Splunk.confãšã¯?
Splunk.confã¯ã"Splunk"ãšãããã°åæãœãªã¥ãŒã·ã§ã³ãæäŸããŠããç±³åœã®äŒç€Ÿ(瀟åãSplunk)ã«ããã«ã³ãã¡ã¬ã³ã¹ã§ãä»å¹Žã¯ã©ã¹ãã¬ã¹ã§éå¬ãããŸãããä»å¹Žã§5åç®ã®éå¬ã«ãªããŸãããå°çã«ãšã£ãŠã¯ä»åãåããŠã®åå ã«ãªããŸãã第1åã®åå è ã¯300åã»ã©ã ã£ããã®ããä»å¹Žã®åå è ã¯3500人ãè¶ ããããã§ããKBIZã¯ä»å¹Žããã®äŒç€Ÿã®ããŒãããŒã«ãªããæ å ±ã»ãã¥ãªãã£åéã§ã®å©çšã«ã€ããŠç 究ã»éçºãè¡ã£ãŠããŸãã
ãããšããšSplunkã¯ITã·ã¹ãã ã®å®å®éçšãç®çãšããããŸããŸãªãã°ãåæããŠé害ã®çºçãé²ãã ããã·ã¹ãã ã®æ§èœã管çããããããœãªã¥ãŒã·ã§ã³ãšããŠäœçœ®ã¥ããããŠããŸããããã®ãããããŒãããŒã«ãªã£ãå幎ã»ã©åã«ã¯ãæ å ±ã»ãã¥ãªãã£ã«é¢ããæ å ±ã¯ããŸãèŠã€ããããšãã§ããŸããã§ããããšããããä»åéå¬ãããã«ã³ãã¡ã¬ã³ã¹ã®ã»ãã·ã§ã³ã§ã¯ãã»ãã¥ãªãã£ã«é¢ãããã®ãç®çœæŒããå šãŠã®æéæ ã«ã»ãã¥ãªãã£ã®ã»ãã·ã§ã³ããããæé垯ã«ãã£ãŠã¯ã»ãã¥ãªãã£ã®ã»ãã·ã§ã³ãåæã«3ã€ããããããªç¶æ ã§ãããããŒããŒãã¹ããŒãã§ãã»ãã¥ãªãã£ã倧ããåãäžããããå瀟ã®ã»ãã¥ãªãã£ãžã®åã®å ¥ããããæããããŸãã2æ¥åã§15åã®ã»ãã·ã§ã³ãèããŠããŸããã®ã§ããã®ãã¡2ã€ã»ã©ç°¡åã«çŽ¹ä»ããŸãã
Security Ninjutsu: Using Splunk for Advanced Correlation, Anomaly Detection and Response Automation
ããã»ãã¥ãªãã£å¿è¡ããšåä»ãããããã®ã»ãã·ã§ã³ã§ã¯ãSplunkã䜿ã£ãŠã»ãã¥ãªãã£çã«ææãªç°åžžå€ãæ€åºãã4ã€ã®æ¹æ³ã玹ä»ãããŸããã ã1ã€ç®ã¯ãC&C Detection and Blockingãã§ãPalo Alto Networkã®Firewallãã°ãããçµç¹å ã«äŸµå ¥ãããã«ãŠã§ã¢ãC&CãµãŒããšéä¿¡ããçè·¡ãèŠã€ãåºãããããã¯ãããšãããã®ã§ããå ·äœçã«ã¯ãFirewallã®ãã°ãšC&CãµãŒãã®ãªã¹ããçªåããããšã«ãã£ãŠæ€åºãè¡ããã®ã§ãä»çµã¿ãšããŠã¯ã·ã³ãã«ãªãã®ã§ãããæ¢åã®ãããã¯ãŒã¯æ©åšãšçµã¿åãããããšã§å®¹æã«ã»ãã¥ãªãã£ãé«ããããšãã§ãããšããç¹ã§ã¯æå³ãããã®ã§ã¯ãªãããšæããŸãã ã2ã€ç®ã¯ãAnomaly Detection Essentialsãã§ãPCã«å°å ¥ãããŠããŠãããCarbon Blackããšãããšã³ããã€ã³ãã»ãã¥ãªãã£è£œåã®ãã°ããããã«ãŠã§ã¢ãã·ã¹ãã ãã¡ã€ã«ãæžãæãããããæåãæ€åºãããã®ã§ãããã«ãŠã§ã¢ã«ããã·ã¹ãã ãã¡ã€ã«ã®æžãæãã¯ãOSã®ãããé©çšããã¢ããªã±ãŒã·ã§ã³ã®å°å ¥ã«ããã·ã¹ãã ãã¡ã€ã«æžãæãã«åãããŠããŸãå¯èœæ§ããããŸãããããã§ã¯ãæžãæããè¡ãããŠãããã¡ã€ã«åãéèšããéåžžæžãæããããªããããªã·ã¹ãã