Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ゼロトラスト導入支援ってどんなことやってるの?

fnifni
April 15, 2022

 ゼロトラスト導入支援ってどんなことやってるの?

奈良先端技術大学院大学の卒業制作を行ってるチームに話した内容です
当該チームは、既存の企業にゼロトラストを導入することについてのホワイトペーパーを作るという目的を持っているとのことでした。

fnifni

April 15, 2022
Tweet

More Decks by fnifni

Other Decks in Technology

Transcript

  1. What is the support for introducing Zero Trust like? It's

    a universal story, after all. By Hirokazu Yoshida / At NARA INSTITUTE of SCIENCE and TECHNOLOGY / 2022.4.13
  2. Hirokazu Yoshida @ CloudNative Inc. Job : Security Engineer Community

    : Security-JAWS Handle Name : fnifni Who am I !?
  3. Today's expected audience 
 and their issues • θϩτϥετͷ֓೦͸෼͔ͬͯΔʢຊ࣭తʹਖ਼͘͠ཧղ͍ͯ͠Δ͔͸ผʣ •

    θϩτϥετ͸ʮಋೖ͢Δ΋ͷʯͱࢥͬͯΔ • ࣾձਓ • طଘͷاۀʹରͯ͠θϩτϥετಋೖਪਐͷضΛৼ͍͖͍ͬͯͨ • ࣗ෼ͨͪͰ΋Ͱ͖ͦ͏ͱࢥ͑ΔɺಋೖϓϩηεͷϗϫΠτϖʔύʔΛ࡞Γ ͍͚ͨͲɺ࣮ࡍ໰୊Ͳ͏΍͍ͬͯ͘ͷ͔͸Πϝʔδ͕͍ͭͯͳ͍
  4. What to talk about today and what not to talk

    about • ࠓ೔࿩͢͜ͱ • طଘاۀͷ৘ใγεςϜରͯ͠ɺθϩτϥετΛ৫ΓࠐΜͩγεςϜΛσβ Πϯ͠ɺಋೖ͍ͯͨ͘͠ΊͷϑΝϯμϝϯλϧͳߟ͑ํ΍ಋೖɾల։ͷྲྀΕ ʹ͍ͭͯ • ࿩͞ͳ͍͜ͱ • ୯७ͳθϩτϥετ੡඼ͱݺ͹ΕΔ੡඼ͷಋೖखॱ΍Ϣʔεέʔε • ݸผ۩ମతͳΦϖϨʔγϣϯ
  5. Examples of common incorrectness • ੡඼Λಋೖ͢Ε͹ͳΜͱ͔ͳΔɺӡ༻͸୭͔ʹ΍ΒͤΕ͹͍͍ͱࢥͬͯ ͍Δύλʔϯ • ϕϯμʔͷཆ෼Ͱ͢Ͷ •

    ݪཧओٛͷύλʔϯ • ηΩϡϦςΟͷͨΊʹXXX͸ېࢭ͠·͠ΐ͏ʂ • ͦΕ΍ͬͯɺ୭͕޾ͤʹͳΔΜͰ͔͢ʁ
  6. Examples of common unhelpful things • ൺֱද͸ѱ • ୭͔͕࡞ͬͨൺֱද͸ɺݟͨਓͷࣄ৘ͳΜ͔ؔ܎ͳ͘࡞ΒΕ ͍ͯΔ

    • ͦͷʮ˓ʯ͸ɺ͋ͳͨʹͱͬͯຊ౰ʹʮ˓ʯͰ͔͢ʁ • ࣗ෼ʹͱͬͯ˓͔Ͳ͏͔͸ɺ৮ͬͯΈͳ͍ͱΘ͔Βͳ͍
  7. Examples of common unhelpful things • ൺֱද͸ඞཁѱ • ্ਃ͢Δ্Ͱɺൺֱ͔ͨ͠ʁΛ໰ΘΕΔ৔߹͸͋Δ •

    ࣗ෼ͰԖචͳΊͯ࡞ͬͨൺֱද͕࠷ڧ • ٬؍తʁ 
 ͦ΋ͦ΋٬؍తͳൺֱද͕ࣗ෼ͨͪʹͲͷΑ͏ʹϑΟοτ͠ ͍ͯΔͳΜͯɺ୭͕આ໌ͯ͘͠ΕΔΜͰ͔͢Ͷʁ
  8. Examples of common unhelpful things • ϕετϓϥΫςΟεͷݬ૝ • ϕετϓϥΫςΟε͸ʮߟ͑ํʯͰ͋ͬͯʮ͜͏΍Ε͹͍͍(How To)ʯͰ͸ͳ͍

