Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
クラウド脆弱性の傾向とShisho Cloudの活用
Search
adachi.ryo
March 16, 2025
Technology
0
190
クラウド脆弱性の傾向とShisho Cloudの活用
https://findy-tools.connpass.com/event/347629/
クラウドを活用する開発組織の実践的セキュリティ対策 〜脆弱性診断とDBへのアクセス制御〜
adachi.ryo
March 16, 2025
Tweet
Share
More Decks by adachi.ryo
See All by adachi.ryo
技術的負債で信頼性が限界だったWordPress運用をShifterで完全復活させた話
rvirus0817
0
160
Amazon Security Lakeを活用したセキュリティログの集約とAIによる可視化の最前線
rvirus0817
0
2
TechBull Membersの開発進捗どうですか!?
rvirus0817
0
1.2k
TechBullエンジニアコミュニティの取り組みについて
rvirus0817
0
1k
横断SREの立ち上げと、AWSセキュリティへの取り組みの軌跡
rvirus0817
3
11k
ゼロから創る横断SREチーム ~挑戦と進化~
rvirus0817
3
5.1k
入社1ヶ月でここまでやった!Findy Toolsインフラ支援の最適化
rvirus0817
11
13k
メンティー同士で輪読会を始めたら学びしかなかった
rvirus0817
1
1.1k
Lancersをコンテナへ本番移行する取り組み
rvirus0817
1
3.3k
Other Decks in Technology
See All in Technology
Segment Anything Modelの最新動向:SAM2とその発展系
tenten0727
0
420
o11yツールを乗り換えた話
tak0x00
1
240
2025-07-31: GitHub Copilot Agent mode at Vibe Coding Cafe (15min)
chomado
2
380
製造業の課題解決に向けた機械学習の活用と、製造業特化LLM開発への挑戦
knt44kw
0
160
S3 Glacier のデータを Athena からクエリしようとしたらどうなるのか/try-to-query-s3-glacier-from-athena
emiki
0
180
Amazon Bedrock AgentCoreのフロントエンドを探す旅 (Next.js編)
kmiya84377
1
120
Claude CodeでKiroの仕様駆動開発を実現させるには...
gotalab555
3
900
LLM 機能を支える Langfuse / ClickHouse のサーバレス化
yuu26
4
290
Google Agentspaceを実際に導入した効果と今後の展望
