The Amazing Toolman - Mastering the tools and propose a hackable "Swiss Army ...
Vuls×deep security
1. ×
Vuls × Deep Security
Try to clear up high urgency vulnerability
Kazuki Nagasawa
09/26/2016
@Future Architect Inc.
2. Who am I ?
Kazuki Nagasawa
• Network and server engineer
at Future Architect, Inc.
フューチャーアーキテクト所属インフラエンジニア
(ほぼセールスエンジニアな、ITコンサルタント)
• Twitter : @kray0630
• github : kn0630
3. Vuls × Deep Security
Try to clear up high urgency vulnerability
Deep Security保護下でも残存する、
緊急度の高い脆弱性がサクッとわからないか試してみました。
4. With Vuls
Vulsで できること
Vulnerability in OS
(Linux,FreeBSD)
Vulnerability in some
middleware
Vulnerability in
some software
①Scan
Vulnerability management
before attacked
スキャン結果を元に対策することができる
The list of vulnerability scanned
②Output
5. With Deep Security
Deep Securityで できること
Vulnerability in OS
(Linux,FreeBSD)
Vulnerability in some
middleware
Vulnerability in
some software
Attack
Vulnerability management
when attacked
事前に設定された内容で、被攻撃時に自動的に防御することができる
Block
The list of vulnerability to block
6. With Vuls and Deep Security
VulsとDeep Securityを組み合わせると…
Vulnerability in OS
(Linux,FreeBSD)
Vulnerability in some
middleware
Vulnerability in
some software
Have to check which vulnerability
is not to be blocked
VulsのScan結果全てが、対策に急を要すものかは確認が必要となる
Attack Block
Same?
The list of vulnerability to block
The list of vulnerability scanned
7. The list of vulnerability to block
With Vuls and Deep Security
VulsとDeep Securityを組み合わせると…
Vulnerability in OS
(Linux,FreeBSD)
Vulnerability in some
middleware
Vulnerability in
some software
Have to check which vulnerability
is not to be blocked
VulsのScan結果全てが、対策に急を要すものかは確認が必要となる
Attack Block
The list of vulnerability scanned
Same?Let's check easily!!
サクッとチェックしちゃいましょう!
8. PythonSDK
For Deep Security APIs
The list of vulnerability to block
How to do
で、どういうことをやったのか
Vulnerability in OS
(Linux,FreeBSD)
Vulnerability in some
middleware
Vulnerability in
some software
The list (JSON format) of
vulnerability scanned
②Get the list of
all target to block with API
API経由でDSから保護可能リストを取得
①Get the list of
Vulnerability scanned
Vulsのスキャン結果を取得
※Python SDK for Deep Security APIs
https://github.com/deep-security/deep-security-py
③Compare two lists,
and output result
2つのリストを比較
9. Output
出力結果はこんなかんじ
①
②
③
① The list of vulnerability scanned by Vuls
Vulsでスキャンした結果の脆弱性リスト
② The number and severity of vulnerability
that blocked by Deep Security
Vulsスキャン結果の中で、Deep Securityで保護できるものとその深刻度
③ The number and severity of vulnerability
that not to be blocked by Deep Security
Vulsスキャン結果の中で、Deep Securityで保護できないものとその深刻度
10. Summary
まとめ
① With Deep Security API and Vuls,
we can check high urgency vulnerability
Deep Security APIの取得結果とVulsの出力結果から、対象の環境における
緊急度の高い脆弱性もわかる。
② Probably,Vuls can cooperate with other products in
the same way
Vulsと他のセキュリティ製品の組み合わせも、同じように連携できそう。
③ Deep Security APIs are surely convenient
Deep Security APIはめっちゃ便利。
※どうやら色々できそう。現状のポリシ設定も加味して・・・、とかしてみたい。
11. Thank you all for listening ! :)
Source code is available at Github
https://github.com/kn0630/vulssimulator_ds
※It’s refer to “deep-security/amazon-inspector”
https://github.com/deep-security/amazon-inspector