    • ࣗ෼ͨͪʹͱͬͯԿ͕Ͳͷఔ౓ඞཁ͔ΛݟۃΊΔඞཁ͕͋Δ • Ͳ͔͔͜Β͖࣋ͬͯͨHow To͕ɺࣗ෼ͨͪʹͱͬͯඞཁे෼Ͱ ͋Δͬͯ୭͕આ໌ͯ͘͠ΕΔΜͰ͔͢Ͷʁ
  9. Limitations of Horror Stories • ໌֬ͳϦεΫ΍՝୊ʹ͸ରॲͰ͖Δ͕ɺͦΕҎ্͕ͳ͍ • ϦεΫͷ૯ྔ͸ܦӦऀͷհࡏͳ͠ʹ͸ଌΕͳ͍ • ΏʔͯɺͦΜͳͷى͖Δʁͦ͜·ͰΠϯύΫτ͋Δʁ

    
 ଞࣾ͸Ͳ͏ͯ͠ΔͷʁΛಥഁͰ͖ͳ͍ • ৽͍͠ϦεΫ͕ੜ·ΕͨΒɺ·ͨ৽͍͠΋ͷΛങΘͳ͍ͱ͍ ͚ͳ͍ͷʁͱ͍͏ٙ೦Λ෷১Ͱ͖ͳ͍
  10. It costs a lot of money to do anything. •

    ࠓ·Ͱ΍͍ͬͯͳ͔ͬͨ͜ͱΛ΍ΔͷͰɺجຊతʹ͸ίετ૿ • ͍ͭͷλΠϛϯάͰɺͲͷఔ౓ͷΩϟογϡΞ΢τ͕ੜ͡Δ ͷ͔͸ɺܦӦऀͷॏେͳؔ৺ࣄʢΩϟογϡϑϩʔͱ૬ஊʣ • ࡞੒ͨ͠ϩʔυϚοϓΛجʹɺ͓͕ۚඞཁͳ࣌ظΛఏࣔ͢Δ • ෆཁʹͳΔػث΍ઃඋɺϥΠηϯε͕͋Ε͹ɺ৫ΓࠐΉ
  11. Are you trying to do this with just a few

    people? • ܦӦऀΛ͸͡Ίɺܦཧɺ๏຿ɺਓࣄɺࣄۀ෦໳ͱؔΘΒͳ͍ͱਐΜͰ͍͔ͳ͍ • ܦӦऀɿτοϓϚωδϝϯτɺඞཁͳࢿݯͷׂΓ౰ͯ • ܦཧɿϑΝΠφϯεपΓɺطଘγεςϜͷࢧ෷͍पΓ • ๏຿ɿࣄۀಛੑʹର͢Δ๏తͳ໘ͰͷϑΥϩʔ • ਓࣄɿIDιʔεͱͷ੔߹ • ࣄۀ෦໳ɿϢʔεέʔεɺ࢖͍উखɺۀ຿ޮ཰ͷϑΟʔυόοΫͷๅݿ
  12. The ones that fall out • ۀ຿ͰAndroid͔ͭͬͯΔΜ͚ͩͲྑ͔ͬͨΜ͚ͩͬʁ • ͳ่͠͠Ͱࢲ෺୺຤࢖͑ͪΌͬͯΔΜͩΑͳʔ •

    ࣮͸VPNͱͷ৯͍߹Θ͕ͤѱ͍ΜͩΑͶ • ͜ͷ୺຤Ͱ͜ͷۀ຿Λ΍ͬͪΌͬͯྑ͔ͬͨΜ͚ͩͬʁ • ੍ޚϙΠϯτʹ࿙Ε͕͋ͬͨʢζϨͯͨʣɻɻɻ׼
  13. What we are doing in our analysis of the current

    situation • ϦεΫ෼ੳ݁ՌͱϦεΫରԠํ਑ͷ֬ೝ • ΍Γ͍ͨ͜ͱɺͳΓ͍ͨ࢟ͷώΞϦϯά • खஈ͕໨తʹͳͬͯͳ͍͔ͷνΣοΫɺͳͥͳΒ͹ͷਂ۷Γ • ۀ຿ʹؔΘΔεςʔΫϗϧμʔͷ֬ೝ • ۀ຿ҕୗ΍ΞϧόΠτͳͲ
  14. What we are doing in our analysis of the current