mixi_engineers
PRO
3
330
alecthomas/kong はいいぞ
fujiwara3
6
1.4k
Kiroでインフラ要件定義~テスト を実施してみた
nagisa53
3
310
AI時代の経営、Bet AI Vision #BetAIDay
layerx
PRO
1
1.7k
Featured
See All Featured
GraphQLとの向き合い方2022年版
quramy
49
14k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
31
1.3k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
7
790
GitHub's CSS Performance
jonrohan
1031
460k
Java REST API Framework Comparison - PWX 2021
mraible
32
8.8k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
The Power of CSS Pseudo Elements
geoffreycrofte
77
5.9k
Optimising Largest Contentful Paint
csswizardry
37
3.4k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
60k
Git: the NoSQL Database
bkeepers
PRO
431
65k
The Invisible Side of Design
smashingmag
301
51k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
26k
Transcript
Ϋϥυ੬ऑੑͷͱShisho Cloudͷ׆༻ ʮ2025/03/17 ΫϥυΛ׆༻͢Δ։ൃ৫ͷ࣮ફతηΩϡϦςΟରࡦ ʙ੬ऑੑஅͱDBͷΞΫηε੍ޚʙʯ ϑΝΠϯσΟגࣜձࣾ ϓϩμΫτ։ൃ෦/SRE ҆ୡ ྋ(@adachin0817)
ࣗݾհ
3 ࣗݾհ ҆ୡ ྋ(@adachin0817) ɾϑΝΠϯσΟ(ג) / ϓϩμΫτ։ൃ෦/Senior SRE ɾBlog: blog.adachin.me/wiki.adachin.me
ɾTechBull(ΤϯδχΞίϛϡχςΟ) techbull.cloud ɹɾSRE/ΤϯδχΞͷϝϯλϦϯά ྦྷܭ300໊↑ ɹɾίϛϡχςΟϚωʔδϟʔ ɾ͔ͭͯOSS൛VulsͷίϯτϦϏϡʔλʔΠϕϯτओ࠵ͳͲ ɾ89ੜ·Εɺ౦ژཱ۠ग़Ͱ࡛ۄݝय़෦ࢢ͕ݩ ɾϑϨϯνϒϧυοάͷࣂ͍ओͰ͋Δ
4
ԣஅSREνʔϜͷҐஔ͚ͮͱϛογϣϯ
ԣஅSREνʔϜͷҐஔ͚ͮͱϛογϣϯ • ԣஅSREνʔϜ ◦ ڈ͔ΒνʔϜͱ্ཱ͓ͯͪ͛ͯ͠Γɺݱࡏ4໊Ͱ׆ಈ͍ͯ͠Δ • SREͷଘࡏҙٛ ◦ SREಓΛ࡞ΔͨΊʹଘࡏ͢Δ(։ൃͷεϐʔυͱ҆શੑΛཱ྆) ◦