ãã¡ã€ã«ãæžãæããããŠããããšãæšæºåå·®ã«ãã£ãŠæœåºããæ¹æ³ã玹ä»ãããŸãããæšçåæ»æ(APT)ã§ã¯ãæ»æã®æçµç®ç(æ å ±ã®çªåãã·ã¹ãã ã®ç Žå£)ã«å°éããããã«ã¯æ°é±éããæ°ãæãèŠãããšèšãããŠããŸãããããã®æ¹æ³ã¯ããã®äžé£ã®ããã»ã¹ãé®æ(Kill chain)ããããã«æå¹ãšèããããŸãã ããã®ãKill chainããšããè¡šçŸã¯ä»åäœåºŠãè³ã«ããŸãããäŸµå ¥ããé²åŸ¡ããä»çµã¿ã ãã§ãªããããšãäŸµå ¥ãããŠããŸã£ããšããŠãããã®åŸã®ã¢ã¯ãã£ããã£ãæ€åºããé£ãæ¢ããããšããKill chainããšåŒã³ããããå®çŸããä»çµã¿ãšããŠãã°åæãæå¹ã§ãããšããŠããŸãã ã3ã€ç®ã¯ãBehavioral Anomaly Detectionãã§ãç é¢å ã§æ£è ã®ã«ã«ããäžæ£ã«é²èŠ§ããŠãã人ãæ€åºããæ¹æ³ãäŸãšããŠçŽ¹ä»ãããŸããããŠãŒã¶æ¯ã«ã«ã«ãã®é²èŠ§æ°ãéèšãããŠãŒã¶æ¯ã®éå»ã®ã«ã«ãé²èŠ§æ°å¹³åããã®æšæºåå·®ãèšç®ãã倧ããåãããããã®ãæœåºããããäžåžã«å®æçã«å ±åãããšãããã®ã§ãããŸããéå»ã®å¹³åãšæ¯èŒããŠå€§ããããã¯ãªããæ°å€ã®å Žåã¯ãç·æ¥å¯Ÿå¿éšçœ²çã«ãé£çµ¡ããä»çµã¿ãšããŠããããã§ãã ã4ã€ç®ã¯ãVisual Event Correlationãã§ãæ»æè ã®åŸåãææ¡ããããã«ãã·ã¹ãã ã«é¢ããã€ãã³ããèŠèŠåãã人éã®ç®ã§ç°åžžå€ãæ€åºã§ããããã«ããæ¹æ³ã§ããã«ãŒã«ã決ããŠãããã«ããããããã®ã®ã¢ã©ãŒãããããä»çµã¿ã¯ç¹å®ã®äžæ£è¡çºã«ã¯å¹æçã§ããããããŸã§ãæ³å®ã®ç¯å²å ã®äºè±¡ããæ€åºããããšãã§ããŸãããããã¯ãã€ãã³ããèŠèŠåããããšã§ãæ³å®ããŠããªããããªäºæ ãèµ·ãã£ãŠããªããã人éã®çŽæãçµã¿åãããŠå€æã§ããããã«ããä»çµã¿ã§ãã
Tracking Insider Threats Using Big Data and Analytics
ãããã°ããŒã¿ãçšããŠãå éšäžæ£ãæ€åºããæ¹æ³ã«ã€ããŠã®ã»ãã·ã§ã³ã§ããå éšäžæ£ã®æ€åºã«ãã°åæã¯æå¹ãšèããããŸãããåæã®å¯Ÿè±¡ãšãªããã°ã®çš®é¡ãå°ãªãã£ããããã£ããšããŠãå質ãäœããã°ãæçãªåæçµæãåŸãããšã¯ã§ããŸãããITã·ã¹ãã ã«ååšãããã°ã ãã§ã¯å éšäžæ£ãæ€åºããããã«ã¯äžååã§ãããäžæ£ãçºèŠãããšããŠãååãªèª¿æ»ãã§ããªãããšããããŸãã ãå éšäžæ£ããã£ãçµç¹ã«å¯Ÿããæ³çæªçœ®ãåããªãã£ãçç±ã調æ»ãããšããã颚è©è¢«å®³ãæããŠããšãããã®ã¯äºæ³ãããå°ãªãã蚌æ ãäžååã ã£ããšãããã®ãå€ããšããçµæã§ããã ããã®ãããªç¶æ³ãæ¹åããããã«å¿ èŠãªããšã¯ãITéšéã®ç¯å²ãè¶ ããŠãã°ãåéããããšã§ããä»ãŸã§ã®ãã°åæã§ã¯ããããã¯ãŒã¯ããµãŒããã»ãã¥ãªãã£ãœãªã¥ãŒã·ã§ã³ãªã©ã®ãã°ãåæããŠããŸãããããããããã