Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
About Extended Threat Detection in Amazon Guard...
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
takakuni
December 18, 2024
410
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
About Extended Threat Detection in Amazon GuardDuty
takakuni
December 18, 2024
More Decks by takakuni
See All by takakuni
ECS Express Mode
takakuni
0
36
AWS WAF Anti-DDoS Protection in 5 Minutes!
takakuni
0
610
AWS Backup Air-Gapped Vaults with Multi-Party Approval Explained in 5 Minutes!
takakuni
0
310
5min GuardDuty Extended Threat Detection EKS
takakuni
0
380
OpenAI models overview 202505
takakuni
0
440
[Sample] Validate hyperlink for Amazon Bedrock Data Automation
takakuni
0
300
Classmethod AI Talks #13
takakuni
0
430
SageMaker Hyperpod 101 #regrowth_sapporo
takakuni
1
430
What is Amazon Bedrock knowledge base with an Amazon Kendra GenAI index?
takakuni
0
770
Featured
See All Featured
Leadership Guide Workshop - DevTernity 2021
reverentgeek
1
310
sira's awesome portfolio website redesign presentation
elsirapls
0
280
The agentic SEO stack - context over prompts
schlessera
0
820
Navigating the Design Leadership Dip - Product Design Week Design Leaders+ Conference 2024
apolaine
1
350
Between Models and Reality
mayunak
4
340
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
128
56k
Designing for Performance
lara
611
70k
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
inesmontani
PRO
3
3.5k
Lightning Talk: Beautiful Slides for Beginners
inesmontani
PRO
2
580
GraphQLとの向き合い方2022年版
quramy
50
15k
The Cult of Friendly URLs
andyhume
79
6.9k
Writing Fast Ruby
sferik
630
63k
Transcript
2024/12/18 クラスメソッド株式会社 たかくに Amazon GuardDuty の Extended Threat Detection について
2 • 部署 ◦ AWS 事業本部コンサルティング部 • 名前(ニックネーム) ◦ たかくに
• ロール ◦ ソリューションアーキテクト ⾃⼰紹介
re:Invent 2024 どうでしたか?
GuardDuty でしたね。
Extended Threat Detection の話をします。
Extended Threat Detection とは
拡張脅威検出 です!
拡張脅威検出とは
拡張された脅威を検出する機能!
10 今までの GuardDuty Threat Detection 1. EC2 finding types 2.
IAM finding types 3. S3 Protection finding types 4. EKS Protection finding types 5. GuardDuty Runtime Monitoring finding types 6. Malware Protection for EC2 finding types 7. Malware Protection for S3 finding type 8. RDS Protection finding types 9. Lambda Protection finding types
11 これからの GuardDuty Threat Detection 1. EC2 finding types 2.
IAM finding types 3. S3 Protection finding types 4. EKS Protection finding types 5. GuardDuty Runtime Monitoring finding types 6. Malware Protection for EC2 finding types 7. Malware Protection for S3 finding type 8. RDS Protection finding types 9. Lambda Protection finding types 10. GuardDuty attack sequence finding types(NEW !)
• 複数の脅威が連なった状態を検出 • 普段の検出タイプに加え、弱いシグナルも評価対象 ◦ 弱いシグナル:普段の検出タイプでは表⽰されな い API アクティビティ •
MITRE ATT&CK のステップ別に重要度を表⽰ 12 GuardDuty attack sequence finding types
• Attack sequence ◦ 複数のイベント(シグナル)の相関関係 • Findings ◦ GuardDuty が発⾒した脅威(≒シグナル)
• Signals ◦ GuardDuty が観察した API アクティビティ 13 単語のおさらい
14 図にすると
15 複数の脅威が連なった状態を検出
16 複数の脅威が連なった状態を検出
17 普段の検出タイプに加え、弱いシグナルも評価対象
18 MITRE ATT&CK のステップ別に重要度を表⽰
• AttackSequence:IAM/CompromisedCredentials ◦ IAM が侵害されている可能性が⾼い場合に検出 • AttackSequence:S3/CompromisedData ◦ S3 が漏洩している可能性が⾼い場合に検出
19 GuardDuty attack sequence finding types
None
Your Podcast. Everywhere. Effortlessly.
takakuni
reverentgeek
elsirapls
schlessera
apolaine
mayunak
aki_iinuma
lara
inesmontani
quramy
andyhume
sferik