    situation • ݱࡏͷγεςϜߏ੒ͱͦͷߏ੒ʹࢸͬͨഎܠͷ֬ೝ • IDج൫΍σόΠε͸ԿΛ࢖ͬͯΔͷʁ • ࣄ຿ॴ΍૔ݿɺ޻৔ͳͲɺͲ͜ͰͲΜͳۀ຿΍ͬͯΔͷʁ • ͲΜͳΩοςΟϯάͯ͠Δʁڞ༗IDͱ͔࢖ͬͯΔʁ • ωοτϫʔΫߏ੒͸ʁ
  15. What we are doing in our analysis of the current

    situation • ۀ຿γεςϜ΍SaaSϥΠηϯεͷ໨࿥ • ͍ͭߪೖͯ͠ɺอकඅͲΕ͘Β͍ʁ • Կͷ໾ׂΛՌ͍ͨͯ͠Δ΋ͷͳͷʁ • ͲΕ͘Β͍ؾʹೖͬͯΔʁ • SSOՄ൱΋Θ͔Δͱͳ͓ྑ͠
  16. What we are doing in our analysis of the current

    situation • ݱࡏͷηΩϡϦςΟϙϦγʔͷ಺༰֬ೝ • ఆΊΒΕ͍ͯΔ಺༰͸ɺͲͷΑ͏ʹ࣮૷ɾӡ༻͍ͯ͠Δʁ • ४ڌ͢΂͖ϨΪϡϨʔγϣϯ΍نఆͷ֬ೝ • σβΠϯʹର͢Δ४ڌੑ͸୭͕ͲͷΑ͏ʹߦ͏ͷ͔੔ཧ
  17. What we are doing in our analysis of the current

    situation • σʔλͷྲྀ௨ܦ࿏ͷ֬ೝ • ૊৫ͱͯ͠Ͳͷఔ౓ॏཁͳ৘ใ͕ɺͲ͜ʹ഑ஔ͞Ε͓ͯΓɺ ͩΕ͕ɺͲͷσόΠεΛ༻͍ͯɺͲͷΑ͏ͳܦ࿏ͰΞΫηε ͢Δ͔ • ISMS27002Ͱ੔ཧ͞ΕΔσʔλͷ໨࿥Λ֦ு͢Δͷ͕ 
 ൺֱతϦʔζφϒϧ
  18. What should be included in the overall design • ϦεΫ΍՝୊ɺ΍Γ͍ͨ͜ͱɾͳΓ͍ͨ࢟

    • AsIsߏ੒ɺToBeߏ੒ɺCanBeߏ੒ • σβΠϯίϯηϓτͱ֤ίϯϙʔωϯτͰߦ͏͜ͱ΍੍ޚͷ֓ཁ • ՝୊౳ͱͷϚοϐϯά
  19. What should be included in the overall design • ਐΊΔ্Ͱͷཹҙ఺

    • MDM৐Γ׵͑΍ϢʔβʔӨڹɺηΩϡϦςΟػߏͷ੾Γସ͑ • ϩʔυϚοϓʢ࣮૷ॱংʣͱεέδϡʔϧ • ߪೖϥΠηϯεҰཡʢֹؚۚΉʣ • ഇغ͢ΔγεςϜͱഇغ࣌ظ
  20. A practical landing place for the time being • Ұ଍ඈͼʹToBeߏ੒ʹ͍͚ͳ͍͜ͱ͸ଟʑ͋Δ

    • ௕͗͢Δεέδϡʔϧ͸ɺਫ਼౓͕ஶ͘͠མͪΔ • ΍ͬͯΈͯɺ͜͏ͩͬͨɾ͜Μͳ͸ͣ͡Ό͸ɺΑ͋͘Δ͜ͱ • ΍Γ͍ͨ͜ͱɾͳΓ͍ͨ࢟ʹରͯ͠ɺ௚ۙͰͨͲΓண͖͍ͨঢ়ଶΛ ࣮ݱͰ͖Δߏ੒ΛCanBeߏ੒ͱݺΜͰ·͢
  21. Why should we have ID control? • ໨త • ՄೳͳݶΓɺҰҙͷIDͰγεςϜར༻Ͱ͖ΔΑ͏ɺIDΛҰݩ؅ཧ͢Δ

