Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
セキュリティ担当者から見た re:Invent と AWS Security Hub / Im...
Search
Hokuto Hoshi
December 20, 2018
Technology
4.3k
2
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
セキュリティ担当者から見た re:Invent と AWS Security Hub / Impression of re:Invent and AWS Security Hub
Hokuto Hoshi
December 20, 2018
More Decks by Hokuto Hoshi
See All by Hokuto Hoshi
AIとともに歩む情報セキュリティ / Information Security with AI
kanny
5
4.9k
開発も運用もビジネス部門も! クラウドで実現する「つらくない」統制とセキュリティ / Effortless Governance and Security Enabled by the Cloud
kanny
5
4.9k
転生CISOサバイバル・ガイド / CISO Career Transition Survival Guide
kanny
4
2.7k
Connecting organisation with Technology
kanny
0
380
Why Slack - 5 years of Cookpad with Slack
kanny
0
190
Security by builders - セキュリティ監視をクラウドで「つくる」 / Security by builders
kanny
7
2.8k
自由でセキュアな環境のつくりかた / Building free and secure cloud environment
kanny
1
5.3k
事例でわかる、AWS 運用を支える サポート活用方法と エンタープライズサポートという選択 / AWS Enterprise Support and Cookpad
kanny
2
2.6k
AWS で加速する機械学習 / Accelerate Machine Learning with AWS
kanny
1
1.1k
Other Decks in Technology
See All in Technology
攻撃者がいなくてもAIエージェントはインシデントを起こす
nomizone
0
180
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
11k
LiDAR SLAMの実装とセンサ融合 ~Lie群からContinuous-Time LIOまで~
naokiakai
1
850
認証認可だけじゃない! ID管理の構成要素と ライフサイクルを意識しよう
ritou
1
450
トークン最適化のためのユーザーストーリー分析 / User Story Analysis for Token Optimization
oomatomo
0
160
組織における AI-DLC 実践
askul
0
290
BPaaSで進むAIオペレーションの現在地 AI実装が効く領域とスケーラビリティの選定と実装
kentarofujii
0
250
RAGの精度向上とエージェント活用
kintotechdev
2
120
從觀望到全公司落地:AI Agentic Coding 導入實戰 — 流程整合與安全治理
appleboy
1
540
Agentic AI 時代のテスト手法: Kiro とはじめるプロパティベーステスト (AWS Summit Japan 2026 | DEV212)
ymhiroki
0
190
Docker Desktop不要の時代が来る? WSL標準の「wslc」で Linuxコンテナを動かしてみた.
ueponx
0
530
作る力から、見極める力へ — AI時代に広がるエンジニアの価値と役割
rince
0
390
Featured
See All Featured
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
630
Six Lessons from altMBA
skipperchong
29
4.3k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.5k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
37
6.5k
Music & Morning Musume
bryan
47
7.3k
Data-driven link building: lessons from a $708K investment (BrightonSEO talk)
szymonslowik
1
1.1k
Code Review Best Practice
trishagee
74
20k
Groundhog Day: Seeking Process in Gaming for Health
codingconduct
0
230
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
230
23k
Fireside Chat
paigeccino
42
4k
Paper Plane
katiecoart
PRO
1
52k
Transcript
ηΩϡϦςΟ୲ऀ͔Βݟͨ re:Invent ͱ AWS Security Hub Hokuto Hoshi Head of
Infrastructure, Cookpad Inc.