ϦεΫΛड͚ೖΕɺཧ͢Δ(োͷϦεΫΛ࠷খݶʹ͑ͭͭɺޮతͳӡ༻Λࢦ͢) ◦ SLOΛܭଌ͢Δ(৴པੑͷόϥϯεΛऔΔͨΊͷج४Λࡦఆ) ◦ τΠϧͷݮͱࣗಈԽ(Ձͷߴ͍ۀʹूதͰ͖ΔڥΛఏڙ) ◦ ϓϩμΫτͷࢧԉ(։ൃεϐʔυͱ৴པੑͷόϥϯεΛอͭͨΊʹٕज़ࢧԉ) ◦ ηΩϡϦςΟͷՄࢹԽͱڧԽ (જࡏతͳϦεΫΛൃݟ͠ɺγεςϜΛΑΓ҆શͳঢ়ଶʹอͭ) • ظϛογϣϯ ◦ ʮϑΝΠϯσΟͷࣄۀΛࢧ͑ΔͨΊʹɺSRE৫ͷ͋Γํͷཱ֬ʯ • தظϛογϣϯ ◦ ʮࣾһશһ͕ࣄۀʹूதͰ͖ΔΑ͏ͳΈΛߏங͠ɺ҆શʹఏڙʯ 6
ৄ͍͠औΓΈʹ͍ͭͯFindy Tech BlogΛࢀߟʹʂ 7
ۙͷ੬ऑੑʹ͍ͭͯ
ۙͷ੬ऑੑʑ૿Ճ͍ͯ͠Δ 9 ࢀߟ: https://www.first.org/epss/data_stats https://blog.adachin.me/archives/53851 https://vuls.biz/blog/articles/20240822a/
߈ܸܦ࿏ͱ৫ͷηΩϡϦςΟରԠྗ 10 ࢀߟ: https://vuls.biz/blog/articles/20240822a/
Top Threats to Cloud Computing 2024 ΫϥυॏେڴҖϨϙʔτ
Top Threats to Cloud Computing 2024 • 2024 ΫϥυॏେڴҖϨϙʔτ ◦
CSA(ΫϥυηΩϡϦςΟΞϥΠΞϯε)ຊ෦ ◦ 2ʹҰڴҖϨϙʔτΛެ։ ◦ 500ਓҎ্ͷۀքઐՈΛରʹಛఆ • ՝ ◦ ॱҐ͕Լ͕͓ͬͯΓݒ೦͞ΕΔͷͰͳ͍ ◦ ઃఆϛεͱෆेͳมߋཧ ◦ IAMʹΑΔΞΫηεཧ ◦ ηΩϡΞͰͳ͍ΠϯλʔϑΣʔεAPI ◦ ΫϥυηΩϡϦςΟͷΞʔΩςΫνϟ ͱઓུͷܽ 12 ࢀߟ: https://www.cloudsecurityalliance.jp/site/?p=35829
Top Threats to Cloud Computing 2024 • ࠓޙͷݟ௨͠ ◦ AIΛؚΉΑΓߴԽͳ߈ܸ
◦ αϓϥΠνΣʔϯͷϦεΫ ◦ ਐԽ͢Δن੍ͷঢ়گ ◦ Ransomware-as-a-Service(RaaS) • ରࡦ ◦ SDLC(ιϑτΣΞ։ൃϥΠϑαΠΫϧ)Λ௨ͨ͡ AIͷ౷߹ ◦ AIΛ׆༻ͨ͠ηΩϡϦςΟπʔϧ ◦ θϩτϥετηΩϡϦςΟϞσϧ ◦ ࣗಈԽͱΦʔέετϨʔγϣϯ ◦ ηΩϡϦςΟεΩϧͷ֨ࠩ 13 ࢀߟ: https://www.cloudsecurityalliance.jp/site/?p=35829
ΫϥυηΩϡϦςΟʹऔΓΉୈҰา
ΫϥυηΩϡϦςΟʹऔΓΉࡍͷୈҰา • ηΩϡϦςΟஅͱݱঢ়Ѳ / CSPM(Cloud Security Posture Management) ◦ ઃఆϛε੬ऑͳϦιʔεΛՄࢹԽ͠ɺ༏ઌ͖͢ϦεΫΛಛఆ