    • ೝূͱೝՄΛҰݩతʹߦ͑ΔΑ͏ʹ͢Δ • ͳͥͳΒ͹ • ୭͕͍ͭԿΛͨ͠ͱ͍͏ϩάʹҙຯΛ࣋ͨͤΔ(൱ೝ๷ࢭ) • ۀ຿ར༻SaaSͷϢʔβʔ؅ཧΛݸผʹߦΘͳ͍ঢ়گΛ࡞Γɺୀ৬ऀ΍෦֎ऀͷΞΫηεΛ๷͙
  22. What to do as an identity control ? • ৴པͰ͖ΔIDιʔεͷ֬ೝʢਓࣄDB΍Active

    DirectoryͳͲʣ • ڞ༗IDͷચ͍ग़͠ͱ؇࿨ાஔ • IDιʔε͔ΒIdP΁ͷܨ͗ࠐΈ • SaaSαʔϏε΁ͷSSOઃఆɺϢʔβʔ/άϧʔϓ(σ)ϓϩϏδϣχϯά • ෇ਵͯ͠SaaSଆͷೝՄઃܭ
  23. What to do as an identity control ? • SSO͕Ͱ͖ͳ͍αʔϏεʹରͯ͠ͷ؇࿨ાஔ

    • ID΍άϧʔϓϝϯόʔγοϓͷ୨Է͠ͷ࢓૊Έͮ͘Γ • ۀ຿ʹؔΘΔ֎෦εςʔΫϗϧμʔͷID؅ཧͷ࢓૊Έͮ͘Γ • ৔߹ʹΑͬͯ͸ɺෳ਺ͷIdPΛ࢖͍෼͚Δ͜ͱ΋͋Δ
  24. Why should we have device control? • ໨త • ۀ຿Ͱ࢖͏σόΠεΛಛఆ͠ɺඞཁͳ੍ޚΛ഑৴Ͱ͖Δঢ়ଶΛอূ

    ͢Δ • ͳͥͳΒ͹ • ηΩϡϦςΟ͸࠷΋௿͍ਫ४ʹ߹ͬͯ͠·͏ͨΊɺඞཁͱఆΊͨ 
 ηΩϡϦςΟઃఆ΍ΞϓϦέʔγϣϯΛ࣮֬ʹ഑৴͢Δඞཁ͕͋Δ
  25. What to do as an device control • طଘσόΠεʹର͢ΔMDMͷΤϯϩʔϧϝϯτ •

    ΩοςΟϯάͰ΍͍ͬͯΔ͜ͱ΍ηΩϡϦςΟϙϦγʔʹج੍ͮ͘ ޚ΍ػೳͷ੍ݶͷ഑෍ΛMDMͰ഑෍ • AutoPilot΍DEPΛ༻͍ͯɺ৽نσόΠε΁ͷθϩλονσϓϩΠ • ࢀߟɿhttps://www.youtube.com/watch?v=Z-7W4T-IOFk
  26. Why should we have Content Management? • ໨త • ϑΝΠϧαʔόʔʹ͋ΔσʔλΛΫϥ΢υετϨʔδʹҠߦ͠ɺ

    
 ߴ͍Ϩϕϧͷ؂ࠪੑͱΞΫηείϯτϩʔϧɺ଱ো֐ੑɺརศੑΛڗड͢Δ • ϢʔεέʔεʹΑͬͯ͸ɺΫϥ΢υετϨʔδ͕ϑΟοτ͠ͳ͍৔߹͋Γ • ͳͥͳΒ͹ • ڥք಺ͰकΔ΂͖΋ͷΛݮ͡ɺ৘γεͷӡ༻؅ཧෛ୲Λݮ͡Δ͜ͱ͕Ͱ͖Δ
  27. What to do as a Content Management? • ϑΥϧμߏ଄ઃܭɺΞΫηεݖઃܭ •

    άϧʔϓϓϩϏδϣχϯάͱ࿈ಈ • Ϣʔεέʔεʹ߹Θͤͨςφϯτઃఆௐ੔ • Ϣʔεέʔε্ɺ޷·͘͠ͳ͍ಈ࡞ͷ੍ݶઃఆ • ֎෦ڞ༗ํࣜͱͷ੔߹
  28. What to do as a Content Management? • σʔλҠߦ •