[email protected]
ే (΄͠ ΄͘ͱ) / @kani_b • ΫοΫύουגࣜձࣾ ΠϯϑϥετϥΫνϟʔ෦ ෦
݉ ίʔϙϨʔτΤϯδχΞϦϯά෦ ݉ ࠪҕһձ ࠪิॿऀ • SRE, ηΩϡϦςΟΤϯδχΞ • AWS ೝఆ SA, DevOps ΤϯδχΞ (Professional) • AWS ར༻ྺ8͘Β͍
https://kanny.me/
ΠϯϑϥετϥΫνϟʔ෦ • શαʔϏε͕ར༻͢ΔΠϯϑϥڥͮ͘Γ • SRE (Site Reliability Engineering) άϧʔϓ •
σʔλج൫άϧʔϓ • ηΩϡϦςΟάϧʔϓ
ηΩϡϦςΟάϧʔϓ • 3໊ • αʔϏεࣾγεςϜͳͲձࣾʹ͓͚Δ͋ΒΏΔใηΩϡϦ ςΟରࡦͦͷӡ༻ʹैࣄ • γεςϜͷઃܭߏஙɺ࣮ࡍͷӡ༻·Ͱߦ͏
Full-AWS since 2011 ~1,400 EC2 instances 200+ ECS Services Over
3 regions 15,000+ requests/sec
re:Invent ͱࣗ • 2013͔ΒຖࢀՃ • 2012·ֶͩੜόΠτͩͬͨ • 2017Ͱొஃ • ػցֶशϫʔΫϩʔυΛίϯςφͰ࣮ߦ͢Δ
• ࠓͰ6ճ • ϥεϕΨε7ճ
ΫοΫύουͱ re:Invent • 2012͔Βຖෳ໊ࢀՃ • ΠϯϑϥܥͰͳ͘αʔϏε։ൃऀͷࢀՃऀΛ૿͍ͯ͠Δ • ࠓࢀՃऀͷ8ׂҎ্
ηΩϡϦςΟܥηογϣϯ, ϫʔΫγϣοϓ • ຖ͕ͩେྔ • ΑΓߴͳτϐοΫʹߦ͘΄Ͳ “ίʔυΛॻ͍ͯࣗͨͪͰ࡞͍ͬͯ͘” ͷ͕ଟ͍ • AWS
ηΩϡϦςΟαʔϏεͷհ͚ͩͰͳ͘ AWS αʔϏεΛͬͯΑΓྑ͍ηΩϡϦςΟγ εςϜΛͭ͘Δ • ࣗͷҎ֎ͷϫʔΫγϣοϓͳͲʹग़͍ͯΔΤϯδχΞଟ͍ • ηΩϡϦςΟΤϯδχΞ͕ DynamoDB ઃܭͷϫʔΫγϣοϓʹग़͍ͯΔͳͲ • εϥΠυಈըެ։͞Ε͍ͯ·͢
Security Jam • AWS ্ͰηΩϡϦςΟରࡦΠϯγσϯτϨεϙϯεΛମݧͯ͠ ͍͘Πϕϯτ • ָͦ͠͏ͳͷʹຖճ GameDay ͱඃͬͯ͠·͍
ࢀՃͰ͖͍ͯͳ͍… (ಉ྅ᐌָ͔ͬͨ͘͠ͱͷ͜ͱ) • ຊͰΔ͔ GameDay ͱ࣌ؒΛͣΒ͍ͯͩ͘͠͞!!!
Expo • ηΩϡϦςΟͷϓϩόΠμʑ૿Ճ͍ͯ͠Δ • ࠓίϯςφηΩϡϦςΟ͕ଟ͔ͬͨҹ • SIEM, ΠϕϯτϚωδϝϯτͳͲ
ࠓͷൃද • ͍Ζ͍Ζ͋Γ·ͨ͠Ͷ • ML, IoT, Robot ͳͲ͋Γͭͭݎ࣮ͳྖҬʹେྔϦϦʔε
ൃද (ηΩϡϦςΟ) https://aws.amazon.com/jp/new/reinvent/
ηΩϡϦςΟͷൃදগͳ͘ͳ͍ʁʁʁ • ηΩϡϦςΟΛλʔήοτʹͨ͠ͷ͔֬ʹগͳ͍ • ͕ɺηΩϡϦςΟγεςϜͷߏஙͳͲʹ͑Δͷͨ͘͞Μ • “ηΩϡϦςΟ” λά͕͍ͭͨαʔϏε͚͕ͩ AWS ηΩϡϦςΟͰͳ͍
https://speakerdeck.com/mizutani/security-log-search
ηΩϡϦςΟγεςϜʹ͑Δ or ͑ͦ͏ͳ ϦϦʔεͱײΛհ (ݸਓͷݟղͰ͢)
CloudWatch Logs Insights • CW Logs ͷϩάʹର͠ߜΓࠐΈूܭɺੳ͕Մೳʹ • JSON ͳͲʹରԠͰ͖Δ