◦ ૣظରԠͰηΩϡϦςΟΠϯγσϯτΛະવʹ͙ • ηΩϡϦςΟࢹͱΞϥʔτͷઃఆ ◦ ҟৗͳϩάΠϯڴҖΛϦΞϧλΠϜʹݕग़ ◦ ඞཁͳΞϥʔτΛదʹઃఆ͠ɺਝͳରԠΛՄೳʹ • TrivyΛ׆༻ͨ͠ηΩϡϦςΟεΩϟϯ ◦ طͷڥʹର͢Δஅͱɺ৽نߏங࣌ͷࣗಈεΩϟϯΛCIԽ • ηΩϡϦςΟϩάͷՄࢹԽ ◦ AWS WAFɺCloudTrailɺGuardDutyͷঢ়ଶΛઃఆ͢Δ͚ͩͰͳ͘ՄࢹԽɾੳ ◦ ҟৗݕͷਫ਼Λ্ͤ͞ɺରԠεϐʔυΛਐΊΔ • ηΩϡϦςΟڭҭͱҙ্ࣝ ◦ νʔϜશମͷηΩϡϦςΟҙࣝΛߴΊΔ͜ͱ͕େ ◦ ࠷৽ͷڴҖରࡦํ๏Λڞ༗͢ΔΛઃ͚Δ 15
ΫϥυηΩϡϦςΟڧԽʹ͓͚ΔπʔϧબఆͷΞϓϩʔν • ॳͷܭը: AWS Security Hub Λ׆༻ͨ͠ηΩϡϦςΟཧΛݕ౼ ◦ AWS OrganizationsͰཧ͍ͯ͠ΔͨΊɺेݸҎ্ͷΫϩεΞΧϯτ͕ଘࡏ
◦ σʔλੳͰGCPར༻͍ͯ͠ΔͨΊɺҰݩཧ͕Ͱ͖ͣɺҰ؏ੑ͕อͯͳ͍ ◦ ༷ʑͳαʔϏε͕ಈ࡞͢ΔͨΊɺෳࡶʹͳΓ͘͢ɺίετ͕ߴ͘ͳΓ͍͢ ◦ ૢ࡞ੑɺධՁ݁Ռͷࢹೝੑ͕ѱ͘ɺτϦΞʔδͷूܭʹ͕͔͔Δ ◦ ରԠํ๏ͷυΩϡϝϯτ͕ӳޠͩΒ͚ͰΤϯδχΞ͕ૉૣ͘ରԠͰ͖ͳ͍ • ༷ʑͳΫϥυηΩϡϦςΟπʔϧΛࢼݧಋೖ ◦ ػೳૢ࡞ੑɺίετύϑΥʔϚϯεͷ؍͔Βൺֱݕ౼ ◦ Shisho Cloud͕࠷ཁ݅ʹద߹͠ɺಋೖͷܾఆʹ🎉 16
Shisho Cloudͷಋೖ
Shisho Cloudͷ͍͢͞ • Simple is the best ◦ ϚϧνΫϥυͷҰݩཧ ◦
ηΩϡϦςΟઐ͕ࣝͳͯ͘ରԠՄೳ ◦ ϦεΫͷଈ࣌ՄࢹԽ ◦ ຊޠରԠͷஸೡͳϨϙʔτ ◦ ಋೖͷ༰қ͞ͱݕग़݁Ռͷ͞ ◦ ेʹ४උ͞ΕͯΔϚωʔδυϙϦγʔ ◦ ϫʔΫϑϩʔʹΑΔΧελϚΠζੑͷߴ͞ ◦ Ձ͕͍֨҆ 18
Shisho Cloudͷӡ༻ϙΠϯτ • ηΩϡϦςΟΨΠυϥΠϯϙϦγʔͷ࡞ ◦ ࢛ظ͝ͱʹ༏ઌͷߴ͍IssueΛͯ͢ରԠ͢Δ͜ͱΛඪʹઃఆ • ηΩϡϦςΟࢹͱΞϥʔτͷઃఆ ◦ ֤ϓϩδΣΫτʹઐ༻ͷSlackνϟϯωϧΛ࡞
◦ ؔऀΛר͖ࠐΉΈΛߏங ◦ Embedded SRE͚ʹใڞ༗ͷΛઃ͚Δ ◦ τϦΞʔδ͞ΕͨΞϥʔτͯ͢ରԠ͢Δඞཁͳ͘ɺ༏ઌ͔ΒߜΔ • ηΩϡϦςΟରԠͷܗ֚ԽΛ͗ɺνʔϜͷཱࣗΛଅਐ ◦ ηΩϡϦςΟରԠͷܗ֚ԽΛ͗ɺνʔϜͷཱࣗΛଅਐ 19
Shisho Cloudͷӡ༻՝ • ৽نΠϯϑϥߏங࣌ʹຖճΞϥʔτͷޡݕ͕ൃੜ ◦ Terraform ͰશΠϯϑϥΛཧ͍ͯ͠Δ͕ɺڥ͝ͱͷ౷Ұϧʔϧ͕ͳ͍ ◦ ෛՙςετڥ৽نΠϯϑϥڥͷςϯϓϨʔτԽ͕ະඋ ◦
ηΩϡϦςΟϙϦγʔ͕ڥ͝ͱʹ౷Ұ͞Ε͓ͯΒͣɺෆཁͳΞϥʔτ͕ൃੜ ◦ Slack ௨͕ଟൃ͠ɺϊΠζͰຒ·ͬͯ͠·͏ • ॏཁͳ௨ݕ ◦ Critical / High ͷΞϥʔτ Slack Ͱϝϯγϣϯ͖௨ ◦ ϊΠζΛݮΒ͠ɺରԠ͖͢ΞϥʔτʹूதͰ͖ΔڥΛߏங 20
Findy ToolsͰϨϏϡʔ͍ͯ͠·͢ʂ 21
ηΩϡϦςΟϩάج൫