    ҠߦݩɾҠߦઌͷϚοϐϯά • πʔϧͷ࢖༻Λਪ঑ʢσʔλҠߦ͸ϊ΢ϋ΢Λཁ͢Δʣ • ϝʔϧఴ෇ϑΝΠϧͷΫϥ΢υετϨʔδอ؅ • Ϣʔβʔप஌ࢿྉ࡞੒ɺτϨʔχϯά΍ϫʔΫγϣοϓͷ։࠵
  29. Why should we have Endpoint Protection? • ໨త • Ξϯν΢ΟϧεͰରԠͰ͖ͳ͍ΤϯυϙΠϯτͷڴҖΛݕग़

    ͠ɺରԠ͢Δ • ͳͥͳΒ͹ • ߴ౓Խ͢Δ߈ܸ͸ɺϚϧ΢ΣΞͰݕग़͢Δ͜ͱ͸ࠔ೉Ͱ͋Γɺ ΠϯςϦδΣϯεΛ׆༻͢Δඞཁ͕͋Δ͔Β
  30. What to do as a Endpoint Protection? • ςφϯτઃఆ •

    ར༻͢Δػೳɺར༻͠ͳ͍ػೳͷܾఆɺϩʔϧઃܭ • ॳظల։ • ΦϯϘʔυखॱͷཱ֬ɺ࠷௿ݶͷػೳಈ࡞֬ೝɾಈ࡞Өڹ֬ೝ • طଘΞϯνϚϧ΢ΣΞ੡඼ͷೖΕସ͑ํࣜͷݕ౼
  31. What to do as a Endpoint Protection? • ύΠϩοτల։ •

    ֤෦໳͔ΒύΠϩοτϢʔβʔΛืͬͯɺEDRΛಋೖ • ۀ຿Өڹ֬ೝͱνϡʔχϯά • ΞϥʔτରԠͷशख़ͱରԠϑϩʔͷཱ֬ • ࣗࣾͰͷରԠ͕೉͍͠෦෼ͷ֬ೝ
  32. What to do as a Endpoint Protection? • SOCࣄۀऀબఆʢΦϓγϣϯʣ •

    ࣗࣾͰରԠ͕೉͍͠෦෼ʹ͍ͭͯɺରԠͯ͠΋Β͑ΔSOCࣄۀऀΛ୳͢ • ӡ༻͸ɺSOCࣄۀऀͰ׬݁͸͠ͳ͍͜ͱʹ஫ҙ • SOCࣄۀऀτϥΠΞϧӡ༻ʢΦϓγϣϯʣ • ࣮ࡍʹͲͷϨϕϧͰରԠΛͯ͘͠ΕΔ͔ɺͲͷΑ͏ͳ΍ΓͱΓ͕ੜ͡Δ͔
  33. What to do as a Endpoint Protection? • ੬ऑੑରԠʢ੡඼ʹΑΔʣ •

    ૊৫಺ͷ੬ऑੑΛಛఆ͠ɺରԠΛཁ͢Δ΋ͷΛ൑அ͢Δ • OSઃఆ΍ΞϓϦέʔγϣϯόʔδϣϯʹجͮ͘੬ऑੑ͕ର৅ • ରԠ͸σόΠε੍ޚͷج൫Λར༻͢Δ
  34. Why should we have Shadow IT 
 Countermeasures? • ໨త

    • ۀ຿Ͱར༻͍ͯ͠ΔSaaSαʔϏεར༻ͷՄࢹԽͱ੍ޚ • ѱੑίϯςϯπ΁ͷΞΫηε੍ݶ • ͳͥͳΒ͹ • Web௨৴͸ɺσʔλྲྀ௨ͷॏཁͳΩʔϙΠϯτ
  35. What to do as a Shadow IT Countermeasures? • ҠߦઃܭɺઃఆͷҠߦ

    • ڥք๷ޚ΍طଘͷηΩϡϦςΟػߏ͕ߦ͍ͬͯΔ੍ޚͷચ͍ग़͠ͱɺ CASB/SWG੡඼΁ͷམͱ͠ࠐΈ • σόΠε౷੍ج൫Λ༻͍ͯɺAgentల։ • େ͖͘͸AgentܕɺAPIܕɺProxyܕͱ͋Δ͕ɺΧόʔൣғͱωοτϫʔΫ τϙϩδͷࣗ༝౓Λߟྀ͢ΔͱAgentܕ͕ϑΝʔετνϣΠε
  36. What to do as a Shadow IT Countermeasures? • νϡʔχϯά

