫʔΫ؅ཧͷ྆ํΛิ͍ͬͯ͘

  32. Data Protection & Privacy • GDPR΁ͷରԠ • αʔϏεͷػೳ͸GDPRద༻ର৅Ͱ͋Δ͔൱͔Λ໰Θͣɺ 
 ͢΂ͯͷސ٬ʹద༻͞ΕΔ

    • GDPRͰཁٻ͞ΕΔసૹධՁͷࢧԉϦιʔε

  33. Data Protection & Privacy • AWSαʔϏεͷϓϥΠόγʔػೳ • αϙʔτϦΫΤετΛॲཧ͢Δୈࡾऀͷ৘ใΛܝࡌͨ͠ αϒϓϩηοαʔ

  34. Data Protection & Privacy • ܭըͳ͠ʹػඍ৘ใΛอଘ͠ͳ͍͜ͱ • ͜ͷ෼໺͸ख୳ΓͰਐΊΔ͜ͱ͸Ͱ͖ͳ͍ • ϏδωεΛऴྃ͢ΔϨϕϧͷϦεΫΛ࣋ͭ

    • ϏδωεͰى͍ͬͯ͜Δ͜ͱΛ۷ΓԼ͛ͯਖ਼֬ʹཧղ͢Δ͜ͱ

  35. Governance, Risk and Compliance • ߴ͍ϨϕϧͷೝূΛड͚ΔͨΊʹ͸ɺ150Ҏ্ͷίϯτϩʔϧΛ ຬͨ͢ඞཁ͕͋Δ • AWSαʔϏε͸ɺ஍Ҭ΍ۀքΛ໰ΘͣԿઍ΋ͷηΩϡϦςΟ؂ࠪ Ͱݕূ͞Ε͍ͯΔ

    • AWS Artifact͔Β࠷৽ͷCSFূ໌ॻΛμ΢ϯϩʔυͰ͖Δ

  36. Governance, Risk and Compliance • ࠓ೔Ͱ͖Δ͜ͱɿCloud؂ࠪΞΧσϛʔ

  37. Leadership Sessionͷϝοηʔδ

  38. Leadership session: 
 Data Protection & Privacy • จԽΛܗ੒͢Δ •

    ֤νʔϜʹηΩϡϦςΟ୲౰ऀ͕૊Έࠐ·Ε͍ͯΔ • ҉߸Խ͢Ε͹͍͍Θ͚Ͱ͸ͳ͍ • 伴ͷ؅ཧͱಁ໌ੑʢAlexaͷࣄྫʣ • ϓϥΠόγʔ͸ɺʮԿΛ͢Δ͔ʯͱ͍͏͜ͱ

  39. Leadership session: Governance, Risk & Compliance • ίϯϓϥΠΞϯεΛࣗ෼ͨͪͷ΋ͷʹ͢Δ6ͷڭ܇ • 10೥ؒͰੵΈ্͖͛ͯͨCompliance

    as a CodeΛ 
 ࣮ફ͢ΔͨΊͷڭ܇

  40. Leadership session: Governance, Risk & Compliance • ૣࣦ͘ഊ͢Δ͜ͱ • ؂ࠪͷͨΊͷΤϯδχΞ

    • ίϯϓϥΠΞϯεʹັͤΒΕͨΤϯδχΞ • ઐ໳؂ࠪਓͷ୆಄ • ৑௕ੑΛ࣋ͨͤΔ • ੡඼ͷͲ͜ʹয఺Λ౰ͯΔ͔

  41. Leadership session: Governance, Risk & Compliance • ΋ͬͱֶश͍ͨ͠ਓͷͨΊʹ

  42. Leadership session: 
 Culture of Security • ηΩϡϦςΟ͸όφφͰͨ͠

  43. Tenets ͱ͍͏ݴ༿͕ҿΈࠐΊͳͯ͘ Կ΋ೖ͖ͬͯ·ͤΜͰͨ͠ ͞ʔͤΜ

  44. Leadership session: 
 Identity & Access Management • AWS OrganizationsΛ࢖ͬͯϚϧνΞΧ΢ϯτΛ؅ཧ

    • AWS SSOΛ࢖ͬͯΞΧ΢ϯτͷதԝ؅ཧ • σʔλϖϦϛλ • SCP, VPC Endpoint Policy, Resource-based policys

  45. Leadership session: 
 Identity & Access Management • ࠷খݖݶ΁ͷཱྀ •

    IAM Access Analyzerͷ঺հ • IAM࠲ஊձ

  46. Leadership session: 
 Threat Detection & Incident Response • ηΩϡϦςΟػೳΛ࢖ͬͯରԠ࣌ؒΛ୹ॖ͠Α͏

  47. Leadership session: 
 Threat Detection & Incident Response • GuardDutyͷϕετϓϥΫςΟεͷ঺հ

    • ରސ٬ͷηΩϡϦςΟΦϖϨʔγϣϯνʔϜͷ࿩ • ͍Ζ͍Ζ΍ͬͯΔ͚Ͳɺ؅ཧऀϝʔϧ͚ͩ͸Ϛδड৴͠Ζ • ߦ͏΂͖ΞΫγϣϯTop10ʢීวతͳ࿩ʣ

  48. Leadership session: 
 Threat Detection & Incident Response • ߦ͏΂͖ΞΫγϣϯTop10ʢීวతͳ࿩ʣ

  49. Leadership session: 
 Threat Detection & Incident Response • ߦ͏΂͖ΞΫγϣϯTop10ʢීวతͳ࿩ʣ

  50. A bird's eye view • ։ൃϓϩηεʹηΩϡϦςΟΛ૊ΈࠐΉจԽͱ 
 ίϯϓϥΠϯεΛ૊ΈࠐΉจԽ͸ࣅ͍ͯΔ • ϓϥΠόγʔͷߟ͑ํͷ಄ग़͠ʢੈͷதͷૌٻ΁ͷରԠʣ

    • Compliance as a Code͸ɺ·ͩ·ͩීٴ͍ͯ͠ͳ͍ • ೿खͳ໨৽͍͠΋ͷͰ͸ͳ͘ɺීวతͳࣄฑͷੵΈ্͛

  51. Thank you !