• ৽όοΫΤϯυʹΑΔരݕࡧ • େྔͷϩάσʔλʹରͯ͠ഒҎ্͍ (࣮ࡍʹͬͯ·͢) • γεςϜϩάΞΫηεϩάͳͲͷετϨʔδͱͯ͠༗ྗީิʹ • ͨͩ͠Ձ֨ཁ֬ೝ
S3 Object Lock • S3 Object ΛҰఆ or ແظݶͰ্ॻ͖/আͰ͖ͳ͘ͳΔػೳ •
࠷ڧͷϞʔυͰ root account Ͱ͢Βআෆೳʹ • MFA Delete ʹΘΔબࢶʹͳΔ • ֤छॏཁϩάͷอ࣋ʹར༻Մೳ • ޡരʹҙ
S3 Glacier ͷػೳڧԽ • ໊শมߋͱಉ࣌ʹ৭ʑग़ͨ • S3 Glacier ετϨʔδΫϥεͷૹ •
ΫϩεϦʔδϣϯϨϓϦέʔγϣϯͷ Glacier ରԠ • ෮ݩ௨ɺ෮ݩΞοϓ • S3 Glacier Deep Archive • ͔͞Έ͕ͪͳηΩϡϦςΟؔ࿈ϩάͷظόοΫΞοϓʹ͑Δ • ΫοΫύουͰ Lifecycle Ͱ Glacier ૹΓʹ͍ͯ͠·͢
S3 Intelligent Tiering • S3 Standard ͱ Standard-IA (ස) ΛࣗಈͰߦ͖དྷͰ͖Δ
• Athena ͳͲΛϩάݕࡧʹ͍ͬͯΔέʔεͰศར • ϑϧεΩϟϯ͢Δͱҙຯ͕ͳ͘ͳΔͷͰϢʔεέʔεઃܭ͕େࣄ
KMS Custom Key Store • KMS ͷΩʔετΞͱͯ͠ CloudHSM ͕͑ΔΑ͏ʹ •
ߟ͑ΒΕΔ༻్ • Ͳ͏ͯ͠ΩʔετΞΛ͢Δඞཁ͕͋Δ • KMS Λ௨ͯ͠Ͱͳ͘ CloudHSM ଆ͔Β伴ͷࠪΛ͍ͨ͠ • զʑʹར༻༻్͕ͳ͍Ͱ͢…
AWS Control Tower • લͷൃදͰઆ໌͕͋ͬͨͷͰجຊઆ໌লུ • େྔΞΧϯτΛཧ͢ΔڥԼͰ͔ͳΓศརͦ͏ • ΧδϡΞϧʹ AWS
ΞΧϯτΛ࡞Γ͘͢ͳΔ
AWS Security Hub • લͷൃදͰઆ໌͕͋ͬͨͷͰجຊઆ໌লུ • ͏গ͠۷ΓԼ͛ͯɺͲͷΑ͏ʹ׆༻͍͔ͨ͠Λ͠·͢
ηΩϡϦςΟγεςϜͷجຊํ • ༷ʑͳιϑτΣΞαʔϏεΛηϯαʔͱͯ͠͏ • ηϯαʔ͔ΒͷϩάΞϥʔτΛूͯ͠ཧ͢Δ • ͦΕͧΕͷཧίϯιʔϧʹϩάΠϯͯ͠…ͱ͍͏ͷ ΘΕͳ͍γεςϜΛੜΉ͚ͩͳͷͰΊΔ • ຊʹඞཁͳஅʹूதͰ͖ΔΈΛͭ͘Δ
(ࣗಈԽ)
ΞʔΩςΫνϟ֓ཁ ύʔτ͚ ϩάϑΝΠϧઃஔͷ ΠϕϯτΛݕग़ Lambda Lambda Lambda Kinesis Stream S3
S3 Athena ϧʔϧΛ༻͍ͨ Ξϥʔτͷݕ Ξϥʔτͷൃใ ϩάͷม EC2 Elasticsearch Service ߴͰΠϯλϥΫςΟϒͳ ظతϩάͷݕࡧ ظؒʹΘͨΔ ϩάͷݕࡧ GHE PagerDuty Slack Ξϥʔτͷൃใɾཧ Ξϥʔτͷௐࠪ EC2 instances ͦͷଞϓϩμΫτ Kinesis Stream Kinesis Stream ϩάऩूύʔτ ϩάॲཧύʔτ Ξϥʔτॲཧύʔτ CloudWatch Logs/ Event, GuardDuty, CloudTrail
֓ཁ • ༷ʑͳϑΥʔϚοτͷϩάΞϥʔτΛ S3 ʹऩू • AWS αʔϏεͱͯ͠ GuardDuty ͳͲΛར༻
• ऩूͨ͠ϩάɾΞϥʔτΛਖ਼نԽͯ͠ Graylog / S3 ʹೖ • Ωϟονͨ͠Ξϥʔτਖ਼نԽͯ͠ GitHub (Enterprise) ʹىථ • ՄೳͳݶΓͷॳظௐࠪΛࣗಈͰߦ͏ • PagerDuty, Slack ͷൃใߦ͏