    • ςφϯτࣝผొ࿥ • SSL෮߸ʹΑΔӨڹΛड͚ΔSaaSɺWebαʔϏεʹ͍ͭͯɺআ֎ઃఆͳͲ ͷ࣮ࢪ • Ҡߦઃఆͷ౤ೖ • ΧςΰϦϑΟϧλϦϯάɺෆ৹ͳυϝΠϯ΁ͷ઀ଓ੍ݶઃఆͳͲ
  37. What to do as a Shadow IT Countermeasures? • ՄࢹԽ಺༰ͷ֬ೝ

    • SaaSαʔϏεͷར༻ঢ়گ͔ΒɺରԠํ਑Λݕ౼ • ར༻෦໳ͱͷௐ੔΍͢Γ߹Θͤ • ՄࢹԽ݁Ռʹج੍ͮ͘ޚઃఆ
  38. What to do as a Shadow IT Countermeasures? • DLP

    • ૊৫Ͱอޢ͢΂͖σʔλΛਖ਼نදݱͰఆٛͰ͖Δ͔͕ΧΪ • ϑϦʔϋϯυͰߦ͏ʹ͸೉౓͕ߴ͗͢Δʢݸਓ৘ใͱ͔ʣ • ࣄۀಛੑͱσʔλͷྲྀ௨ܦ࿏Λे෼ʹ뱌Ͱ͖Ε͹ɺൺֱతγϯ ϓϧʹ࢖͏͜ͱ͸Մೳʢࣙॻɺ֦ுࢠɺϑΝΠϧαΠζͳͲʣ
  39. Why are you breaking away from VPNs? • ໨త •

    ݸʑͷࣾ಺ΞϓϦέʔγϣϯ΍ΦϯϓϨϛεγεςϜʹରͯ͠ɺ 
 ೝূʹجͮ͘ΞΫηείϯτϩʔϧΛఏڙ͢Δ • ͳͥͳΒ͹ • VPN͸ɺωοτϫʔΫ΁ͷΞΫηεڐՄʹରͯ͠ɺIAP͸ΞϓϦ έʔγϣϯʹରͯ͠ɺϢʔβʔ͝ͱͷ઀ଓڐՄΛఏڙ͢Δ
  40. What does getting out of a VPN do? • ઀ଓର৅γεςϜʢ㲈VPNʹґଘ͍ͯ͠ΔγεςϜʣͷચ͍ग़͠

    • ϙʔτɺIPΞυϨεɺFQDNɺґଘ͢ΔDNSΛ֬ೝ • ࣾ಺γεςϜͷૄ௨Մೳͳ৔ॴʹίωΫλΛ഑ஔ͢Δ • ର৅γεςϜ΁ͷ઀ଓݕূ • ཪͰΞΫηε͍ͯ͠ΔURLͳͲͷ͋ͿΓग़͠
  41. What does getting out of a VPN do? • ϩʔϧઃܭ

    • ϩʔϧ͝ͱʹར༻͢ΔΞϓϦέʔγϣϯηοτΛఆٛ • ϓϩϏδϣχϯάͨ͠άϧʔϓʹجͮ͘ • ίωΫλνϡʔχϯά • εϧʔϓοτ΍Մ༻ੑͷௐ੔͕ඞཁͰ͋Ε͹
  42. What does getting out of a VPN do? • VPNଘஔͷγφϦΦʹ͍ͭͯͷݕ౼ʢΦϓγϣϯʣ

    • ߴ͍Մ༻ੑΛཁ͢ΔαʔϏε͕͋Ε͹ɺόοΫΞοϓճઢͱ͠ ͯVPNΛଘஔ͢Δ͜ͱ΋ΞϦ • අ༻΍ΩοςΟϯάɺӡ༻ෛՙͷ௿ݮʹ͸ͳΒͳ͍ͷͰɺ 
 ϦεΫϚωδϝϯτͱͯ͠ͷ൑அ͕ඞཁ
  43. Why do you do log management? • ໨త • ֤SaaS΍ηΩϡϦςΟ੡඼ʹࢄΒ͹Δϩά΍ΞϥʔτΛू໿