ηΩϡϦςΟϩάج൫ • Amazon Security Lakeͷ׆༻ ◦ AWSͰϦΞϧλΠϜʹԿ͕ى͖͍ͯΔ͔அͰ͖ͳ͍ ◦ ηΩϡϦςΟपΓͷϞχλϦϯάڧԽ ◦
CloudTrailɺWAFɺVPC Flow LogɺRoute53 (DNS Query)ΛରʹՄࢹԽ͠ੳ ◦ Security LakeͰ؆୯ʹҰݩཧ͕Մೳ ◦ ݄ສԁఔͰ࣮ՄೳͰίεύ͕ྑ͍ ◦ Amazon Managed GrafanaͰμογϡϘʔυԽ 23
WAF Log • WAF(Web ACL) ◦ Request by Country(ࠃผͷϦΫΤετ) ◦
Heat map ◦ Bar graph ◦ Total Request(શϦΫΤετͷूܭ) ◦ WAF Rule Request(WAFϧʔϧ͝ͱͷϦΫΤετ) ◦ Access Ranking(IPΞυϨεURL͝ͱͷϦΫΤετ) ◦ WAF Analytics Logs(ੳ༻ͷϩά/ϒϩοΫใͳͲ) 24
CloudTrail Log • CloudTrail ◦ Total Event Count(શΠϕϯτ) ◦ Total
Errors(શΤϥʔ) ◦ Event History(Πϕϯτཤྺ) ◦ Top Event Names(Πϕϯτ໊) ◦ Total Event Source(Πϕϯτൃੜݩ) ◦ Top Users(ϢʔβʔϥϯΩϯά) ◦ Total Source IP(ૢ࡞ݩͷIPΞυϨε) ◦ S3 Access Denied(S3ͰΞΫηεڋ൱͞Εͨճ) ◦ EC2 Change Event Count(EC2ͷઃఆมߋճ) ◦ VPC Change Event Count(VPCͷઃఆมߋճ) ◦ Security Group Change Event Count(SGͷઃఆมߋճ) ◦ Error Event(ੳ༻ΤϥʔΠϕϯτ) 25
खಈ ੬ऑੑஅ
खಈ ੬ऑੑஅ࣮ࢪ • GMO Flatt Security x WebΞϓϦέʔγϣϯஅ ◦ 2023ʙ
࣮ࢪࡁΈ ◦ SQLΠϯδΣΫγϣϯ ◦ XSSɺೝূɾೝՄͷͳͲ ◦ ༷ʑͳ੬ऑੑஅʹରԠ͍ͯ͠Δ ◦ ใࠂॻ/Ϩϙʔτඇৗʹݟ͍͢ ◦ ΞϑλʔαʔϏεॆ࣮͍ͯ͠Δ 27
Findy Team+ SOC2 Type1
Findy Team+ SOC2 Type1Λऔಘ 29
·ͱΊ
·ͱΊ • ΫϥυηΩϡϦςΟपΓՄࢹԽͯ͠ܧଓతʹੳͱରࡦΛ͢Δ͜ͱ • Shisho Cloud/ϫʔΫϑϩʔͷΧελϚΠζΛ׆͔͖͠Εͯͳ͍ ◦ ඞཁʹԠͯ͡৫ݻ༗ͷϙϦγʔΛઃఆ͠ɺӡ༻ʹద༻͢Δ ◦ AWSΞΧϯτͷఆج४Λ໌֬Խ͠ɺCritical,HighϨϕϧͷݕ࿙ΕΛࢭ
◦ طଘΞϥʔτͷվमͱ୨Է͠ • ηΩϡϦςΟϩάج൫ͷੳ ◦ Security LakeΛ༻͍ͨج൫Ͱ͖ͨͷͰɺੳΛਐΊ͍ͯ͘ ◦ μογϡϘʔυͷΧελϚΠζఆظతͳৼΓฦΓΛ࣮ࢪ͠ɺӡ༻վળΛਤΔ ◦ SQLͷ݁Ռ͔ΒBedrockͰੳ༧ఆ 31
͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ʂ