͞Βʹվળ͍ͨ͠ϙΠϯτ • Ξϥʔτͷਖ਼نԽ͕ͪΐͬͱେม (ࣗͨͪͰ࡞Δ) • ΞϥʔτࣗମͷूܭɺՄࢹԽ • ࣗಈԽΛߋʹਐΊΔ • ௐࠪɺରԠ
• ظతͳੳ
Ξϥʔτਖ਼نԽ • ରԠ͍ͯ͠ΔαʔϏεͰ͋Εਖ਼نԽෆཁ • ଞγεςϜʹΞϥʔτΛॻ͖ࠐΈ͍ͨ߹ Security Hub ΛڬΉ͜ͱͰ ॲཧΛڞ௨ԽͰ͖Δ •
Ξϥʔτʹ͍ͭͯ “ͱΓ͋͑ͣ Security Hub ʹಥͬࠐΉ” ͜ͱ͕ Ͱ͖ΔΑ͏ʹͳΔ • ࠓޙ৽نʹηΩϡϦςΟαʔϏε͕ग़͖ͯͯૉૣ͘౷߹Ͱ͖Δ
Amazon Security Finding Format • ηΩϡϦςΟΞϥʔτʹٻΊΒΕͦ͏ͳ߲Ұ௨ΓΧόʔ • EC2 Πϯελϯε ͳͲ
AWS ݻ༗ͷϑΟʔϧυ༻ҙ • ࠓͷஈ֊Ͱ AWS ϦιʔεΛओʹఆ͍ͯ͠ΔΑ͏ʹݟ͑Δ • ͏ͪΐͬͱ৭ʑͳϦιʔεʹରͯ͑͠Δͱ͏Ε͍͠… • ৄࡉ Security Hub ͷυΩϡϝϯτΛࢀর
ूܭɺՄࢹԽ • Insights Ͱ͋ΔఔՄೳ • Findings ΛϑΟϧλͨ݁͠Ռ (Group by ͳͲՄೳ)
• άϥϑΧελϜͰ͖ͨΒخ͍͚͠Ͳɻɻ • ظతʹոͦ͠͏ͳϦιʔεΛݟ͚ͭΔͷʹ༗ޮ
ࣗಈԽ • CW Events ʹΠϕϯτΛૹ৴Ͱ͖Δ • Finding, Insights, Standards •
Lambda function Step Function ΛݺͿ͜ͱ͕Ͱ͖Δ • ϩάऩूͱඥ͚, Ϩϐϡςʔγϣϯௐࠪ, ݕମௐࠪ, ΠϯελϯεͷίϚϯυൃߦͳͲͳΜͰ͋Γ
ͦͷଞͷྑ͍ػೳ • ϚϧνΞΧϯτରԠ • Control Tower Ͱ৽ن࡞࣌ʹશηΩϡϦςΟαʔϏε༗ޮԽ + Security Hub
ͷૹ৴͕Ͱ͖ΔΑ͏ʹͳΔͱ͏Ε͍͠ • ηΩϡϦςΟඪ४ͷνΣοΫ • ࣮ମ Config Rules ͷू߹ମ (ݱࡏ CIS AWS foundation benchmark ͷΈ) • ͜ΕΧελϜ͕࡞ΕΔͱྑ͍
ͦͷଞ͜͏ͳͬͯ͘ΕΔͱخ͍͠ • Findings ͦͷͷͷΞοϓσʔτ (ଐੑͷՃͳͲ) • ࣗಈԽʹΑΔௐࠪ݁ՌͳͲΛՃ͓͖͍ͯͨ͠ (ݱঢ়ςΩετͷΈ) • Πϕϯτཧπʔϧͱͷ࿈ܞ
• ͋Δ͍ Security Hub ͕ࣗཧπʔϧʹͳΔ • ୲ऀɺௐࠪঢ়گɺݟղɺetc • AWS WAF ࿈ܞ • Ξϥʔτ͕͔ͳΓଟ͘ͳΔͣͳͷͰɺͦͷ··දࣔͯ͠΄͘͠ͳ͍͕…
·ͱΊ
ࠓճͷൃදʹ͍ͭͯ • ͙͢ʹ͑Δͷଟ͘ྑ͔ͬͨͱࢥ͏ • ηΩϡϦςΟʹϑΥʔΧεͨ͠ͷଟ͘ͳ͍͕ɺ ηΩϡϦςΟʹ׆͔͢͜ͱ͕Ͱ͖ΔαʔϏεػೳ͕ग़͍ͯΔ • Control Tower, Security
Hub ੵۃతʹར༻͍ͨ͠
͜Ε͔Βͷ AWS ηΩϡϦςΟ • (طʹͦ͏ͳ͍ͬͯΔ͕) ಛఆͷαʔϏειϑτΣΞΛ ͏͚ͩͰͳ͘ɺ͍ࢹͰηΩϡϦςΟγεςϜΛઃܭ࣮ͯ͢͠Δ • AWS ͕ఏڙ͍ͯ͠ΔύʔπʹΑͬͯ࡞Γ͍͢ڥ͋Δ
• ͦ͏͍ͬͨͷ͕ఏڙ͞Ε͍ͯΔͱࢥ͏͠ɺ͍ͯͬͯ͠΄͍͠
PR
࣍ੈͷηΩϡϦςΟڥΛҰॹʹͭ͘Δ ΤϯδχΞΛืू͍ͯ͠·͢ https://cookpad.jobs/
Fin.