    ͠ɺγεςϜΞϥʔτΛ၆ᛌ͢Δ͜ͱͰରԠ͢΂͖Πϯγσϯτ ΛݟۃΊΔ • ͳͥͳΒ͹ • ֤੡඼ͷϩάͷ૬ޓ֬ೝͷखؒΛݮΒ͠ɺରԠͷࣗಈԽʹܨ͛Δ
  44. What does log management do? • ετʔϦʔͷཱ֬ • ͩΕ͕ɺ୭ʹରͯ͠ɺͲͷΑ͏ͳ͜ͱΛઆ໌Ͱ͖ͨΒউͪͰ͋Δ͔ •

    ऩूର৅ϩάͷબผ • ετʔϦʔʹؔΘΔϩά΍ॏཁσʔλΛϗετ͢ΔαʔϏεɺ͓ΑͼϦεΫΞη εϝϯτͷ݁Ռɺൃݟత౷੍ʢϩάʹΑΔݕग़ʣ͕ରԠࡦͱͯ͠ڍ͛ΒΕͨγε ςϜ͕ର৅ • ͳΜͰ΋ू໿͸ɺΞϯνύλʔϯ
  45. What does log management do? • อଘظؒͷܾఆʢن੍΍๏ྩʹجͮ͘ʣ • ϩάऩूج൫ͷબఆͱܾఆ •

    ϩάऩूର৅ͱͷܨ͗ࠐΈ͕༰қͳ੡඼͕͋Δ͔ • ϑΝʔετνϣΠε͸ɺΫϥ΢υܕSIEM • Ͱ͖Ε͹ɺεϞʔϧελʔτՄೳͳ੡඼Λબఆ
  46. What does log management do? • ݕग़ϩδοΫͷ࡞੒ • ετʔϦʔ΍ϦεΫΞηεϝϯτͷ݁Ռʹجͮ͘࡞ΓࠐΈ •

    ࣗಈରԠ͸ɺઌͣ͸௨஌͔Β • ରԠΛ͍ͯ͘͠தͰɺ͓ܾ·ΓͷରԠ಺༰ΛࣗಈԽ͍ͯ͘͠ • ΤϯϦονϝϯτɺ௥ՃௐࠪͳͲ
  47. Things that have gathered when you notice them • ୺຤ͷΠϯϕϯτϦ৘ใʢ୭ͷεϚϗʹͲͷΞϓϦ͕ೖͬͯΔʁʣ

    • WebӾཡ৘ใʢ୭͕͍ͭͲΜͳαΠτʹΞΫηεͨ͠ʣ • ςΩετ৘ใʢ୭͕ͲΜͳϫʔυΛ౤ߘ͔ͨ͠ͳʣ • Ґஔ৘ใʢ୭ͷσόΠε͸Ͳ͜ʹ͋Δʁʣ
  48. Yes. These are private information • ID౷੍͞Εͨੈք؍Ͱ͸ɺ΄ͱΜͲͷσʔλʢϩάʣʹUPN΍ϝʔϧΞυϨεʹඥ෇͘ • ۀ຿Ͱ࢖༻͢Δ৘ใγεςϜͷϞχλϦϯά͸ɺ৘ใηΩϡϦςΟ΍࿑ಇऀͷ৬຿ઐ೦ٛ຿౳ ͷݟ஍͔Βɺۀ຿্ͷඞཁੑ͕ೝΊΒΕΔ

    • ଞํͰɺࣄۀऀʹͱͬͯࣝผ͞ΕͨIDͱݸਓͱͷর߹͸༰қͰ͋Δ͜ͱ͔Βɺ͜ΕΒͷσʔλ ͸ݸਓࣝผੑΛ༗͠ɺݸਓ৘ใʹ֘౰͢Δ͜ͱ͕ҰൠతͰ͋Δ • ैͬͯɺϞχλϦϯά͸ݸਓ৘ใอޢ๏ͷن੍ର৅Ͱ͋Δͱ͍͑Δ • ϞχλϦϯά͸ɺϓϥΠόγʔ΍ਓ֨ݖͷ৵֐ʹΑΔଛ֐ഛঈ੥ٻૌুͰ૪ΘΕΔ͜ͱ΋͋Δ શ೔ຊ৘ใॲཧֶशৼڵڠձ ൛ ݸਓ৘ใอޢ࢜ೝఆࢼݧ ެೝςΩετୈ2൛ 571ʙ572ทΑΓൈਮʢҰ෦ཁ໿ʣ