ãã§ã¯äžååã§ããããããã¯ã人äºæ å ±ãç©çã»ãã¥ãªãã£ããã®ä»ã®æ å ±ãçµã¿åãããŠåæããããšã§ãããé«ã粟床ã§å éšäžæ£ãæ€åºã§ããããã«ããŸããå ·äœçã«ã¯ã人äºè©äŸ¡ãå ¥é宀ãã°ãSNSãªã©ã®æ å ±ãå©çšããè€åçã«åæãè¡ããŸããäŸãã°ãæ·±å€ã®æé垯ã«DBãã倧éã®ããŒã¿ãããŠã³ããŒãããŠãããã°ããã£ããšãã«ããã®æé垯ã«ãªãã£ã¹ã«ãã人ãäžäººã ãã§ããã人äºè©äŸ¡ã«åé¡ããã£ã人ã ãšããã°ãéåžžã«ãªã¹ã¯ãé«ããšå€æããŸãã ãåœç¶ããã®ãããªããšã¯ITéšéã ãã§ã¯å®çŸã§ããŸããã人äºéšãç·åãšãã£ãéšéãšé£æºããããŒã¿ãæäŸããŠãããå¿ èŠããããŸãã人äºè©äŸ¡ãªã©æ©å¯æ§ã®é«ãæ å ±ã¯ãããŒã¿ãé£æºããåã«å å·¥ãããšãã£ãé æ ®ãå¿ èŠã«ãªããŸãã
ãã³ããŒäž»å¬ã®ã«ã³ãã¡ã¬ã³ã¹
ããã®ã«ã³ãã¡ã¬ã³ã¹ã¯Splunk瀟䞻å¬ã®ã«ã³ãã¡ã¬ã³ã¹ã§ããåœç¶ã§ãããåå è ã®ã»ãŒå šå¡ãSplunkã®ãŠãŒã¶ã«ãªããŸãããã®ãããåã»ãã·ã§ã³ã®å 容ãéåžžã«å ·äœçã§ãã»ãšãã©ã®ã»ãã·ã§ã³ã§å ·äœçãªSplunkã®ã³ãã³ãã玹ä»ãããŸãããé·å¹ŽSplunkã䜿ã£ãŠãã人ãã¡ã®ã³ãã³ãã«ã¯å€ãã®çºèŠããããéåžžã«åèã«ãªããŸããç§ã¯æ¯å¹ŽRSA Conferenceã«åå ããŠããŸãããRSA Conferenceã®ãããªæ¯èŒçäžç«çãªã«ã³ãã¡ã¬ã³ã¹ã§ã®ãã³ããŒã»ãã·ã§ã³ã¯ã¹ãã³ãµãŒãšããŠã®ã»ãŒã«ã¹ãããã®ããšãå€ãã®ã§ãé¿ããããã«ããŠããŸãããããããã³ããŒãäž»å¬ã®ã«ã³ãã¡ã¬ã³ã¹ã§ããªããã€åå è²»ãåã(ä»åã¯10äžå以äž)ãšãã«ã宣äŒã°ããã ã£ããäºåºŠãšæ¥ã人ã¯ããªãã§ãããããããã£ãæå³ã§ã¯ããã³ããŒäž»å¬ã®ã«ã³ãã¡ã¬ã³ã¹ã®è¯ããç¥ãããšãã§ããæ°ããçºèŠã ã£ããšèšãããšæããŸãã
ã©ã¹ãã¬ã¹ã®è¡
ãä»åã®ã«ã³ãã¡ã¬ã³ã¹ã¯ã©ã¹ãã¬ã¹ã®MGMã§éå¬ãããŸãããã©ã¹ãã¬ã¹ã¯ä»ãŸã§ãäœåºŠãè¡ã£ãããšã¯ããã®ã§ãããã©ãã奜ãã§ã¯ãããŸããã§ãããä»åãŸãã©ã¹ãã¬ã¹ã«è¡ã£ãŠããã®æããæ°ãã«ããŸããããã®çç±ã¯ãã©ã¹ãã¬ã¹ã«ã¯ç掻æãç¡ããããããããŸãããæ©ãåããç¯å²ã¯ãã¹ãŠã芳å 客åãã§ãåžžã«äœçºãæããããŸããã¡ã€ã³ã®ã«ãžãããå°çã¯åè² éãç¡ãèªèŠãããã®ã§åè² ããæ°ã«ãªãããã¡ãŸã¡ãŸã¹ãããããã£ãŠã¿ãããããŸããããæè¿ã¯ã¹ããããã¿ããªããžã¿ã«ã§ãã©ããã£ãŠãåãŠãæ°ãããŸãããããã§ã¯ããšã·ã«ã¯ããœã¬ã€ãŠã®KAãèŠãããããã®ã§ããããããããŸãçŽç·ã«è§Šãã...ãä»åã¯ä»äºã®é¢ä¿ããããçŸå°ã§ã¯3æ¥åã ãæ»åšãšããççž®ã¹ã±ãžã¥ãŒã«ã§åºåŒµããã®ã§ãããããã§ååã§ãããæ¥å¹ŽãSplunk.confã¯ã©ã¹ãã¬ã¹ã§éå¬ãããããã§ããã次åè¡ããšããŠãåããããã§ããããª...ã
å°ç